RE: [users@httpd] Rewrite / reverse proxy question

[Axel-Stéphane SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx>]

Pardon my ignorance, but what is that tilde (~) stuff doing in the RewriteRule ??

 

Regarding the HTTP responses to HTTPS requests, that is just not possible.

 

What is possible though, is that a page received in response to a HTTPS request contains absolute URLs in links (i.e. prepended with method and host e.g http://my.foo.bar/), and that the method of that absolute URL is HTTP. Take a look at the HTML returned by the server in order to establish whether this is the case. Another possibility is that the exchange server issues redirects to HTTP URLs although the ProxyPassReverse should have taken care of that. You need to examine the Location header of possible redirects (HTTP 302). I mad a connection to our own exchange server and I observe that I receive one redirect to an absolute URL just after the authentication.

 

You do need to find out a little more about exactly what is happening. There is a plugin for FireFox that allows you to browse the contents of headers exchanged between client and server: Live HTTP Headers. If you are using MSIE you may consider purchasing HTTPWatch. A sniffer will not do any good in your case since you are using SSL. You may also consider using Burp Proxy.

 

-ascs

---

From: Gary W. Smith [mailto:gary@xxxxxxxxxxxxxxx]
Sent: Thursday, July 28, 2005 7:26 AM
To: users@xxxxxxxxxxxxxxxx; users@xxxxxxxxxxxxxxxx; users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Rewrite / reverse proxy question

We've been running the section of code below for some while to proxy to an exchange server behind the wall.  The problem recently has been SSL.  For a variety of reasons we have SSL and non SSL connections.  After implementing the SSL cert on the servers we ran into a problem with the return data being http as opossed to https.  This makes sense because of the proxy config.  The question now is can we do both SSL and non-SSL on a proxy request?

 

Below is the config file.  Also, neither rewrites seem to work.  Is there anything that I'm doing obviously wrong?

 

 

RewriteEngine on

RewriteRule ^/~/[Ee]xchange /exchange/ [R]

# This doesn't seem to work either

#RewriteRule ^/~/exchange/i /exchange/ [R]

ProxyRequests Off

ProxyPreserveHost On

ProxyPass /exchange http://10.41.63.12/exchange

ProxyPassReverse /exchange http://10.41.63.12/exchange

ProxyPass /exchweb http://10.41.63.12/exchweb

ProxyPassReverse /exchweb http://10.41.63.12/exchweb

ProxyPass /public http://10.41.63.12/public

ProxyPassReverse /public http://10.41.63.12/public

---

From: Gary W. Smith [mailto:gary@xxxxxxxxxxxxxxx]
Sent: Mon 6/13/2005 2:39 PM
To: users@xxxxxxxxxxxxxxxx; users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Rewrite / reverse proxy question

This will work just fine.  Thanks.  I would redirect / to Exchange normally but it actually sends them somewhere else right now. 

 

Gary

---

From: Axel-Stéphane SMORGRAV [mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx]
Sent: Mon 6/13/2005 12:49 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Rewrite / reverse proxy question

What about this:

 

If the URL does not start by /[Ee]xchange the user is redirected to /Exchange... I also suggest that if the user requests the root path /, he gets redirected to /Exchange

 

RewriteRule ^/$ /Exchange [R]

 

RewriteCond $1 !^/[Ee]xchange

RewriteRule (.*) /Exchange [R]

 

The above rules imply that the only path accessible through the reverse proxy will be one prefixed with /Exchange.

 

-ascs

---

From: Gary W. Smith [mailto:gary@xxxxxxxxxxxxxxx]
Sent: Friday, June 10, 2005 8:58 PM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Rewrite / reverse proxy question

Hello,

 

We are using reverse proxy an exchange server behind the firewall.  So far everything works fine but I wanted to put a rewrite script in place in the event they users don't type /Exchange/ and do something like /exchange (missing case and backslash).  Can anyone assist on creating the rewrite rule for this?

 

Thanks,

 

Gary Smith