httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruiyuan Jiang <Ruiyuan_Ji...@liz.com>
Subject RE: [users@httpd] Passing remote client IP address to backend server and session stickness
Date Tue, 01 Dec 2009 15:23:59 GMT
Hi, William

For your answer to my question 1, current I use BlueCoat reverse proxy which is passing internet
remote client IP to the backend server. We'd like to migrate the reverse proxy server to Apache
server. The rest network setup has not been changed. 

For your answer to my question2, it is my fault that I did not post all the related statements.
Here they are:

<Proxy balancer://backend>
   BalancerMember https://backend1:443 keepalive=on
   BalancerMember https://backend2:443 keepalive=on
 </Proxy>
 ProxyPass       /       balancer://backend/
 ProxyPassReverse        /       balancer://backend/ stickysession=JSESSIONID|jsessionid

Like I said, the Apache does not stick the https session to one particular server for the
session.

Ryan Jiang

-----Original Message-----
From: William A. Rowe Jr. [mailto:wrowe@rowe-clan.net] 
Sent: Monday, November 30, 2009 9:14 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Passing remote client IP address to backend server and session
stickness

I realize I just answered you, but in response to your explicit and
specific questions;

Ruiyuan Jiang wrote:
> 
> Question 1: Is there a way to pass Internet users' IP address to backend server through
Apache reverse proxy server? I am testing that feature so far no luck. My backend server gets
Apache proxy server's IP address. But I'd like to have Internet users' IP being passed through
Apache. This is http request.

Only if this information has been shared with you by the upstream proxy
or router/gateway/forward proxy.  E.g. - what mod_remoteip is designed
to decode, ---when the information is presented---.

> Question 2: I am testing another Apache reverse proxy which proxies two backend https
servers. I am trying to use mod_proxy_balancer.
> 
> <proxy balancer://mycluster>
> 	Balancermember https://192.168.1.1:443 keepalive=on
> 	Balancermember https://192.168.1.2:443 keepalive=on
> </proxy>
> 
> Proxypass /test balancer:mycluster/
> 
> When I test to access the site, I got login prompt from first server which I saw from
access log. I typed in login name and password. I got the login prompt back but from the log
I saw the connectivity was back from server 2. It seems to me like round robin connection
to backend server by Apache. I tried with keyword "JSESSION" but no luck. Does anyone know
how to configure Apache so the same connection always goes through the same backend https
(http) server. Thanks in advance.

Are you forgetting your ProxyPassReverse statements?  As of the current
version, the syntax above (but wtf happened to your // before mycluster???)
would work just fine for a ProxyPassReverse rule.

> This message (including any attachments) is intended
> solely for the specific individual(s) or entity(ies) named
> above, and may contain legally privileged and
> confidential information. If you are not the intended 
> recipient, please notify the sender immediately by 
> replying to this message and then delete it.
> Any disclosure, copying, or distribution of this message,
> or the taking of any action based on it, by other than the
> intended recipient, is strictly prohibited.

You have emailed a public list.  Your intended individuals are the world.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message