Re: mod_proxy ProxyPassReverse incorrectly adjusting Location header in redirect?

[Igor Cicimov <icicimov@xxxxxxxxx>]

Where did you get the idea that you can mix protocols in the reverse proxy commands from?

This makes sense:

  ProxyPass / http://internal.example.com/
  ProxyPassReverse / http://internal.example.com/ 

This doesn't:

  ProxyPass / https://internal.example.com/
  ProxyPassReverse / http://internal.example.com/ 

On Thu, Apr 12, 2012 at 2:11 AM, Charlie Katz <ckatz@xxxxxxxxxxxxxxx> wrote:

Hi, as an interim solution in an internal reorganization of server resources, I
want to use mod_proxy as a reverse proxy to move the entire functionality of a
public-facing server (www.example.com) to an internal server
(internal.example.com).  (configuration at end)

https is used in this site only for logging in, after which a 302 redirect is
issued pointing to http://www.example.com/home.html, and the session continues
through http.  I am having trouble getting ProxyPassReverse to rewrite the
Location header in the redirect properly.

Here's the sequence:
-client sends POST login credentials to https://www.example.com/login.html
-request is proxied by https://www.example.com to
https://internal.example.com/login.html
-login succeeds, respond with 302 redirect to
http://internal.example.com/home.html
-reply goes to https://www.example.com
- ******** ProxyPassReverse rewrites the Location header
from http://internal.example.com/home.html to https://www.example.com/home.html
-reply received by client, which acts on the redirect

The starred ******* step is what is going wrong, as the proxy is changing the
http to https despite the explicit "ProxyPassReverse /
http://internal.example.com" line.

I have tried many different tweaks to the configuration, but I always find that
the header is rewritten back to https despite my explicitly specifying http in
the response.

I feel like I must be misunderstanding something here.  Can anyone help me
untangle it?

Regards,
Charlie Katz



configuration on www.example.com
<VirtualHost _default_:80>
  ProxyRequests off
  ProxyPass / http://internal.example.com/
  ProxyPassReverse / http://internal.example.com/
  ProxyPassReverse / https://internal.example.com/
  ProxyPassReverseCookieDomain internal.example.com www.example.com
</VirtualHost>

<VirtualHost _default_:443>
  SSLProxyEngine on

  ProxyRequests off
  ProxyPass / https://internal.example.com/
  ProxyPassReverse / http://internal.example.com/
#  ProxyPassReverse / https://internal.example.com/  # same behavior with or
without this line
  ProxyPassReverseCookieDomain internal.example.com www.example.com
</VirtualHost>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx