Re: [users@httpd] Apache Reverse Proxy / Redirect Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One other thing... you may notice in the headers that the Server header says Microsoft-IIS/5.0... this is because I have changed the server identity through the following directive:

Header always set Server "Microsoft-IIS/5.0"

I don't think is poses a problem... Just doing some basic things to secure the box.

Thanks,
Dnaiel

Daniel Silva wrote:
Owen,

Sorry about the HTML, I was using Outlook Web Access, which doesn't let you choose plaintext as a formatting option. I had to create an account on my own private web server just to post in plaintext. Again, sorry, I didn't know it was HTML.

Before I get into the directives, I have changed the domain names and ports... where backend or gateway are used in directived, I am using the actual domain name for that server.

Here are the mod_proxy rules I am using on the gateway server:

~~~

<Location /vqwiki-2.7.1>
    ProxyPass http://backend:4080/vqwiki-2.7.1/
    ProxyPassReverse http://backend:4080/vqwiki-2.7.1/
    SSLRequireSSL
</Location>

~~~

Here are the mod_rewrite rules I was using in a virtual host on port 80, when I was trying to re-write http to https requests:

~~~

Listen 0.0.0.0:80

<VirtualHost _default_:80>
SSLEngine Off
        Redirect / https://gateway/
        RewriteEngine on
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>

ServerName gate.platinumsolutions.com:80
UseCanonicalName Off

~~~

There are more directives, the ssl-specific ones are in a separate conf file. Let me know if you need to see anything from there.

I have one more thing for you... the headers on the redirect request (from LiveHTTPHeaders extension on Firefox). You'll notive in the 302 response headers that the Location header has http:// instead of https://... this is the matter that is driving me crazy and am trying to solve. Here they are:

~~~

https://gateway/vqwiki-2.7.1/jsp/test2.jsp?action=redirect

GET /vqwiki-2.7.1/jsp/test2.jsp?action=redirect HTTP/1.1
Host: gateway
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://gateway/vqwiki-2.7.1/jsp/test.jsp
Cookie: username=Daniel Silva; JSESSIONID=5A37231975613F6D24D4B2B48F7EBB6B; JSESSIONIDSSO=7083BB840927C2DC40255E36808997E1
Authorization: Basic ZHNpbHZhOmQ0bnMxbHZh

HTTP/1.x 302 Moved Temporarily
Date: Thu, 07 Apr 2005 00:26:16 GMT
Server: Microsoft-IIS/5.0
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Location: http://gateway/vqwiki-2.7.1/jsp/test.jsp?action=redirect
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 0

~~~

I hope this extra info will make things more clear.

Regards,
Daniel


------------------------------------------------------------------------
*From:* Boyle Owen [mailto:Owen.Boyle@xxxxxxx]
*Sent:* Wed 2005-04-06 11:51
*To:* users@xxxxxxxxxxxxxxxx
*Subject:* RE: [users@httpd] Apache Reverse Proxy / Redirect Issue

Plain text please...

Then post the relevant rewrite rules from your config (not much can be done/said without them).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

-----Original Message-----
From: Daniel Silva [mailto:dsilva@xxxxxxxxxxxxxxxxxxxxx]
Sent: Mittwoch, 6. April 2005 16:09
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Apache Reverse Proxy / Redirect Issue


Hello everybody. I am new here, was hoping to post a problem I am having, would love to hear some input. I've been dealing with this problem for a while now and it's driving me nuts, haven't been able to find the problem.

I have a gateway server that is running OpenBSD and Apache 2 and is set up with mod_ssl and mod_proxy. The only listen port is 443. I have it configured so that a bunch of requests are handled by a backend server, running on port 4080. Something like https://gateway/resourceA maps to http://backendserver:4080/resourceA. I have ProxyPass to handle requests, and ProxyPassReverse to handle the redirects. However, ProxyPassReverse doesn't seem to be doing it's job, because redirects are not working properly.

Let me explain what I mean. Let's say, for example, that resourceA/test1.html redirects in the backend server to resourceA/test2.html. When I request https://gateway/resourceA/test1.html, I would expect to get https://gateway/resourceA/test2.html. However, instead what happens is that the redirect generates a request on port 80, or http://gateway/resourceA/test2.html. This, of course, times out because my Apache instance on my gateway server is not listening on port 80, nor is my firewall allowing communication on port 80 to this gateway server.

I tried opening up port 80 on my firewall, listening on port 80, and writing some mod_rewrite directives to redirect requests on http:// to https://. This does not work. The redirect generated is still for port 80 (it is not getting re-written to https), and of course it can't find any such resource on the gateway server, so I get a 403 back (which is odd, I would have expected 404, but I am getting a forbidden HTTP code back).

I suspect this has to do with how I am setting up the servername directive. Right now I have it set up as gateway:80 (I am using the actual domain, not the word 'gateway' but the actual domain is not important). If I change it to gateway:443, I get a bunch of errors logged that say "warning: running http over an https port" or something like that.

I don't know if I've said enough to characterize the problem. I've searched the net and usenet groups up and down looking for an answer, but I've yet to find a solution. Please help!!

Thanks,
Daniel

--
Daniel A. Silva
Senior Consultant, PlatinumSolutions, Inc.
PH: 703.471.9793 FAX: 703.471.7140

daniel.silva@xxxxxxxxxxxxxxxxxxxxx

http://www.platinumsolutions.com

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.

Diese E-mail ist eine private und persnliche Kommunikation. Sie hat keinen Bezug zur B rsen- bzw. Geschftst tigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le prsent e-mail est un message priv et personnel, sans rapport avec l'activit boursi re du Groupe SWX.


This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender’s company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender’s company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux