All geek questions in one place

No data returned when SSL is enabled for a REST server in a service module

I am running the LAMP stack on CentOS with Drupal 6 and the latest services module. Through HTTP, the REST server I'm working with works fine and behaves as expected.

When I installed the SSL certificate, I forced all port 80 traffic to 443 (SSL). This worked fine for Drupal, but caused the REST server to not return data. Naturally, I removed the power of SSL and allowed both HTTP and HTTPS.

I am testing through Fiddler, which when used to access the endpoint via HTTP returns the expected data. HTTPS testing I do not receive data. I need to make configuration changes to the REST server (i.e. I missed something in the documentation).

Thanks in advance for your support!

EDIT

To clearly show the difference, I made an anonymous POST request to the endpoint (it could be a GET request, the endpoint has no real methods, but thus returns a message to tell us that it still exists). I get an HTTP success message. However, HTTPS does not return any data. I showed it in the images below.

HTTP

enter image description here

Https

Request via HTTPS

.conf SSL Rule These lines are no longer used, but here to illustrate what I am doing.

#RewriteCond %{SERVER_PORT} !^443$ #RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Edit2:

I found something related in my Drupal forum http://drupal.org/node/704308

+4
source share
2 answers

What you are describing sounds suspiciously like one of these two:

  • Something is not listening on the port that it should listen on. If Apache sent a request for a broken socket, I would expect it to return an 500 error code, so the goal is to try to figure out where the message is going, which port your application is listening on, whether your REST application even supports handshaking HTTPS, and so on. .d.

  • Apache does not interpret your requests for port 443 in the same way that it interprets requests for port 80. It sounds a little suspicious because you say that Drupal runs over 443, and yet the material you wrote doesn’t generate headers at all - if Apache redirected your API requests to your Drupal application, you expected to at least see headers, 404, etc., when it could not correctly interpret the API requests.

Without further information, I'm not sure we can help.

+1
source

It's hard to say, in more detail, about how you force HTTPS, but I assume that it uses a redirect.

If so, it is not very useful and more likely to give you a false sense of security . If the client is configured to use HTTP, even if the server redirects it to HTTPS via redirection, the initial request is still performed over plain HTTP (before redirecting).

If your client is still configured to use the http:// URL (and you rely on a redirect to force it to use HTTPS), the redirected POST requests will lose their body (and will probably be GET, actually), see this answer . As a result, your queries will not work at all as you expected.

You must verify that your web service client uses https:// URLs and that any subsequence URLs you receive from the web service themselves also use https:// (or relative ones and that the client can stay on https).

EDIT:

One way to find out if a redirect problem occurs is to completely disable plain HTTP (without even using redirects), for example by commenting on Listen 80 in your Apache Httpd configuration. If this gets worse (for example, you receive messages that cannot connect), this is a stronger indication of the problem associated with incorrect redirection settings (as described above).

+2
source

Source: https://habr.com/ru/post/1402741/

More articles:


All Articles