Axel, Thanks again, it worked and I was able to go further, however I ran into another problem. We are using single-sign-on that stores ticket in cookie, however it looks like this cookie is not being passed to the client. And it goes into loop, i.e., -- AFTER SUCCESSFUL LOGIN, THE USER IS DIRECTED TO THE APPLICATION (WHICH VERIFIES TICKET) http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 GET /wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 HTTP/1.1 Referer: http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fhendrickson%2Fj_security_check AND IT'S SENDING REDIRECT TO THE SAME URL HTTP/1.x 302 Moved Temporarily Location: http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 Is there any way to add cookie support and break this loop. Regards, Shahzad Bhatti Integrated Software Specialists http://www.issintl.com 1901 North Roselle Road, Suite 450 Schaumburg, IL 60195 Phone: 847-558-5342 Fax: 847-240-5073 -----Original Message----- From: Axel-Stéphane SMORGRAV [mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx] Sent: Thursday, August 11, 2005 3:43 AM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html I think I must have been smoking something strong the day I replied to you last. What you probably need is ProxyPassReverse /wcs https://wd-prtlsrv1:8443/hendrickson instead of ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html ProxyPassReverse tries to match it's second argument with the prefix of the Location header value. If it matches, it substitutes the matching part of the Location header value with the first argument of ProxyPassReverse. Don't blame me if it works! -ascs -----Original Message----- From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] Sent: Wednesday, August 10, 2005 11:56 PM To: Shahzad Bhatti; users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html Is there anyway that I can use mod_rewrite module to replace "Location" header. Let's say, the Location header contains Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc Can someone send sample directive I can use to replace value of Location to Location: https://extranet.hendrickson-intl.com/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc Note that I would need to keep the ticket # from original header. -----Original Message----- From: Shahzad Bhatti Sent: Wednesday, August 10, 2005 9:43 AM To: 'users@xxxxxxxxxxxxxxxx' Subject: RE: [users@httpd] mod_proxy/mod_proxy_html Thanks Axel. I added ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp to httpd.conf as you suggested and installed LiveHttpHeaders. Here is what I see - First I try to access my application: #request# GET https://extranet.hendrickson-intl.com/wcs/mainMenu.html;jsessionid=78C32801769F0E5E3E3ACD4734453D28 - which takes me to the login screen #request# GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check - After successful login, it redirects me to the application #request# GET http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc and I see following headers GET /wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc HTTP/1.1 Host: extranet.hendrickson-intl.com:80 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Accept-Encoding: gzip,deflate - At this time, I see redirect: HTTP/1.x 302 Moved Temporarily Date: Wed, 10 Aug 2005 14:33:39 GMT Server: Apache-Coyote/1.1 Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc Content-Length: 0 Content-Type: text/plain So, my browser tries to connect to the internal host #request# GET https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc and fails. Is there anything else I am missing. I should point out that in my httpd.conf, I am using reverse proxy for more than one applications. Here is my config again: # single-sign-on directives ProxyPass /cas https://wd-cassrv1:8443/cas ProxyPassReverse /cas https://wd-cassrv1:8443/cas ProxyHTMLURLMap https://wd-cassrv1:8443/cas /cas # application directives ProxyPass /wcs http://wd-prtlsrv1:8080/hendrickson/ ProxyPassReverse /wcs/ http://wd-prtlsrv1:8080/hendrickson/ # I just added following based on your suggestion: ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html ProxyHTMLURLMap http://wd-prtlsrv1:8080/hendrickson /wcs/ Regards, Shahzad Bhatti Integrated Software Specialists http://www.issintl.com 1901 North Roselle Road, Suite 450 Schaumburg, IL 60195 Phone: 847-558-5342 Fax: 847-240-5073 -----Original Message----- From: Axel-Stéphane SMORGRAV [mailto:Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx] Sent: Wednesday, August 10, 2005 1:39 AM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html Does your SSO application redirect to 1. https://wd-cassrv1:8443/myapp, or 2. http://extranet.myserver.com/MyApp ?? In case 1 you would need to add an extra ProxyPassReverse: ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp It is ProxyPassReverse that modifies Location headers in HTTP 302 responses. You may have a perfectly good reason to use mod_proxy_html, but remember that it's use implies parsing of the entire HTML contents returned by the proxy in order to rewrite the links within the HTML. I believe that although hostnames are case insensitive, URL paths are, at least on Unix. I would recommend you use LiveHTTPHeaders (Firefox) or HTTPWatch (MSIE) to get a trace of what happens during the sign-on/redirect sequence and post that trace. That will help pin-pointing exactly what is going on. -ascs -----Original Message----- From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] Sent: Tuesday, August 09, 2005 11:54 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] mod_proxy/mod_proxy_html One more thing, here is how my configuration looks like: LoadFile modules/zlib.so LoadModule publisher_module modules/mod_publisher.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule headers_module modules/mod_headers.so LoadFile modules/iconv.dll LoadFile modules/libxml2.dll LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_html_module modules/mod_proxy_html.so ProxyPass /MyApp http://wd-prtlsrv1:8080/myapp/ ProxyPassReverse /MyApp http://wd-prtlsrv1:8080/myapp/ ProxyHTMLURLMap http://wd-prtlsrv1:8080/myapp /MyApp/ ProxyPass /SingleSignOn https://wd-cassrv1:8443/SingleSignOn ProxyPassReverse /SingleSignOn https://wd-cassrv1:8443/SingleSignOn ProxyHTMLURLMap https://wd-cassrv1:8443/SingleSignOn /SingleSignOn -----Original Message----- From: Shahzad Bhatti Sent: Tuesday, August 09, 2005 4:47 PM To: Shahzad Bhatti; users@xxxxxxxxxxxxxxxx Subject: [users@httpd] mod_proxy/mod_proxy_html > Hello, > I am trying to setup Reverse Proxy Server on Windows 2003 machine. I am using Apache 2.0. The application uses a single-sign-on software, which redirects to the application upon successful authentication. So, the user first accesses http://extranet.myserver.com/myapp, which is name of apache reverse proxy server. It redirects to the single-sign-on application https://extranet.myserver.com/sso Now, internally the application uses internal server names, so after successful login, the sso application uses 302/Location field in the header to redirect to the application server. However this is not caught by mod_proxy and user can't access to the application. Is there any way to catch this at the reverse proxy so that it can rewrite the internal server name. > Thanks in advance. > > Regards, > Shahzad Bhatti > Integrated Software Specialists > http://www.issintl.com > 1901 North Roselle Road, Suite 450 > Schaumburg, IL 60195 > Phone: 847-558-5342 > Fax: 847-240-5073 > > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx