Off Topic – SSL Reverse Proxy And Mixed Content
Hi,
Not a CentOS specific issue, but I am a bit stuck as where I might ask for help so if anyone has any ideas please share :)
I have a site that I want to work behind a reverse proxy (httpd) if using http:// everything works as expected. If using https:// some content is displayed but some content is blocked because of stylesheets and etc being requested via http rather https.
I know that the long term solution should be to get all code changed so that it references
//myserver/resource or /resource rather than http://myserver/resource but is there anything I can do with httpd to get this working until these changes are made ?
Thanks for any suggestions. Below is my current VirtualHost config
ProxyRequests On
ProxyPreserveHost On
ProxyTimeout 300
Order allow,deny
Allow from all
ProxyPass / http://myserver/
ProxyPassReverse / http://myserver/
2 thoughts on - Off Topic – SSL Reverse Proxy And Mixed Content
I don’t think so. It sounds like the “block” you’re describing is client-side. Your browser, by default, may block mixed content.
Otherwise, if you have working reverse proxies for http and https, there shouldn’t be a problem.
That is a severe security problem. In a reverse proxy setup, ProxyRequests should be off, and the Proxy allow/deny section isn’t needed at all.
Morning, thanks for the feedback. As far as I can see most browsers are now blocking Mixed Content by default
Thanks for spotting the ProxyRequests On, I knew this was supposed to be Off but obliviously made a typo and didn’t spot it. Now to go and double check that I haven’t done this other places that I
shouldn’t.