Re: ProxyPass ! directive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

thanks for your help. i don't think the problem is the syntax of the configuration. i have submitted a bug on bz.apache.org and have already been in communication with a developer there who has helped me figure it out. in case it helps someone else it looks like it might be a clash with mod_rewrite 

On 13/03/2017 14:46, Filipe Cifali wrote:

The docs say you should use

<Location "/.well-known/">
ProxyPass "!"
</Location>

Or

ProxyPass "/.well-known/" "!"
I do think the second one is more clear, but they both use double quotes on the ! marker, have you tried to put the double quotes? 

BUT reading a bit more I found this:
For the same reasons, exclusions must come /before/ the general |ProxyPass| directives. In 2.4.26 and later, the "no-proxy" environment variable is an alternative to exclusions, and is the only way to configure an exclusion of a |ProxyPass| directive in |Location <https://httpd.apache.org/docs/2.4/mod/core.html#location>| context. This variable should be set with |SetEnvIf <https://httpd.apache.org/docs/2.4/mod/mod_setenvif.html#setenvif>|, as |SetEnv <https://httpd.apache.org/docs/2.4/mod/mod_env.html#setenv>| is not evaluated early enough. 

So, considering your configuration, I would write as:

w/o a Location block inside the virtualhost block:

ProxyPass "/.well-known/" "!"
ProxyPass "/" ajp://localhost:8010/

I use this kind of setup to deal w/ nodejs apps:

ProxyRequests Off
<Proxy *>
    Order deny,allow
    allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass /app1 http://server_ip:node_port1/ retry=0
ProxyPassReverse /app2 http://server_ip:node_port1/

ProxyPass / http://server_ip:node_port2/ retry=0
ProxyPassReverse / http://server_ip:node_port2/

and I don't get requests from app1 to app2
On Mon, Mar 13, 2017 at 9:39 AM, Matthew Broadhead <matthew.broadhead@xxxxxxxxxxxx <mailto:matthew.broadhead@xxxxxxxxxxxx>> wrote: 

    hi,
    i know this is a community list but i have had this problem for a
    long time and it seems really fundamental.  is there any way i can
    get some help on this?  shall i file a bug report at JIRA or
    something?


    On 10/03/2017 17:43, Matthew Broadhead wrote:

        i moved the LogLevel directive to httpd.conf and now i get this
        [Fri Mar 10 16:41:21.491354 2017] [proxy:debug] [pid 18744]
        proxy_util.c(1936): AH00931: initialized single connection
        worker in child 18744 for (*)
        [Fri Mar 10 16:41:21.496525 2017] [proxy:debug] [pid 18745]
        proxy_util.c(1885): AH00927: initializing worker proxy:reverse
        local
        [Fri Mar 10 16:41:21.496580 2017] [proxy:debug] [pid 18745]
        proxy_util.c(1936): AH00931: initialized single connection
        worker in child 18745 for (*)
        [Fri Mar 10 16:41:21.497679 2017] [proxy:debug] [pid 18746]
        proxy_util.c(1843): AH00925: initializing worker proxy:reverse
        shared
        [Fri Mar 10 16:41:21.497709 2017] [proxy:debug] [pid 18746]
        proxy_util.c(1885): AH00927: initializing worker proxy:reverse
        local
        [Fri Mar 10 16:41:21.497735 2017] [proxy:debug] [pid 18746]
        proxy_util.c(1936): AH00931: initialized single connection
        worker in child 18746 for (*)
        [Fri Mar 10 16:41:21.498734 2017] [proxy:debug] [pid 18747]
        proxy_util.c(1843): AH00925: initializing worker proxy:reverse
        shared
        [Fri Mar 10 16:41:21.503525 2017 <tel:503525%202017>]
        [proxy:debug] [pid 18747] proxy_util.c(1885): AH00927:
        initializing worker proxy:reverse local
        [Fri Mar 10 16:41:21.503572 2017 <tel:503572%202017>]
        [proxy:debug] [pid 18747] proxy_util.c(1936): AH00931:
        initialized single connection worker in child 18747 for (*)
        [Fri Mar 10 16:41:21.504645 2017 <tel:504645%202017>]
        [proxy:debug] [pid 18748] proxy_util.c(1843): AH00925:
        initializing worker proxy:reverse shared
        [Fri Mar 10 16:41:21.504673 2017 <tel:504673%202017>]
        [proxy:debug] [pid 18748] proxy_util.c(1885): AH00927:
        initializing worker proxy:reverse local
        [Fri Mar 10 16:41:21.504698 2017 <tel:504698%202017>]
        [proxy:debug] [pid 18748] proxy_util.c(1936): AH00931:
        initialized single connection worker in child 18748 for (*)
        [Fri Mar 10 16:41:21.508263 2017 <tel:508263%202017>]
        [proxy:debug] [pid 18749] proxy_util.c(1843): AH00925:
        initializing worker proxy:reverse shared
        [Fri Mar 10 16:41:21.508293 2017 <tel:508293%202017>]
        [proxy:debug] [pid 18749] proxy_util.c(1885): AH00927:
        initializing worker proxy:reverse local
        [Fri Mar 10 16:41:21.508321 2017 <tel:508321%202017>]
        [proxy:debug] [pid 18749] proxy_util.c(1936): AH00931:
        initialized single connection worker in child 18749 for (*)
        [Fri Mar 10 16:41:21.510407 2017 <tel:510407%202017>]
        [proxy:debug] [pid 18750] proxy_util.c(1843): AH00925:
        initializing worker proxy:reverse shared
        [Fri Mar 10 16:41:21.510425 2017 <tel:510425%202017>]
        [proxy:debug] [pid 18750] proxy_util.c(1885): AH00927:
        initializing worker proxy:reverse local
        [Fri Mar 10 16:41:21.510444 2017 <tel:510444%202017>]
        [proxy:debug] [pid 18750] proxy_util.c(1936): AH00931:
        initialized single connection worker in child 18750 for (*)
        [Fri Mar 10 16:41:21.511463 2017] [proxy:debug] [pid 18751]
        proxy_util.c(1843): AH00925: initializing worker proxy:reverse
        shared
        [Fri Mar 10 16:41:21.511479 2017] [proxy:debug] [pid 18751]
        proxy_util.c(1885): AH00927: initializing worker proxy:reverse
        local
        [Fri Mar 10 16:41:21.511496 2017] [proxy:debug] [pid 18751]
        proxy_util.c(1936): AH00931: initialized single connection
        worker in child 18751 for (*)
        but it doesn't seem to show anything

        On 10/03/2017 17:37, Matthew Broadhead wrote:

            i also added this in the virtual host
            LogLevel info proxy:debug
            but it makes no difference to the output in error_log

            On 10/03/2017 16:48, Eric Covener wrote:

                On Fri, Mar 10, 2017 at 10:43 AM, Matthew Broadhead
                <matthew.broadhead@xxxxxxxxxxxx
                <mailto:matthew.broadhead@xxxxxxxxxxxx>> wrote:

                    yes it is definitely because of that line.  i also
                    just tried
                    <Location "/">
                    ProxyPass ajp://www.nbmlaw.co.uk:8010/
                    <http://www.nbmlaw.co.uk:8010/>
                    </Location>
                    <Location "/.well-known/">
                    ProxyPass !
                    </Location>
                    and that has exactly the same effect


                That syntax is known to not work. Once you proxy
                within <location, it
                cannot be undone with any !


            ---------------------------------------------------------------------
            To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
            <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
            For additional commands, e-mail:
            users-help@xxxxxxxxxxxxxxxx
            <mailto:users-help@xxxxxxxxxxxxxxxx>



        ---------------------------------------------------------------------
        To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
        <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
        For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
        <mailto:users-help@xxxxxxxxxxxxxxxx>


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
    <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
    For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
    <mailto:users-help@xxxxxxxxxxxxxxxx>




--
[ ]'s

Filipe Cifali Stangler


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux