RE: [users@httpd] mod_proxy/mod_proxy_html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Axel. I added 
ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp
to httpd.conf as you suggested and installed LiveHttpHeaders. Here is what I see
- First I try to access my application:
#request# GET https://extranet.hendrickson-intl.com/wcs/mainMenu.html;jsessionid=78C32801769F0E5E3E3ACD4734453D28
- which takes me to the login screen
#request# GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check
- After successful login, it redirects me to the application
#request# GET http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and I see following headers
GET /wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc HTTP/1.1
Host: extranet.hendrickson-intl.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Accept-Encoding: gzip,deflate

- At this time, I see redirect:
HTTP/1.x 302 Moved Temporarily
Date: Wed, 10 Aug 2005 14:33:39 GMT
Server: Apache-Coyote/1.1
Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Content-Length: 0
Content-Type: text/plain
So, my browser tries to connect to the internal host
#request# GET https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and fails.

Is there anything else I am missing. I should point out that in my httpd.conf, I am using reverse proxy
for more than one applications. Here is my config again:

    # single-sign-on directives
    ProxyPass /cas https://wd-cassrv1:8443/cas
    ProxyPassReverse /cas https://wd-cassrv1:8443/cas
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/cas	/cas

    # application directives
    ProxyPass /wcs http://wd-prtlsrv1:8080/hendrickson/
    ProxyPassReverse /wcs/ http://wd-prtlsrv1:8080/hendrickson/
    # I just added following based on your suggestion:
    ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/hendrickson 	/wcs/

Regards,
Shahzad Bhatti
Integrated Software Specialists
http://www.issintl.com
1901 North Roselle Road, Suite 450
Schaumburg, IL 60195
Phone: 847-558-5342
Fax: 847-240-5073






-----Original Message-----
From: Axel-Stéphane SMORGRAV
[mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx]
Sent: Wednesday, August 10, 2005 1:39 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


Does your SSO application redirect to 

1. https://wd-cassrv1:8443/myapp, or 
2. http://extranet.myserver.com/MyApp ??

In case 1 you would need to add an extra ProxyPassReverse:

ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp

It is ProxyPassReverse that modifies Location headers in HTTP 302 responses.

You may have a perfectly good reason to use mod_proxy_html, but remember that it's use implies parsing of the entire HTML contents returned by the proxy in order to rewrite the links within the HTML.

I believe that although hostnames are case insensitive, URL paths are, at least on Unix.

I would recommend you use LiveHTTPHeaders (Firefox) or HTTPWatch (MSIE) to get a trace of what happens during the sign-on/redirect sequence and post that trace. That will help pin-pointing exactly what is going on.

-ascs

-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] 
Sent: Tuesday, August 09, 2005 11:54 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

One more thing, here is how my configuration looks like:
LoadFile	modules/zlib.so
LoadModule	publisher_module	modules/mod_publisher.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadFile    modules/iconv.dll
LoadFile    modules/libxml2.dll
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so

    ProxyPass /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyPassReverse /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/myapp 	/MyApp/

    ProxyPass /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyPassReverse /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/SingleSignOn	/SingleSignOn


-----Original Message-----
From: Shahzad Bhatti 
Sent: Tuesday, August 09, 2005 4:47 PM
To: Shahzad Bhatti; users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] mod_proxy/mod_proxy_html


> Hello,
>    I am trying to setup Reverse Proxy Server on Windows 2003 machine. I am using Apache 2.0. 
	The application uses a single-sign-on software, which redirects to the application upon successful
	authentication. So, the user first accesses 
		http://extranet.myserver.com/myapp, which is name of apache reverse proxy server. It redirects to the 
	single-sign-on application
	https://extranet.myserver.com/sso
	Now, internally the application uses internal server names, so after successful login, the sso application uses
	302/Location field in the header to redirect to the application server. However this is not caught by mod_proxy
	and user can't access to the application. Is there any way to catch this at the reverse proxy so that it can rewrite
	the internal server name.
> Thanks in advance.
> 
> Regards,
> Shahzad Bhatti
> Integrated Software Specialists
> http://www.issintl.com
> 1901 North Roselle Road, Suite 450
> Schaumburg, IL 60195
> Phone: 847-558-5342
> Fax: 847-240-5073
> 
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux