We have an external Apache server that proxies a https url to an internal http site
<VirtualHost *:443>
ServerName external.domain
ServerAlias www.external.domain
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / http://internal.domain/
ProxyPassReverse / http://internal.domain/
<various ssl cert stuff>
</VirtualHost>
However, the trouble is the internal site returns addresses for css / js with http
When viewing the site externally through the proxy, the response gives back link href or script src addresses that only have http in them, causing the external client to complains about mixed mode content for the css/js files (or just not load them)
So from the internal site you get links for:
<link href="http://internal.domain/stylesheet.css" rel="stylesheet" />
<script src="http://internal.domain/script.js"></script>
which get converted back through the proxy as:
<link href="http://external.domain/stylesheet.css" rel="stylesheet" />
<script src="http://external.domain/script.js"></script>
which only changes the domain back to the external one, but not the http back to https
This, then, causes browser errors such as:
Mixed Content: The page at 'https://external.domain/' was loaded over HTTPS, but requested an insecure stylesheet 'http://external.domain/stylesheet.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://external.domain/' was loaded over HTTPS, but requested an insecure script 'http://external.domain/script.js'. This request has been blocked; the content must be served over HTTPS.
I think Azure enterprise Application Proxy has an option to 'translate urls in application body' that does a similar thing, but I'm not sure how to achieve that in Apache
I've tried using these options to no avail:
Header edit Location ^http: https:
RequestHeader set X-Forwarded-Protocol "https"
But, I'm not sure it's the Headers I need to change, rather, I need a translation in the response
Is there a way to translate these links/refs from http to https in the initial response so the external client only sees https for this domain, and is none the wiser?
FOR clarity To be clear, this question is not the same as How to handle relative urls correctly with a reverse proxy, as there is no relative path issue, and this is dealing with the response from the server to the client, rather than how to handle incoming requests. The initial response back through the proxy not having translated http links back to https to the client and avoiding the client from blocking them due to mixed content.
If this question is still marked as duplicate/similar and you've come here looking for how to modify the response be aware that only answer Five-B from the other question answers this question.
