2

I have a Wildfly behind a load balancer, the connection between them is always HTTP. The connection between the client and the load balancer can be HTTP or HTTPS.

The load balancer sets a header (X-Forwarded-Proto) to let the Wildfly know which protocol the client is using.

I'm trying to write an Undertow rule to redirect to HTTPS taking into account all the conditions above.

This is one of my more successful tries (this rule is written in the undertow-handlers.conf file and it's the only thing in that file):

regex('/(.*)') and regex(pattern='http',value='%{i,X-Forwarded-Proto}',full-match=true)-> redirect(https://server.com/${1})

When the client try to access an url like: http://server.com/myapp is redirected to https://server.com, but the path /myapp is missing.

How can I fix my Undertow rule to keep the full path?

Victor Henriquez
  • 1,399
  • 15
  • 26
  • I don't really know this Wildfly rule (written over Undertow) to apply some redirection, but would like to guess something that came into my mind while I was reading your question: is "regex('/(.*)')" supposed to match only the "relative path" or it will match the entire URL (e.g. "http://server.com/some_endpoint) ? – Miere Jun 15 '16 at 12:45
  • It matches only the relative path, I have used it in other scenarios and it works perfectly. But this is the first time I use a predicate with 2 regex conditions, I don't know if that could be a problem. – Victor Henriquez Jun 15 '16 at 12:52

1 Answers1

4

Try:

equals('http', %{SCHEME}) -> redirect(https://server.com/%U)

Or

equals('http', %{i,X-Forwarded-Proto}) -> redirect(https://server.com/%U)

Depending on if you have enabled proxy-address-forwarding in the HTTP listener (if you have undertow will automatically handle the X-Forwarded-Proto so it shows up under %{SCHEME}).

Stuart Douglas
  • 847
  • 5
  • 4