I have the following NGINX configuration:
location ~* ^/([a-zA-Z0-9]+)$ {
set $upstream_endpoint http://10.0.0.31;
proxy_pass $upstream_endpoint;
rewrite ^/(.*) /?discount=$1 break;
}
And I can see the following logs from NGINX
172.21.0.1 - - [27/Jun/2022:07:23:11 +0000] "GET /?discount=prom HTTP/1.0" 200 161 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"
Which means the NGINX forwarded the client request as expected. However, from the client side cannot the "discount" parameter.
I am expecting the address to change from http://10.0.0.31/promo22 to http://10.0.0.31/?discount=promo22.
What is missing? Thanks for your time
Related
I have a Static Site written with Gridsome that I would like to deploy to my LAMP server running Apache 2.4. Looking on line I have tried several solutions including a 200.html in the directory and adding a .htacces file in the directory with contents -
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
But site does not load correctly(no css, js) and all Product pages come back 404 Not Found. I see in console that css and js files are all coming back 404 codes.
Here are Apache logs:
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /furniture/ HTTP/1.1" 200 3894 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/css/0.styles.be923654.css HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/app.f3ee1f73.js HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/page--src-pages-index-vue.aca59de8.js HTTP/1.1" 404 491 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/app.f3ee1f73.js HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/page--src-pages-index-vue.aca59de8.js HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/static/favicon.ac8d93a.5667663fadd9573f98b6a9c36dd676aa.png HTTP/1.1" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/page--node-modules-gridsome-app-pages-404-vue.0ed1ba31.js HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/page--src-pages-about-vue.de5a1202.js HTTP/1.1" 404 490 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:07 -0500] "GET /assets/js/page--src-templates-product-vue.05ad6ad3.js HTTP/1.1" 404 491 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
And when I try to go to one of the Product Pages -
172.16.178.62 - - [16/Jan/2020:13:24:52 -0500] "GET /products/strul-rug/ HTTP/1.1" 404 491 "http://172.16.178.9/furniture/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
172.16.178.62 - - [16/Jan/2020:13:24:52 -0500] "GET /favicon.ico HTTP/1.1" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
Update: I see the problem. When looking at dev console network all the URI requests are:
Request URL:http://172.16.178.9/assets/css/0.styles.be923654.css
Request Method:GET
They should be
http://172.16.178.9/furniture/some/asset/to/get
How can one rectify this? thanks..
If it's just a html file, there is no reason that apache would not be able to serve it, but as you have modified .htaccess make sure that apache .conf file allows you to override to directory level htaccess files.
I mean does your server's conf allow you to oberride the htaccess? there should be a line similar to following in your main apache conf file (located by default at /etc/apache2/apache2.conf):
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In general I am not sure why you even need htaccess file if all you are trying to serve are static HTML and CSS,JS files.
Turns out real simple. I needed to add pathPrefix property to gridsome.config.js to make build include /furniture in URI's.
// gridsome.config.js
module.exports = {
siteName: "Ecommerce & Gridsome",
pathPrefix: "/furniture",
templates: {
Product: "/products/:title" // Set route for allProduct node's
}
};
I am running an OpenClinica install on my webserver and experience the following problem on Google Chrome only:
I access the landing page
I log into the root (or any other) account
On the logged in overview, I click any link (eg. list all patients)
I get logged out and thrown back to the landing page
This happens only on Google Chrome. Here are the relevant entries from the access.log - can anyone make sense of these? I don't have any knowledge of HTTP status codes.
[03/Sep/2019:13:29:09 +0200] "POST /OpenClinica/j_spring_security_check HTTP/1.1" 302 328 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/favicon.ico HTTP/1.1" 304 177 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/MainMenu HTTP/1.1" 200 8269 "http://my-url.com/OpenClinica/favicon.ico" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /favicon.ico HTTP/1.1" 302 421 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /OpenClinica/pages/login/login;jsessionid=EA92FE865CF5345428D7538D18871D99 HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Click on List all patients
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/ListStudySubjects HTTP/1.1" 302 272 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /favicon.ico HTTP/1.1" 302 422 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login;jsessionid=9625D469100D1871538197FE241DECCB HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/RssReader HTTP/1.1" 200 757 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Now I do have some whacky redirect rules, which I think are the root cause of the problem. They were written as a fix to a different problem - when logging in to the system, instead of regularly looking at the favicon, the browser (any browser) would attempt to OPEN the favicon.ico as a picture, leading to, depending on the browser, a 404 page or the favicon being opened as a picture full screen. Here are the redirect rules:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName www.my-url.com
ProxyPreserveHost On
ProxyPass /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPass /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPass / http://localhost:8080/OpenClinica/
ProxyPassReverse / http://localhost:8080/OpenClinica/
</VirtualHost>
Not used the specific application. As I see it, if you login while on / and you receive a cookie that is for /OpenClinica/ then: clicking on a relative link (that will keep you on /) would prevent the browser from re-sending the received cookie to the server.
I would replace the last 2 entries with something like:
RedirectMatch ^/$ /OpenClinica/
I did not exactly understand the issue with favicon but maybe you want to apply the same rule there.
Note: For RedirectMatch to work , mod_alias should be enabled.
Another thing: I see ProxyPreserveHost enabled. This means that OpenClinica should be aware of its external host name.
So that server is listening to port :80, but those proxy rules are all on port :8080 ... while I merely wonder why you need to configure proxy rules on localhost?
Just drop all of them and ignore the favicon issue meanwhile... the jsessionid being passed along with the URL rather hints for the server not handling the session properly, because such ID usually belongs into the request headers; putting them into the URL is the fallback option (because anyone who can see the logs can hijack these sessions, while in progress... no need for a password). With HTTPS it's not that bad, but on HTTP this is also visible in eventual proxy logs.
Honestly, I don't think this is a Chrome problem, but rather the vhost configuration and/or sessions problem.
It seems to stem from the vhost not having a DocumentRoot directive - and so it will inherit the global configuration, which seems to be one level above /OpenClinica.
I have a web application called routers2.cgi which I am trying to proxy via an Apache 2.4 proxy server which does not work at the moment.
Direct URL to the web application server
http://lab.server.com/cgi-bin/routers2.cgi
Reverse proxy URL
https://prod.server.com/routers2
Configuration vhosts.conf from prod.server.com
# routes2.cgi
ProxyPass "/routers2" "http://lab.server.com/cgi-bin/routers2.cgi"
ProxyPassReverse "/routers2" "http://lab.server.com/cgi-bin/routers2.cgi"
ProxyPass "/rrdicons" "http://lab.server.com/routers2/rrdicons"
ProxyPassReverse "/rrdicons" "http://lab.server.com/routers2/rrdicons"
ProxyPass "/graphs" "http://lab.server.com/routers2/graphs"
ProxyPassReverse "/graphs" "http://lab.server.com/routers2/graphs"
Reverse proxy log samples
192.168.1.10 - - [13/Jun/2017:06:40:37 +0000] "GET /routers2 HTTP/1.1" 200 3481
192.168.1.10 - - [13/Jun/2017:06:40:37 +0000] "GET /rrdicons/routers2.css HTTP/1.1" 304 -
192.168.1.10 - - [13/Jun/2017:06:45:57 +0000] "GET /routers2 HTTP/1.1" 200 3481
192.168.1.10 - - [13/Jun/2017:06:45:57 +0000] "GET /rrdicons/routers2.css HTTP/1.1" 304 -
Sample URL from web application access log when accessing directly (no reverse proxy)
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /routers2/graphs/devicessystem1.cfg-10.10.1.1_13-ws-x3.png HTTP/1.1" 200 27025 "http://lab.server.com/cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=graph&xgstyle=x3&xmtype=routers" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=menub&xgstyle=x3&if=_summary_&xmtype=options HTTP/1.1" 200 12437 "http://lab.server.com/cgi-bin/routers2.cgi" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
192.168.1.9 - - [13/Jun/2017:05:50:46 +0000] "GET /cgi-bin/routers2.cgi?rtr=devices%2Fsystem1.cfg&bars=Cami&xgtype=w&page=menu&xgstyle=x3&xmtype=routers HTTP/1.1" 200 7847 "http://lab.server.com/cgi-bin/routers2.cgi" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
Web application log via reverse proxy
prod.server.com - - [13/Jun/2017:07:21:58 +0000] "GET /cgi-bin/routers2.cgi/ HTTP/1.1" 200 3481 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
prod.server.com - - [13/Jun/2017:07:21:58 +0000] "GET /routers2/rrdicons/routers2.css HTTP/1.1" 304 - "https://prod.server.com/routers2/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0"
Does my vhosts ProxyPass and ProxyPassReverse configuration look correct?
Do I need something extra since we are proxying a cgi script?
I've been having trouble getting Windows clients to register with the system. I've added this to the SSL Reverse Proxy Server:
ProxyPass /emm-web-agent http://172.16.1.82:9763/emm-web-agent
ProxyPassReverse /emm-web-agent http://172.16.1.82:9763/emm-web-agent
Where 172.16.1.82 is the IP address of my MDM server.
In the Apache log's I'm seeing this:
172.16.1.149 - - [21/Jun/2016:16:35:02 -0500] "GET /EnrollmentServer/Discovery.svc HTTP/1.1" 200 3961 "-" "ENROLLClient"
172.16.1.149 - - [21/Jun/2016:16:35:02 -0500] "GET /EnrollmentServer/Discovery.svc HTTP/1.1" 200 181 "-" "ENROLLClient"
172.16.1.149 - - [21/Jun/2016:16:35:02 -0500] "POST /EnrollmentServer/Discovery.svc HTTP/1.1" 200 1578 "-" "ENROLLClient"
172.16.1.149 - - [21/Jun/2016:16:35:04 -0500] "GET /emm-web-agent/enrollments/windows/login-agent?appru=ms-app%3A%2F%2Fwindows.immersivecontrolpanel&login_hint=JeffR%40mydomain.com&username=JeffR%40mydomain.com HTTP/1.1" 302 4281 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; MSAuthHost/1.0/In-Domain; rv:11.0) like Gecko"
172.16.1.149 - - [21/Jun/2016:16:35:04 -0500] "GET /emm-web-agent/enrollments/error/unintentional-request HTTP/1.1" 302 389 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; MSAuthHost/1.0/In-Domain; rv:11.0) like Gecko"
Where 172.16.1.149 is the client computer.
I've tried various things, including rewriting the URL. I'm not sure why it is giving the 302 error back from the emm-web-agent server.
Am I missing something in my configuration? Thanks....
There should be issue in your server certificate.The server SSL certificate must be domain specific.The wildcard SSL certificate (for
example, a certificate for *.hutchgov.com instead of enterpriseenrollment.hutchgov.com) is not accepted by the device.This Web authentication broker request(WAB) url is first https request which is coming from the device.If you can take a CA singed certificate for your domain(enterpriseenrollment.hutchgov.com),It would be resolved the issue.
I recently installed an SSL certificate to secure our phpmyadmin login and data, since it is on the public internet. This worked fine, but after successfully logging in over HTTPS this message appears in a pink box:
Error in Processing Request
Error code: 403
Error text: Forbidden
It cannot be clicked away and nothing else works, the only option is to log out again. At the same time, Apache starts logging a flood of 403 errors for /phpmyadmin/error_report.php?ajax_request=true in the access log:
123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "POST /phpmyadmin/db_structure.php?ajax_request=1&favorite_table=1&sync_favorite_tables=1&token=-censored- HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=1433908072362921249 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:27 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=143390807256911515 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
....etc
My Apache config for the directory looks like this:
<Directory /var/www/www.--censored--.org/>
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Using Ubuntu 14.04 LTS with manually installed phpmyadmin 4.4.7, Apache 2.4.7 and PHP 5.5.9, SSL certificate from Comodo SSL.
Very grateful for any help, all I have been able to find so far are recommendations to set allow from all, which I have done, or suggestions that AJAX and SSL are incompatible. Since phpmyadmin is completely based on AJAX, does this mean that it is impossible to run over HTTPS?
Thanks!