Re: Forcing SSL encryption (a.k.a. 'redirect' keyword not recognised)

From: Willy Tarreau <w#1wt.eu>
Date: Sun, 12 Apr 2009 12:42:41 +0200


Hi,

On Tue, Apr 07, 2009 at 11:05:16AM +0300, John Doe wrote:
> Hi
>
> >> For some reason
> >> acl stunnel src 10.0.0.0/8 doesn't seem to work (with version
> 1.3.15.8).
> >
> >That's not expected at all. Are you sure you were not mixing up with
> another
> >problem ? Could you please retest with 1.3.17 ?
>
> I did the re-test using 1.3.17 and I can confirm that the following
> configuration doesn't function as expected (i.e. the traffic is not
> redirected into https):
> acl stunnel src 10.0.0.0/8
> redirect prefix https://10.0.0.220 unless stunnel
>
> but this works OK:
> acl stunnel src 10.0.0.220/32
> redirect prefix https://10.0.0.220 unless stunnel
>
> No other modifications were made. Hope you can sort it out even though it is
> no biggie for me.

Well, I have tried here and it works as expected for me with /8 : if the source is any address in 10.0.0.0/8, it is not redirected, otherwise it is.

Maybe your clients are local and in 10.0.0.0/8 too ?

Willy Received on 2009/04/12 12:42

This archive was generated by hypermail 2.2.0 : 2009/04/12 12:45 CEST