Re: [users@httpd] Reverse Proxy Again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you very much Oliver for your patient and advice.

By the way, I am still very puzzling why I still can't login to the
SAP WAS behind the apache server. First I thought because of JSESSION
cookie was not been able to set to the client browser because of using
reverse proxy.

Have you came accross the same scenario whereby you can't login to SAP
WAS if go through apache reverse proxy server?

>From the data tamper log I notice after click "Log On" button, it will
go to http://www.domain.com/logon/portal and immediately the http
connection was closed. I did not see any abnormal situation from the
HTTP response/request which block me to login into the SAP WAS.

Thanks.

Best Rgds,
Franky

On 1/13/06, Oliver.Schaudt@xxxxxxxxx <Oliver.Schaudt@xxxxxxxxx> wrote:
> Hi Franky,
>
> 1. The header line with the cookie has at least 2 parts with the SAP WAS
> Cookie=saplb_*=(J2EE184141100)184141150; JSESSIONID=(J2EE184141100)ID184141150DB10457613221413343070End
> Is it possibly that your javascript shows you only the information till the first semicolon ";" ?
>
> I have in my config thes 3 Parameters too
> ProxyPreserveHost        On
> ProxyReceiveBufferSize 4096
> ProxyBadHeader           Ignore
>
> The only thing is that i began to use an Apache 2 in front of SAP Web AS with version 2.0.53, but even with an 1.3.26 the JSESSIONID wasn't a problem.
>
> If it is still a problem, can you check, waht you reserve from Tomcat with any from the follwing tools.
>
> iehttpheaders http://www.blunck.info/iehttpheaders.html
> Livehttpheaders http://livehttpheaders.mozdev.org/ <http://livehttpheaders.mozdev.org/>
> Tamper Data  https://addons.mozilla.org/extensions/moreinfo.php?id=966 <https://webmail.unilog.de/exchweb/bin/redir.asp?URL=https://addons.mozilla.org/extensions/moreinfo.php?id=966>
> With Tamper Data you can track every Request and Response
>
>
> 2. The stickysesssion=JSESSIONID ist only useful and kown by the config when you are using mod_proxy_balancer [only in 2.2.0]to access more than 1 server in the back.
>
>
> ________________________________
>
> Von: Franky Ronaldy [mailto:franky.ronaldy@xxxxxxxxx]
> Gesendet: Fr 13.01.2006 03:56
> An: users@xxxxxxxxxxxxxxxx
> Betreff: Re: [users@httpd] Reverse Proxy Again
>
>
>
> I have created the simple javascript program to check the cookie which
> being set by the SAP. And I notice that SAP Netweaver set cookie into
> my browser :
>
> saplb_*,(J2EE2350500)2350550 PortalAlias,portal
> JSESSIONID,(J2EE2350500)ID2350550DB11007797051053951047End
>
> But if I access it through reverse proxy, my cookie is only:
>
> saplb_*,(J2EE2350500)2350550 PortalAlias,portal
>
> Those JSESSIONID missing from the cookie.
>
> I have tried to change the httpd.conf file by putting:
>
> ProxyPass /dev/irj http://www.domain.com:50000/irj stickysession=JSESSIONID
> ProxyPassReverse /dev/irj http://www.domain.com:50000/irj > ProxyPass
> /dev/logon http://www.domain.com:50000/irj stickysession=JSESSIONID
> ProxyPassReverse /dev/logon http://www.domain.com:50000/irj ProxyPass
> /dev/webdynpro http://www.domain.com:50000/webdynpro >
> ProxyPassReverse /dev/webdynpro http://www.domain.com:50000/webdynpro
>
> When I issue command ./apachectl configtest, I got error indicate that
> ProxyPass only accept 2 parameters only.
>
> Any idea how to keep those JSESSIONID remain eventhough through
> reverse proxy server? Is it a bugs for apache 2.0.46? Should I upgrade
> to other version?
>
> Thanks.
>
> Rgds,
> Franky
>
> On 1/12/06, Oliver.Schaudt@xxxxxxxxx <Oliver.Schaudt@xxxxxxxxx> wrote:
> >
> >
> > Hi Franky,
> > with a SAP Portal in the background you have to send back more
> > [i used hier only "irj" because the next contexta in the uri
> > which the portal wants are "portal" / "portalapps" /"go" and "servlet"
> > .<snip>
> > ProxyRequests Off
> > ProxyPass        /irj http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPassReverse /irj http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPass        /logon http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPassReverse /logon http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPass        /webdynpro http://www.domain.com:50000/webdynpro <http://www.domain.com:50000/webdynpro>
> > ProxyPassReverse /webdynpro http://www.domain.com:50000/webdynpro <http://www.domain.com:50000/webdynpro>
> >
> > # and because the portal sends sometimes some garbled headers
> > # than put this directive in your config, too
> > ProxyBadHeader         Ignore
> > <snip>...
> >
> >
> > With your "dev" inthe path than it should be
> >
> > ProxyPass        /dev/irj http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPassReverse /dev/irj http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPass        /dev/logon http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPassReverse /dev/logon http://www.domain.com:50000/irj <http://www.domain.com:50000/irj>
> > ProxyPass        /dev/webdynpro http://www.domain.com:50000/webdynpro <http://www.domain.com:50000/webdynpro>
> > ProxyPassReverse /dev/webdynpro http://www.domain.com:50000/webdynpro <http://www.domain.com:50000/webdynpro>
> >
> > You can easily find out what the portal sends to you if you use "tamper Data" inside Firefox or with a little bit more work "iehtttpheaders"
> >
> > bye
> >
> > Oliver
> > ________________________________
> >
> > Von: Franky Ronaldy [mailto:franky.ronaldy@xxxxxxxxx]
> > Gesendet: Do 12.01.2006 09:32
> > An: users@xxxxxxxxxxxxxxxx
> > Betreff: [users@httpd] Reverse Proxy Again
> >
> >
> >
> > Hi,
> >
> > I am quite new for reverse proxy. I need some advice from expertise
> > here. I have to configure apache as a reverse proxy with SAP portal at
> > the backend. My apache run in linux ES 3 with apache version 2.0.46.
> >
> > I have configured httpd.conf to act as a reverse proxy as following:
> >
> > .<snip>
> > ProxyRequests Off
> > ProxyPass /dev http://www.domain.com:50000/irj/portal
> > ProxyPassReverse /dev http://www.domain.com:50000/irj/portal
> > <snip>...
> >
> > I can see the login page from http://www.domain.com:5000/irj/portal
> > but without image, css, etc.... so I add two more lines inside
> > httpd.conf as following
> >
> > .<snip>
> > ProxyRequests Off
> > ProxyPass /dev http://www.domain.com:50000/irj/portal
> > ProxyPassReverse /dev http://www.domain.com:50000/irj/portal
> > ProxyPass / http://www.domain.com:50000/irj/portal
> > ProxyPassReverse / http://www.domain.com:50000/irj/portal
> > LogLevel debug
> > <snip>...
> >
> > After restart apache, I can see everything included all images,  css
> > so on and so forth. But I can't login to the SAP portal.
> >
> > My confusion whether is there anyway I can traceroute the requests
> > coming into apache until it comes back to apache from the backend?
> >
> > Eventhough I check the error log I did not find any clues why I can't
> > login into the SAP portal at the backend.
> >
> > Thanks in advanced for any advice.
> >
> > --
> > Regards,
> > Franky
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
>
> --
> Regards,
> Franky
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>


--
Regards,
Franky

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux