RE: [users@httpd] mod_proxy/mod_proxy_html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Axel,
  Thanks again, it worked and I was able to go further, however I ran into another problem. We are using
single-sign-on that stores ticket in cookie, however it looks like this cookie is not being passed to the
client. And it goes into loop, i.e.,
-- AFTER SUCCESSFUL LOGIN, THE USER IS DIRECTED TO THE APPLICATION (WHICH VERIFIES TICKET)
http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6

GET /wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 HTTP/1.1
Referer: http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fhendrickson%2Fj_security_check


AND IT'S SENDING REDIRECT TO THE SAME URL

HTTP/1.x 302 Moved Temporarily
Location: http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6

Is there any way to add cookie support and break this loop.
Regards,
Shahzad Bhatti
Integrated Software Specialists
http://www.issintl.com
1901 North Roselle Road, Suite 450
Schaumburg, IL 60195
Phone: 847-558-5342
Fax: 847-240-5073






-----Original Message-----
From: Axel-Stéphane SMORGRAV
[mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx]
Sent: Thursday, August 11, 2005 3:43 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


I think I must have been smoking something strong the day I replied to you last.

What you probably need is

ProxyPassReverse  /wcs https://wd-prtlsrv1:8443/hendrickson

instead of 

ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html


ProxyPassReverse tries to match it's second argument with the prefix of the Location header value. If it matches, it substitutes the matching part of the Location header value with the first argument of ProxyPassReverse.

Don't blame me if it works!

-ascs



-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] 
Sent: Wednesday, August 10, 2005 11:56 PM
To: Shahzad Bhatti; users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

Is there anyway that I can use mod_rewrite module to replace "Location" header. Let's say, the Location header contains
Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Can someone send sample directive I can use to replace value of Location to
Location: https://extranet.hendrickson-intl.com/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Note that I would need to keep the ticket # from original header.



-----Original Message-----
From: Shahzad Bhatti
Sent: Wednesday, August 10, 2005 9:43 AM
To: 'users@xxxxxxxxxxxxxxxx'
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


Thanks Axel. I added 
ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp
to httpd.conf as you suggested and installed LiveHttpHeaders. Here is what I see
- First I try to access my application:
#request# GET https://extranet.hendrickson-intl.com/wcs/mainMenu.html;jsessionid=78C32801769F0E5E3E3ACD4734453D28
- which takes me to the login screen
#request# GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check
- After successful login, it redirects me to the application
#request# GET http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and I see following headers
GET /wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc HTTP/1.1
Host: extranet.hendrickson-intl.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Accept-Encoding: gzip,deflate

- At this time, I see redirect:
HTTP/1.x 302 Moved Temporarily
Date: Wed, 10 Aug 2005 14:33:39 GMT
Server: Apache-Coyote/1.1
Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Content-Length: 0
Content-Type: text/plain
So, my browser tries to connect to the internal host
#request# GET https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and fails.

Is there anything else I am missing. I should point out that in my httpd.conf, I am using reverse proxy
for more than one applications. Here is my config again:

    # single-sign-on directives
    ProxyPass /cas https://wd-cassrv1:8443/cas
    ProxyPassReverse /cas https://wd-cassrv1:8443/cas
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/cas	/cas

    # application directives
    ProxyPass /wcs http://wd-prtlsrv1:8080/hendrickson/
    ProxyPassReverse /wcs/ http://wd-prtlsrv1:8080/hendrickson/
    # I just added following based on your suggestion:
    ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/hendrickson 	/wcs/

Regards,
Shahzad Bhatti
Integrated Software Specialists
http://www.issintl.com
1901 North Roselle Road, Suite 450
Schaumburg, IL 60195
Phone: 847-558-5342
Fax: 847-240-5073






-----Original Message-----
From: Axel-Stéphane SMORGRAV
[mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx]
Sent: Wednesday, August 10, 2005 1:39 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


Does your SSO application redirect to 

1. https://wd-cassrv1:8443/myapp, or 
2. http://extranet.myserver.com/MyApp ??

In case 1 you would need to add an extra ProxyPassReverse:

ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp

It is ProxyPassReverse that modifies Location headers in HTTP 302 responses.

You may have a perfectly good reason to use mod_proxy_html, but remember that it's use implies parsing of the entire HTML contents returned by the proxy in order to rewrite the links within the HTML.

I believe that although hostnames are case insensitive, URL paths are, at least on Unix.

I would recommend you use LiveHTTPHeaders (Firefox) or HTTPWatch (MSIE) to get a trace of what happens during the sign-on/redirect sequence and post that trace. That will help pin-pointing exactly what is going on.

-ascs

-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] 
Sent: Tuesday, August 09, 2005 11:54 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

One more thing, here is how my configuration looks like:
LoadFile	modules/zlib.so
LoadModule	publisher_module	modules/mod_publisher.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadFile    modules/iconv.dll
LoadFile    modules/libxml2.dll
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so

    ProxyPass /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyPassReverse /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/myapp 	/MyApp/

    ProxyPass /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyPassReverse /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/SingleSignOn	/SingleSignOn


-----Original Message-----
From: Shahzad Bhatti 
Sent: Tuesday, August 09, 2005 4:47 PM
To: Shahzad Bhatti; users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] mod_proxy/mod_proxy_html


> Hello,
>    I am trying to setup Reverse Proxy Server on Windows 2003 machine. I am using Apache 2.0. 
	The application uses a single-sign-on software, which redirects to the application upon successful
	authentication. So, the user first accesses 
		http://extranet.myserver.com/myapp, which is name of apache reverse proxy server. It redirects to the 
	single-sign-on application
	https://extranet.myserver.com/sso
	Now, internally the application uses internal server names, so after successful login, the sso application uses
	302/Location field in the header to redirect to the application server. However this is not caught by mod_proxy
	and user can't access to the application. Is there any way to catch this at the reverse proxy so that it can rewrite
	the internal server name.
> Thanks in advance.
> 
> Regards,
> Shahzad Bhatti
> Integrated Software Specialists
> http://www.issintl.com
> 1901 North Roselle Road, Suite 450
> Schaumburg, IL 60195
> Phone: 847-558-5342
> Fax: 847-240-5073
> 
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux