Re: Consolidate multiple <Location>s

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

That format got even worse feedback and I would too :-). Lets try this one.

ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3
<Location /confluencenode1>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>
<Location /confluencenode2>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>
<Location /confluencenode3>
    # Paths to bypass SSO
    #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
    #    Satisfy Any
    #</If>
    <If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
        Satisfy Any
    </If>
    Order allow,deny
    Allow from all
    AuthType Shibboleth
    Header set X-Forwarded-Proto "https"
    ShibUseHeaders On
    ShibRequestSetting requireSession true
    <RequireAny>
      Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
      Require shib-attr AppAuth true
    </RequireAny>
</Location>


On Tue, May 18, 2021 at 3:33 PM <vadud3@xxxxxxxxx> wrote:
Sorry the output was not clean. Trying a different format
  1. ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
  2. ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1
  3. ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
  4. ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2
  5. ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
  6. ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3
  8. <Location /confluencenode1>
  9. # Paths to bypass SSO
  10. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
  11. # Satisfy Any
  12. #</If>
  13. <If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
  14. Satisfy Any
  15. </If>
  16. Order allow,deny
  17. Allow from all
  18. AuthType Shibboleth
  19. Header set X-Forwarded-Proto "https"
  20. ShibUseHeaders On
  21. ShibRequestSetting requireSession true
  22. <RequireAny>
  23. Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
  24. Require shib-attr AppAuth true
  25. </RequireAny>
  26. </Location>
  27. <Location /confluencenode2>
  28. # Paths to bypass SSO
  29. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
  30. # Satisfy Any
  31. #</If>
  32. <If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
  33. Satisfy Any
  34. </If>
  35. Order allow,deny
  36. Allow from all
  37. AuthType Shibboleth
  38. Header set X-Forwarded-Proto "https"
  39. ShibUseHeaders On
  40. ShibRequestSetting requireSession true
  41. <RequireAny>
  42. Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
  43. Require shib-attr AppAuth true
  44. </RequireAny>
  45. </Location>
  46. <Location /confluencenode3>
  47. # Paths to bypass SSO
  48. #<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
  49. # Satisfy Any
  50. #</If>
  51. <If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
  52. Satisfy Any
  53. </If>
  54. Order allow,deny
  55. Allow from all
  56. AuthType Shibboleth
  57. Header set X-Forwarded-Proto "https"
  58. ShibUseHeaders On
  59. ShibRequestSetting requireSession true
  60. <RequireAny>
  61. Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
  62. Require shib-attr AppAuth true
  63. </RequireAny>
  64. </Location>

So I like to see if I can get only one Location stanza with only one REQUEST_URI and maybe one ProxyPass and one ProxyPassReverse for all three nodes

On Tue, May 18, 2021 at 2:29 PM <vadud3@xxxxxxxxx> wrote:
Hi All,

I have this config and it works fine. Looking for a way to consolidate it. I tried few things and no success yet.

ProxyPass /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPassReverse /confluencenode1 http://nodecnf001:8092/confluencenode1
ProxyPass /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPassReverse /confluencenode2 http://nodecnf002:8092/confluencenode2
ProxyPass /confluencenode3 http://nodecnf003:8092/confluencenode3
ProxyPassReverse /confluencenode3 http://nodecnf003:8092/confluencenode3
<Location /confluencenode1>
# Paths to bypass SSO
#<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
# Satisfy Any
#</If>
<If "%{REQUEST_URI} =~ m#^/(confluencenode1/rest/|confluencenode1/s/).*#">
Satisfy Any
</If>
Order allow,deny
Allow from all
AuthType Shibboleth
Header set X-Forwarded-Proto "https"
ShibUseHeaders On
ShibRequestSetting requireSession true
<RequireAny>
Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
Require shib-attr AppAuth true
</RequireAny>
</Location>
<Location /confluencenode2>
# Paths to bypass SSO
#<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
# Satisfy Any
#</If>
<If "%{REQUEST_URI} =~ m#^/(confluencenode2/rest/|confluencenode2/s/).*#">
Satisfy Any
</If>
Order allow,deny
Allow from all
AuthType Shibboleth
Header set X-Forwarded-Proto "https"
ShibUseHeaders On
ShibRequestSetting requireSession true
<RequireAny>
Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
Require shib-attr AppAuth true
</RequireAny>
</Location>
<Location /confluencenode3>
# Paths to bypass SSO
#<If "%{REQUEST_URI} =~ m#^/confluence\/rest\/#">
# Satisfy Any
#</If>
<If "%{REQUEST_URI} =~ m#^/(confluencenode3/rest/|confluencenode3/s/).*#">
Satisfy Any
</If>
Order allow,deny
Allow from all
AuthType Shibboleth
Header set X-Forwarded-Proto "https"
ShibUseHeaders On
ShibRequestSetting requireSession true
<RequireAny>
Require shib-attr AuthType "standard, x509, securePlus2, securePlus3, piv"
Require shib-attr AppAuth true
</RequireAny>
</Location>

Thanks

--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux