Crazy HTTPS Forwarding Issue



  • Here's the sitch:  Port 443 forwarded from a WAN virtual IP to a Pound Proxy server in the DMZ.  Pound then reverse proxies to a backend apache server on port 80.  The URL for the application is something like https://myapplication.com/directory1/directory2/login.php.  When working properly, browsing to https://myapplication.com goes right to the full URL due to a "RedirectMatch ^/$ /directory1/" setup in apache.  I have ruled out any Pound issues because everything works fine if you go to the Pound front end directly.  Without the firewall, life is good.

    So, the issue comes when accessing the shorter https://myapplication.com URL through pfSense, the browser just hangs until it times out.  If you type the longer https://myapplication.com/directory1/ URL it works fine and all subsequent browsing of the site also works.  The ONLY issue is the initial connection to the short URL.

    Told you it was crazy!  Any and all sugestions are appreciated!!

    Currently running 1.2.2 but also confirmed the same behavior in 1.2.3



  • One more quick data point.  If I revert the connection to http vs. https, everything works fine with the short URL through the pfSense.  That darn security stuff always gets in the way of productivity! ;)



  • The firewall doesn't care what URL you're going to, and doesn't even know, it can't see the HTTPS traffic. Has to be something on your web server or reverse proxy that's different with the firewall in place.


Log in to reply