RE: [users@httpd] Apache 2.055 Best Practices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, I forgot to mention that I have a host file entry that points xyz2 to the backend server ip address that has a completely different url. The porxy points to that entry.   

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx] 
Sent: Tuesday, February 07, 2006 10:05 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Apache 2.055 Best Practices


 

> -----Original Message-----
> From: Rosado, Rodolfo CTR MDA/IOM [mailto:Rodolfo.Rosado.CTR@xxxxxxx]
> Sent: Dienstag, 7. Februar 2006 15:55
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] Apache 2.055 Best Practices
> 
> Sorry about the shyness, although even if I wasn't, the
> access is ip restricted. I appreciate your looking at the 
> file and thanks for the advice, I'll continue to investigate 
> the backend. The thing that strikes me as odd, is that the 
> links on the returned page are that of the proxy i.e. 
> http://xyz2:port/xyz.

Not "of the proxy", they are "of the backend". The proxy is in front, the backend is behind.

The URL modification in the browser is exactly what happens when the client is redirected.

> 
> This may sound like a dumb question, but from my point of
> view (network engineering) please forgive.  Which would you 
> recommend using, mod_proxy or mod_rewrite for doinf this type 
> of traffic manipulation?

Proxy. You want to hide the URLs on the backend (they don't even need to be accessible from the client - the backend can be on a private network).

