Re: SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com249.817.407

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

first of all thanks for you quick response!

The loop is continuously giving the message "One moment please, you are being redirected". And this is the message which is displayed when the request is proxied from Apache to the Perl webserver.

I'm using the LA because I don't make use of an .htaccess file. So the rewrite configuration I have posted is located in below file:

/etc/httpd/conf.d/zzzz_app_sso.conf

Or isn't that correct?

This is an assumption I made based on the information in https://httpd.apache.org/docs/current/mod/mod_rewrite.html

Maybe also worth mentioning, my proxy config is in a file which is picked up earlier:

cat /etc/httpd/conf.d/zzz_app.conf
<Location />
    # Pass the HTTP protocol request header to the backend server if SSL is inactive.
    RequestHeader set "X-Forwarded-Proto" "http" env=!HTTPS
    ProxyPass http://localhost:8080/ retry=1 acquire=3000 timeout=6000 Keepalive=On
</Location>
<Location /websocket>
    ProxyPass ws://localhost:8080/websocket
</Location>

Kind regards,

Michael

----- Origineel bericht: com249.798.077 ---------------------------------

From: Eric Covener (covener@xxxxxxxxx)
To: users@xxxxxxxxxxxxxxxx
Copy: michael.huys@xxxxxxxxxxxxxxxx
Subject: Re: SSO Kerberos REMOTE_USER RewriteRule Endless Loop for Certain users com249.796.781
Date: 03 december 2019 (13:49)

 
> RewriteEngine on
> RewriteCond %{LA-U:REMOTE_USER} (.+)
> RewriteRule . - [E=RU:%1,NS]
> RequestHeader set REMOTE_USER "%{RU}e" env=RU
> RequestHeader set REMOTE_USER_SECRET "*************"
> </Location>

Any more details on the looping behavior? The rewrites don't make a
substitution much less a redirect so it doesn't fit the usual pattern.

It is also a bit odd that look-ahead is used here. %{REMOTE_USER}
should be directly accessible to the rewritecond when it's used inside
<location> context (this has a side effect of delaying the evaluation,
and it's after authentication). I guess there is some slight chance
that removing some of this look-ahead complexity could even help your
symptom?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
 



Dit bericht is onderworpen aan de voorwaarden beschikbaar op onze website

Ce message est soumis aux conditions disponibles sur notre site web

This message is subject to the terms and conditions available on our website

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux