Hmmm, interesting. So how do I get around this? I am perplexed to say the least... On 9/29/06, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
I've tested kind of your configuration and everything works all right
in mine test environment. So I still think that your real server
(Oracle Application Server) somehow generates absolute (not realive)
links. I'm almost sure in that.
On 9/29/06, Jeff DeFord <jeff.deford@xxxxxxxxx> wrote:
> AFAIK, it is all static content with some jsp pages. No CGI/PHP/Etc...
> The real server is an Oracle application server, so all of the web
> content was derived from the installation process script "AutoConfig".
>
> My confusion is in trying to get the URL's rewritten and proxied that
> go beyond the root level. I have tried various combinations of
> ProxyPass and ProxyPassReverse statements, Rewrite Rules, etc and so
> far I can only get the root-level HTML to proxy and rewrite.
>
> so the real url
> https://realserver:8050/some_page.html
>
> appears to be
> https://proxyserver/some_page.html
>
> Just as it should.
>
> But mousing over or clicking any url with a directory path beyond "/"
> shows that the URL does not get rewritten or proxied and I have tried
> a myriad of combinations iwth ProxyPass/Reverse and RewriteRule
> directives all to no avail.
>
> Here are the important bits of the httpd.conf file:
>
> <VirtualHost *:80>
> ServerName proxy_server
> RewriteEngine On
> RewriteLogLevel 9
> RewriteLog logs/rewrite_log
> ## Redirect all incoming HTTP requests to HTTPS locally before proxying.
> RewriteRule ^/(.*) https://proxy_server/$1 [R,L]
> </VirtualHost>
>
>
> <VirtualHost _default_:443>
> # General setup for the virtual host
> ServerName proxy_server
> SSLEngine on
> SSLOptions +StrictRequire
> SSLProtocol -all +TLSv1 +SSLv3
> SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
>
> # Server Certificate:
> SSLCertificateFile conf/ssl.crt/server.crt
> # Server Private Key:
> SSLCertificateKeyFile conf/ssl.key/server.key
> # SSL Protocol Adjustments:
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
> # Per-Server Logging:
> #CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x \"%r\" %b"
> CustomLog logs/ssl_request_log common
>
> RewriteEngine On
> RewriteLogLevel 9
> RewriteLog logs/rewrite_log
>
> ProxyRequests Off
> SSLProxyEngine On
> SSLProxyCACertificateFile conf/cacerts.crt
> ProxyPreserveHost On
> ProxyPass / https://real_server:8050/
> ProxyPassReverse / https://real_server:8050/
> </VirtualHost>
>
>
> I have tried putting proxy rules in the 443 virtual host
> I have tried putting proxy rules in the IfModule mod_proxy.c section
> I have tried rewrite rules in all kinds of places and all kinds of
> combinations of proxy and rewrite directives...
> But somehow I can't get the combination right.
>
> I want URLs from the real server like this one
> https://real_server:8050/dir1/dir2/jsp/some_page.jsp
>
> to get proxied and appear as if they came from the proxy server
> https://proxy_server/dir1/dir2/jsp/some_page.jsp
>
> I just don't know where to put the rules and if I need both porxy and
> rewrite rules for every possible URL/directory structure combination
> that exists on the real server.
>
> Any help or direction would be greatly appreciated.
>
> -=jeff
>
>
> On 9/28/06, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
> > What kind of "real" server do you have on backend? Does it have static
> > content or dynamic? Could it be that your wrong links are generated on
> > backend by PHP/ASP/CGI or any other dynamic application that uses
> > $SEVER_NAME or some other variable to build absolute links?
> >
> > On 9/28/06, Jeff DeFord <jeff.deford@xxxxxxxxx> wrote:
> > > For testing purposes, I'm using a self-signed sert on the proxy server
> > > for the initial redirection, then the proxy server acts as a SSL
> > > client for all proxied requests that are handed off to the app server
> > > which is listening on port 8050 (SSL) using a real certificate.
> > >
> > > I copied the real cert file to the proxy server and put it in a file
> > > called cacerts.crt and added the directive shown below to the
> > > httpd.conf file:
> > >
> > > SSLProxyCACertificateFile conf/cacerts.crt
> > >
> > > In this configuration, the proxy server can be configured to be a SSL
> > > client for many sites each having their own cert.
> > >
> > > My problem is getting the proxy server configured so that mod_proxy
> > > and mod_rewrite do their job for the URLs on the app server that are
> > > below the root level and incorporate multiple levels of directories in
> > > the URL. It all works great for foor-level URL's.
> > >
> > > I hope I answered your question. Now if someone could help me answer mine...
> > >
> > > -=jeff
> > >
> > >
> > > On 9/28/06, John king <johnking06@xxxxxxxxx> wrote:
> > > > Where is your server cert installed? If it is installed on the reverse proxy
> > > > server, do you decrypte the incoming HTTPS
> > > > traffic and re-encrypte it again in the proxy server before sending it to
> > > > the next host?
> > > >
> > > >
> > > > On 9/28/06, Jeff DeFord <jeff.deford@xxxxxxxxx> wrote:
> > > > > Not sure if that would work since all requests are HTTPS...
> > > > > Can you elaborate?
> > > > >
> > > > > Here are the modules I compiled in when I built Apache:
> > > > > # ./httpd -l
> > > > > Compiled in modules:
> > > > > core.c
> > > > > mod_access.c
> > > > > mod_auth.c
> > > > > mod_log_config.c
> > > > > mod_headers.c
> > > > > mod_setenvif.c
> > > > > mod_proxy.c
> > > > > proxy_connect.c
> > > > > proxy_ftp.c
> > > > > proxy_http.c
> > > > > mod_ssl.c
> > > > > prefork.c
> > > > > http_core.c
> > > > > mod_mime.c
> > > > > mod_status.c
> > > > > mod_dir.c
> > > > > mod_rewrite.c
> > > > > mod_so.c
> > > > >
> > > > >
> > > > > On 9/27/06, Jim BAO <JXB6@xxxxxxx> wrote:
> > > > > > Did you try HTTP Connect?
> > > > > >
> > > > > > >>> jeff.deford@xxxxxxxxx 9/27/2006 10:35 AM >>>
> > > > > > All:
> > > > > >
> > > > > > I have some questions regarding the way to implement
> > > > > > Apache as a reverse proxy server using mod_rewrite in order to mask the
> > > > > > real
> > > > > > URLs. Users will connect to the proxy, then the proxy will connect to
> > > > > > the real server that is listening on port 8050 (SSL)
> > > > > >
> > > > > >
> > > > > > So far this is what I have working:
> > > > > >
> > > > > > Proxy server listining on port 80 and on 443 and I am
> > > > > > using a rewrite rule to force a rediect to 443 only as shown below:
> > > > > >
> > > > > > ## Redirect all incoming HTTP requests to HTTPS locally before
> > > > > > proxying.
> > > > > > RewriteRule ^/(.*) https://proxy.server.com/$1 [R,L]
> > > > > >
> > > > > > This works just as expected as my initial http connection gets forced
> > > > > > to https.
> > > > > >
> > > > > > Then I have the following proxy statements set up as shown below for
> > > > > > the default SSL virtual host on the proxy server:
> > > > > >
> > > > > > ProxyRequests Off
> > > > > > SSLProxyEngine On
> > > > > > SSLProxyCACertificateFile conf/cacerts.crt
> > > > > > ProxyPreserveHost On
> > > > > > ProxyPass / https://real.server.com:8050/
> > > > > > ProxyPassReverse / https://real.server.com:8050/
> > > > > >
> > > > > > This all works great for all of the base URLs on the root level. The
> > > > > > home
> > > > > > page URLs on the real server get rewritten and appear to have
> > > > > > originated from the proxy server when I mouse over or
> > > > > > click on a root-level URL.
> > > > > >
> > > > > > However, any URL with a subdirectory below the root level on the real
> > > > > > server does not get rewritten and the real URL (the complete URL on
> > > > > > the real server including the port number 8050) is visible on the
> > > > > > proxied web page.
> > > > > >
> > > > > > Now, how do go I about getting this to work for all of the URLs with
> > > > > > subdirectories? I have read through the documentation and I am stuck.
> > > > > >
> > > > > > Do I need rewrite rules for each URL that has a subdirectly below the
> > > > > > root with a subsequent ProxyPass and ProxyPassReverse statement?
> > > > > >
> > > > > > Do my rewrite rules need to use the proxy flag [P]? Or will they work
> > > > > > once written to mimic the root-level rules?
> > > > > >
> > > > > > Many thanks in advance for any help that you may provide....
> > > > > >
> > > > > >
> > > > > > -=jeff
> > > > > >
> > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > The official User-To-User support forum of the Apache HTTP Server
> > > > > > Project.
> > > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > > " from the digest:
> > > > users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > > > >
> > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > The official User-To-User support forum of the Apache HTTP Server
> > > > Project.
> > > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > > " from the digest:
> > > > users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > ---------------------------------------------------------------------
> > > > > The official User-To-User support forum of the Apache HTTP Server Project.
> > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > " from the digest:
> > > > users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|