You need to look at the HTTP traffic directly to see the headers. Use wget -v or firefox with http://livehttpheaders.mozdev.org/ or just telnet to the server and issue the GET by hand.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
>   
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx]
> Sent: Tuesday, February 07, 2006 9:30 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] Apache 2.055 Best Practices
> 
> 
>  
> 
> > -----Original Message-----
> > From: Rosado, Rodolfo CTR MDA/IOM
> [mailto:Rodolfo.Rosado.CTR@xxxxxxx]
> > Sent: Dienstag, 7. Februar 2006 15:16
> > To: users@xxxxxxxxxxxxxxxx
> > Subject: RE: [users@httpd] Apache 2.055 Best Practices
> > 
> > Mr. Boyle,
> > 
> > Thanks for the reply, sorry about the inadvertant post.  I hit send 
> > befor typing....not enough coffee yet.
> > 
> > Anyway, you were correct about the typo. There are only the 
> > two directives.   
> > 
> > I'm attaching my httpd.conf file.
> 
> I don't normally like ploughing throw other people's
> config... but I had a look at yours since it wasn't too 
> long... There are no obvious redirects (unless in .htaccess 
> files) so my guess is that it is the back-end server that is 
> issuing the redirects. Something like:
> 
> client (request) -> apache,
> apache (proxy request) -> backend,
> backend (redirect to backend) -> apache
> apache ( " " " ) -> client
> client (reads redirect, new request) -> backend
> 
> NB the client must have a path to the backend...
> 
> So check out the backend's config.
> 
> BTW, if you weren't so coy about your domain names etc., we
> could check it out directly.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> 
> 
> > This one is for the Apache
> > server that's listening on port 80 only, but exhibits the
> > same behavior. 
> > 
> > The access log does show lots of 304's & 302's, but I'm seeing a lot 
> > of 200's for the imagemachine requests as well.
> > 
> > R2
> > 
> > 
> > 
> > 
> > 
> > 
> >   
> > 
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx]
> > Sent: Tuesday, February 07, 2006 2:38 AM
> > To: users@xxxxxxxxxxxxxxxx
> > Subject: RE: [users@httpd] Apache 2.055 Best Practices
> > 
> > 
> > > -----Original Message-----
> > > From: Rosado, Rodolfo CTR MDA/IOM
> > [mailto:Rodolfo.Rosado.CTR@xxxxxxx]
> > > Sent: Montag, 6. Februar 2006 16:37
> > > To: users@xxxxxxxxxxxxxxxx
> > > Subject: [users@httpd] Apache 2.055 Best Practices
> > > 
> > > All,
> > > 
> > >   I am attempting to redirect traffic incoming to an
> Apache server
> > > located in a DMZ to two machines behind my firewall.
> > > My Apache server listens on both ports 443 and 80.  The
> > > traffic on port 443 is redirected via a JK2 connector to a 
> > > Tomact 4.1.30 server and has no issues.  The traffic on port 
> > > 80 is redirected to another machine running IIS using a 
> > > reverse proxy.  I also have a third machine serving images.  
> > > All of the traffic from my DMZ to my backend servers must do 
> > > so over 1 port. 
> > 
> > "redirected"????
> > 
> > A redirection is an alternative to proxying - the server responds to 
> > the client with a 301 or 302 and the client makes a new request 
> > directly to the new server. To do this you use Redirect directives 
> > or mod_rewrite with the [R] flag. Is this what you are doing (you 
> > don't have any directives like this in the config below)?
> > 
> > > 
> > > 
> > > <VirtualHost _default_:80>
> > > DocumentRoot "e:/apache2/htdocs2"
> > > ServerName portal.mda.mil
> > > ServerAdmin joe.paluka@xxxxxxxxxxxx 
> > > ErrorLog logs/error.log 
> > > TransferLog logs/access.log 
> > > ProxyRequests Off 
> > > <Proxy *> 
> > > Order deny,allow 
> > > Allow from all 
> > > </Proxy> 
> > > ProxyPass /xyz http://xyzmachine:9030/xyz 
> > > <http://xyzmachine:9030/xyz>  
> > > ProxyPassReverse /xyz http://xyzmachine:9030/xyz 
> > > <http://xyzmachine:9030/xyz>  
> > > ProxyPass /imagerequest http://imagemachine:9030/imagerequest 
> > > <http://imagemachine:9030/imagerequest>  
> > > ProxyPassReverse /imagerequest 
> > > http://imagemachine:9030/imagerequest 
> > > <http://imagemachine:9030/imagerequest>  
> > 
> > Why have you got *three* arguments to the Proxy directives? You can 
> > only have [path] [url] - I assume this is a typo...
> > 
> > > 
> > > My challenges are:
> > > The pages are served correctly by the URL's are not being 
> > > preserved, and the links on the served pages are also not being 
> > > preserved.
> > > 
> > > i.e.:
> > > 
> > > An inbound request may look like:
> > > 
> > > http://www.sumplace.com/xyz/somefunction.htm
> > > <http://www.sumplace.com/xyz/somefunction.htm>
> > > 
> > > The page returned to the browser will have the url:
> > > 
> > > http://xyzmachine:9030/xyz/somefunction.htm
> > > <http://xyzmachine:9030/xyz/somefunction.htm>
> > 
> > Pages don't have URLs. The client requests a URL and the server 
> > returns a page (with no indication of what was originally 
> > requested). The URL you see in the browser is a record of what the 
> > browser requested to get the page you see. If this changes from what 
> > you typed in, it's because the original server sent a 301 or 302 
> > redirect to a new URL. The browser then requested this page and 
> > changed the URL in the address bar.
> > 
> > Your results look exactly like you are redirecting instead of 
> > proxying. My guess is that you have some other directives somewhere 
> > that we don't know about (further up the config, outside the VH, in 
> > a .htaccess file)? These are being hit before we get to the Proxy 
> > directives and causing the redirect.
> > 
> > Look in the access log and see what HTTP-status you are getting for 
> > these requests (I bet it's 301/302 - it should be 200).
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored.
> > 
> > > 
> > > And the links on the page will also have the issue.
> > > 
> > > I've tried using the ProxyPreserverHost directive, which really
> > > didn't help.
> > > 
> > > Question:  How can I forward the URL to the backend and
> have all of
> > > the URL's return to the browser with the proper URL's?
> > > 
> > > Thanks for any assistance.
> > > 
> > > R2
> > >   
> > > 
> > > 
> > >   
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat 
> > keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. 
> > This e-mail is of a private and personal nature. It is not related 
> > to the exchange or business activities of the SWX Group. Le présent 
> > e-mail est un message privé et personnel, sans rapport avec 
> > l'activité boursière du Groupe SWX.
> >  
> >  
> > This message is for the named person's use only. It may contain 
> > confidential, proprietary or legally privileged information. No 
> > confidentiality or privilege is waived or lost by any 
> > mistransmission. If you receive this message in error, please notify 
> > the sender urgently and then immediately delete the message and any 
> > copies of it from your system. Please also immediately destroy any 
> > hardcopies of the message. You must not, directly or indirectly, 
> > use, disclose, distribute, print, or copy any part of this message 
> > if you are not the intended recipient. The sender's company reserves
> > the right to monitor all e-mail communications through their 
> > networks. Any views expressed in this message are those of 
> > the individual sender, except where the message states 
> > otherwise and the sender is authorised to state them to be 
> > the views of the sender's company.
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project. See 
> > <URL:http://httpd.apache.org/userslist.html> for more info. 
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux