httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-St├ęphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] mod_proxy/mod_proxy_html
Date Thu, 11 Aug 2005 08:43:17 GMT
I think I must have been smoking something strong the day I replied to you last.

What you probably need is

ProxyPassReverse  /wcs https://wd-prtlsrv1:8443/hendrickson

instead of 

ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html


ProxyPassReverse tries to match it's second argument with the prefix of the Location header
value. If it matches, it substitutes the matching part of the Location header value with the
first argument of ProxyPassReverse.

Don't blame me if it works!

-ascs



-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@issintl.com] 
Sent: Wednesday, August 10, 2005 11:56 PM
To: Shahzad Bhatti; users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

Is there anyway that I can use mod_rewrite module to replace "Location" header. Let's say,
the Location header contains
Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Can someone send sample directive I can use to replace value of Location to
Location: https://extranet.hendrickson-intl.com/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Note that I would need to keep the ticket # from original header.



-----Original Message-----
From: Shahzad Bhatti
Sent: Wednesday, August 10, 2005 9:43 AM
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


Thanks Axel. I added 
ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp
to httpd.conf as you suggested and installed LiveHttpHeaders. Here is what I see
- First I try to access my application:
#request# GET https://extranet.hendrickson-intl.com/wcs/mainMenu.html;jsessionid=78C32801769F0E5E3E3ACD4734453D28
- which takes me to the login screen
#request# GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check
- After successful login, it redirects me to the application
#request# GET http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and I see following headers
GET /wcs/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc HTTP/1.1
Host: extranet.hendrickson-intl.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Accept-Encoding: gzip,deflate

- At this time, I see redirect:
HTTP/1.x 302 Moved Temporarily
Date: Wed, 10 Aug 2005 14:33:39 GMT
Server: Apache-Coyote/1.1
Location: https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
Content-Length: 0
Content-Type: text/plain
So, my browser tries to connect to the internal host
#request# GET https://wd-prtlsrv1:8443/hendrickson/j_security_check?ticket=ST-3-eKsgSRqjcj0JyE5VqiYc
and fails.

Is there anything else I am missing. I should point out that in my httpd.conf, I am using
reverse proxy
for more than one applications. Here is my config again:

    # single-sign-on directives
    ProxyPass /cas https://wd-cassrv1:8443/cas
    ProxyPassReverse /cas https://wd-cassrv1:8443/cas
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/cas	/cas

    # application directives
    ProxyPass /wcs http://wd-prtlsrv1:8080/hendrickson/
    ProxyPassReverse /wcs/ http://wd-prtlsrv1:8080/hendrickson/
    # I just added following based on your suggestion:
    ProxyPassReverse https://wd-prtlsrv1:8443/hendrickson/j_security_check http://extranet.hendrickson-intl.com/wcs/mainMenu.html
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/hendrickson 	/wcs/

Regards,
Shahzad Bhatti
Integrated Software Specialists
http://www.issintl.com
1901 North Roselle Road, Suite 450
Schaumburg, IL 60195
Phone: 847-558-5342
Fax: 847-240-5073






-----Original Message-----
From: Axel-St├ęphane SMORGRAV
[mailto:Axel-Stephane.SMORGRAV@europe.adp.com]
Sent: Wednesday, August 10, 2005 1:39 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html


Does your SSO application redirect to 

1. https://wd-cassrv1:8443/myapp, or 
2. http://extranet.myserver.com/MyApp ??

In case 1 you would need to add an extra ProxyPassReverse:

ProxyPassReverse https://wd-cassrv1:8443/myapp http://extranet.myserver.com/MyApp

It is ProxyPassReverse that modifies Location headers in HTTP 302 responses.

You may have a perfectly good reason to use mod_proxy_html, but remember that it's use implies
parsing of the entire HTML contents returned by the proxy in order to rewrite the links within
the HTML.

I believe that although hostnames are case insensitive, URL paths are, at least on Unix.

I would recommend you use LiveHTTPHeaders (Firefox) or HTTPWatch (MSIE) to get a trace of
what happens during the sign-on/redirect sequence and post that trace. That will help pin-pointing
exactly what is going on.

-ascs

-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@issintl.com] 
Sent: Tuesday, August 09, 2005 11:54 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

One more thing, here is how my configuration looks like:
LoadFile	modules/zlib.so
LoadModule	publisher_module	modules/mod_publisher.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadFile    modules/iconv.dll
LoadFile    modules/libxml2.dll
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html.so

    ProxyPass /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyPassReverse /MyApp http://wd-prtlsrv1:8080/myapp/
    ProxyHTMLURLMap http://wd-prtlsrv1:8080/myapp 	/MyApp/

    ProxyPass /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyPassReverse /SingleSignOn https://wd-cassrv1:8443/SingleSignOn
    ProxyHTMLURLMap	 https://wd-cassrv1:8443/SingleSignOn	/SingleSignOn


-----Original Message-----
From: Shahzad Bhatti 
Sent: Tuesday, August 09, 2005 4:47 PM
To: Shahzad Bhatti; users@httpd.apache.org
Subject: [users@httpd] mod_proxy/mod_proxy_html


> Hello,
>    I am trying to setup Reverse Proxy Server on Windows 2003 machine. I am using Apache
2.0. 
	The application uses a single-sign-on software, which redirects to the application upon successful
	authentication. So, the user first accesses 
		http://extranet.myserver.com/myapp, which is name of apache reverse proxy server. It redirects
to the 
	single-sign-on application
	https://extranet.myserver.com/sso
	Now, internally the application uses internal server names, so after successful login, the
sso application uses
	302/Location field in the header to redirect to the application server. However this is not
caught by mod_proxy
	and user can't access to the application. Is there any way to catch this at the reverse proxy
so that it can rewrite
	the internal server name.
> Thanks in advance.
> 
> Regards,
> Shahzad Bhatti
> Integrated Software Specialists
> http://www.issintl.com
> 1901 North Roselle Road, Suite 450
> Schaumburg, IL 60195
> Phone: 847-558-5342
> Fax: 847-240-5073
> 
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message