httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Silva <apache-u...@danijen.com>
Subject Re: [users@httpd] Apache Reverse Proxy / Redirect Issue
Date Thu, 07 Apr 2005 00:39:29 GMT
One other thing... you may notice in the headers that the Server header 
says Microsoft-IIS/5.0... this is because I have changed the server 
identity through the following directive:

Header always set Server "Microsoft-IIS/5.0"

I don't think is poses a problem... Just doing some basic things to 
secure the box.

Thanks,
Dnaiel

Daniel Silva wrote:
> Owen,
> 
> Sorry about the HTML, I was using Outlook Web Access, which doesn't let 
> you choose plaintext as a formatting option.  I had to create an account
> on my own private web server just to post in plaintext.  Again, sorry, I 
> didn't know it was HTML.
> 
> Before I get into the directives, I have changed the domain names and 
> ports... where backend or gateway are used in directived, I am using the 
> actual domain name for that server.
> 
> Here are the mod_proxy rules I am using on the gateway server:
> 
> ~~~
> 
> <Location /vqwiki-2.7.1>
>     ProxyPass http://backend:4080/vqwiki-2.7.1/
>     ProxyPassReverse http://backend:4080/vqwiki-2.7.1/
>     SSLRequireSSL
> </Location>
> 
> ~~~
> 
> Here are the mod_rewrite rules I was using in a virtual host on port 80, 
> when I was trying to re-write http to https requests:
> 
> ~~~
> 
> Listen 0.0.0.0:80
> 
> <VirtualHost _default_:80>
> SSLEngine Off
>         Redirect / https://gateway/
>         RewriteEngine on
>         RewriteCond %{SERVER_PORT} !^443$
>         RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
> </VirtualHost>
> 
> ServerName gate.platinumsolutions.com:80
> UseCanonicalName Off
> 
> ~~~
> 
> There are more directives, the ssl-specific ones are in a separate conf 
> file.  Let me know if you need to see anything from there.
> 
> I have one more thing for you... the headers on the redirect request 
> (from LiveHTTPHeaders extension on Firefox).  You'll notive in the 302 
> response headers that the Location header has http:// instead of 
> https://... this is the matter that is driving me crazy and am trying to 
> solve.  Here they are:
> 
> ~~~
> 
> https://gateway/vqwiki-2.7.1/jsp/test2.jsp?action=redirect
> 
> GET /vqwiki-2.7.1/jsp/test2.jsp?action=redirect HTTP/1.1
> Host: gateway
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) 
> Gecko/20050317 Firefox/1.0.2
> Accept: 
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

> 
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: https://gateway/vqwiki-2.7.1/jsp/test.jsp
> Cookie: username=Daniel Silva; 
> JSESSIONID=5A37231975613F6D24D4B2B48F7EBB6B; 
> JSESSIONIDSSO=7083BB840927C2DC40255E36808997E1
> Authorization: Basic ZHNpbHZhOmQ0bnMxbHZh
> 
> HTTP/1.x 302 Moved Temporarily
> Date: Thu, 07 Apr 2005 00:26:16 GMT
> Server: Microsoft-IIS/5.0
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 19:00:00 EST
> Location: http://gateway/vqwiki-2.7.1/jsp/test.jsp?action=redirect
> Content-Type: text/html;charset=ISO-8859-1
> Content-Language: en-US
> Content-Length: 0
> 
> ~~~
> 
> I hope this extra info will make things more clear.
> 
> Regards,
> Daniel
> 
> 
>> ------------------------------------------------------------------------
>> *From:* Boyle Owen [mailto:Owen.Boyle@swx.com]
>> *Sent:* Wed 2005-04-06 11:51
>> *To:* users@httpd.apache.org
>> *Subject:* RE: [users@httpd] Apache Reverse Proxy / Redirect Issue
>>
>> Plain text please...
>>
>> Then post the relevant rewrite rules from your config (not much can be 
>> done/said without them).
>>
>> Rgds,
>> Owen Boyle
>> Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>> -----Original Message-----
>> From: Daniel Silva [mailto:dsilva@platinumsolutions.com]
>> Sent: Mittwoch, 6. April 2005 16:09
>> To: users@httpd.apache.org
>> Subject: [users@httpd] Apache Reverse Proxy / Redirect Issue
>>
>>
>> Hello everybody.  I am new here, was hoping to post a problem I am 
>> having, would love to hear some input.  I've been dealing with this 
>> problem for a while now and it's driving me nuts, haven't been able to 
>> find the problem.
>>
>> I have a gateway server that is running OpenBSD and Apache 2 and is 
>> set up with mod_ssl and mod_proxy.  The only listen port is 443.  I 
>> have it configured so that a bunch of requests are handled by a 
>> backend server, running on port 4080.  Something like 
>> https://gateway/resourceA maps to 
>> http://backendserver:4080/resourceA.  I have ProxyPass to handle 
>> requests, and ProxyPassReverse to handle the redirects.  However, 
>> ProxyPassReverse doesn't seem to be doing it's job, because redirects 
>> are not working properly.
>>
>> Let me explain what I mean.  Let's say, for example, that 
>> resourceA/test1.html redirects in the backend server to 
>> resourceA/test2.html.  When I request 
>> https://gateway/resourceA/test1.html, I would expect to get 
>> https://gateway/resourceA/test2.html.  However, instead what happens 
>> is that the redirect generates a request on port 80, or 
>> http://gateway/resourceA/test2.html.  This, of course, times out 
>> because my Apache instance on my gateway server is not listening on 
>> port 80, nor is my firewall allowing communication on port 80 to this 
>> gateway server.
>>
>> I tried opening up port 80 on my firewall, listening on port 80, and 
>> writing some mod_rewrite directives to redirect requests on http:// to 
>> https://.  This does not work.  The redirect generated is still for 
>> port 80 (it is not getting re-written to https), and of course it 
>> can't find any such resource on the gateway server, so I get a 403 
>> back (which is odd, I would have expected 404, but I am getting a 
>> forbidden HTTP code back).
>>
>> I suspect this has to do with how I am setting up the servername 
>> directive.  Right now I have it set up as gateway:80 (I am using the 
>> actual domain, not the word 'gateway' but the actual domain is not 
>> important).  If I change it to gateway:443, I get a bunch of errors 
>> logged that say "warning: running http over an https port" or 
>> something like that.
>>
>> I don't know if I've said enough to characterize the problem.  I've 
>> searched the net and usenet groups up and down looking for an answer, 
>> but I've yet to find a solution.  Please help!!
>>
>> Thanks,
>> Daniel
>>
>> -- 
>> Daniel A. Silva
>> Senior Consultant, PlatinumSolutions, Inc.
>> PH: 703.471.9793 FAX: 703.471.7140
>>
>> daniel.silva@platinumsolutions.com
>>
>> http://www.platinumsolutions.com
>>
>> This message is for the designated recipient only and may contain 
>> privileged, proprietary, or otherwise private information. If you have 
>> received it in error, please notify the sender immediately and delete 
>> the original. Any other use of the email by you is prohibited.
>>
>> Diese E-mail ist eine private und persnliche Kommunikation. Sie hat 
>> keinen Bezug zur B rsen- bzw. Geschftst tigkeit der SWX Gruppe. This 
>> e-mail is of a private and personal nature. It is not related to the 
>> exchange or business activities of the SWX Group. Le prsent e-mail est 
>> un message priv  et personnel, sans rapport avec l'activit boursi re 
>> du Groupe SWX.
>>
>>
>> This message is for the named person's use only. It may contain 
>> confidential, proprietary or legally privileged information. No 
>> confidentiality or privilege is waived or lost by any mistransmission. 
>> If you receive this message in error, please notify the sender 
>> urgently and then immediately delete the message and any copies of it 
>> from your system. Please also immediately destroy any hardcopies of 
>> the message. You must not, directly or indirectly, use, disclose, 
>> distribute, print, or copy any part of this message if you are not the 
>> intended recipient. The sender’s company reserves the right to monitor 
>> all e-mail communications through their networks. Any views expressed 
>> in this message are those of the individual sender, except where the 
>> message states otherwise and the sender is authorised to state them to 
>> be the views of the sender’s company.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message