Off Topic – SSL Reverse Proxy And Mixed Content

Home » CentOS » Off Topic – SSL Reverse Proxy And Mixed Content
CentOS 2 Comments

Hi,

Not a CentOS specific issue, but I am a bit stuck as where I might ask for help so if anyone has any ideas please share :)

I have a site that I want to work behind a reverse proxy (httpd) if using http:// everything works as expected. If using https:// some content is displayed but some content is blocked because of stylesheets and etc being requested via http rather https.

I know that the long term solution should be to get all code changed so that it references
//myserver/resource or /resource rather than http://myserver/resource but is there anything I can do with httpd to get this working until these changes are made ?

Thanks for any suggestions. Below is my current VirtualHost config

ProxyRequests On
ProxyPreserveHost On
ProxyTimeout 300

Order allow,deny
Allow from all

ProxyPass / http://myserver/
ProxyPassReverse / http://myserver/

2 thoughts on - Off Topic – SSL Reverse Proxy And Mixed Content

  • I don’t think so. It sounds like the “block” you’re describing is client-side. Your browser, by default, may block mixed content.

    Otherwise, if you have working reverse proxies for http and https, there shouldn’t be a problem.

    That is a severe security problem. In a reverse proxy setup, ProxyRequests should be off, and the Proxy allow/deny section isn’t needed at all.

  • Morning, thanks for the feedback. As far as I can see most browsers are now blocking Mixed Content by default

    Thanks for spotting the ProxyRequests On, I knew this was supposed to be Off but obliviously made a typo and didn’t spot it. Now to go and double check that I haven’t done this other places that I
    shouldn’t.

LEAVE A COMMENT