Apache mod-proxy modify header as Forward Proxy - apache2.4

i'm using apache server as proxy in order to add some custom headers to the request forwarded to a website on the internet. I want apache like a man in the middle. The browser send a request, apache receives it, it add some headers and then apache forward the request to the original request endpoint.
Instead of:
browser ---> website
I want:
browser --> apache add headers --> website
How can i achieve my goal in the simplest way?
I tried as forward proxy but the header is not added
<VirtualHost *:*>
ProxyRequests On
ProxyVia On
<Proxy *>
Require all granted
</Proxy>
Header set header "headerValue"
RequestHeader set header2 "header2value"
</VirtualHost>
then i tried as reverse proxy but the website couldn't load some static resource 'cause the Host header was overrided with the proxy Host.
<VirtualHost _default_:82>
ProxyPreserveHost Off
ProxyRequests Off
ProxyVia On
ProxyTimeout 300
<Proxy *>
Allow from all
</Proxy>
ProxyPass /something/something/ http://externalwebsite.com/something/something/
ProxyPassReverse /something/something/ http://externalwebsite.com/something/something/
</VirtualHost>
RequestHeader set header2 "header2value"
Can you help me pls?
Thank you very much

Related

Apache load-balancer: direct to specific application based on URL

I have multiple applications deployed in Tomcat's webapps folder (app1.0, app1.1, app1.2 etc.). When I hit www.example.com:8080/app1.0, the corresponding application appears.
But how to do it on the load-balancing server? For instance, I have a website on which I can click a button (app1.0, app1.1, app1.2 etc.) and an URL pops up like: www.lb.com/app1.0/.../... How to direct to the app based on application version in URL? Use RewriteCond and regex and pass it to ProxyPass? I don't really how to script it, anyone could help? :)
Edit: This is what I done for the 2 apps for 1 Tomcat and 2 apps for 2 Tomcat, but I got 404 sometimes because the Tomcat that has another version has been chosen by the load-balancer.
<VirtualHost *:80>
#Add a http header to explicitly identify the node and be sticky
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
#Declare the http server pool
<Proxy "balancer://plf">
BalancerMember "http://worker1.com:8080" route=worker1
BalancerMember "http://worker2.com:8080" route=worker2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=bybusyness
</Proxy>
#Common options
ProxyRequests Off
ProxyPreserveHost On
#Declare the redirection for the http requests
ProxyPassMatch "/app(.*)" "balancer://plf/app$1"
ProxyPassReverse "/app(.*)" "balancer://plf/app$1"
This is how I did it:
1) define a balancer proxy:
<Proxy balancer://portalcluster stickysession=JSESSIONID>
BalancerMember ajp://TOMCATSERVER1:8009 route=TOMCARSERVER1-0
BalancerMember ajp://TOMCATSERVER2:8009 route=TOMCATSERVER2-100
</Proxy>
2) proxy to it in your VirtualHost:
Listen 443
<Virtualhost *:443>
ServerName example.com
Alias /static /var/www/portalstatic
ProxyPass /static !
ProxyPass / balancer://portalcluster/
ProxyPassReverse / balancer://portalcluster/
</Virtualhost>
NB I removed a lot of configuration from these, that are not related to the question (logs, deny clauses, certificate directives, ...). This is just to illustrate the way I did the proxy.
NB2 I did leave the /static trick since this is usually something you will want to do. Static files must stay on the HTTP, and not send them from Tomcat all the time.

How to hide url's port number with Apache mod_proxy?

hi guys i wanna ask about apache mod_proxy.
really try hard to find how to convert url adress but no result yet.
so here is problem.
request URL and service URL: www.mbc.com:10800
i want to show browser adress bar like this 'www.mbc.com'
webserver : linux + apache and virtualhost.
httpd.conf
<VirtualHost *:10800>
ProxyRequests Off
ProxyPreserveHost On
SSLEngine on
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
ProxyPass / https://www.mbc.com:10800/
ProxyPassReverse / https://www.mbc.com/
</VirtualHost>
this configuration is not working. which configuration changed?
The port is shown in the URL bar if it is not the standard port. To make it vanish you need to use the standard port for your server, i.e. 80 for http and 443 for https:
<VirtualHost *:80>

apache 2 proxypassreverse appends virtualhost port

I have been trying to setup a reverse proxy using apache 2 mod_proxy and the proxypass & proxypassreverse directives.
I am installing WSO2 Identity Server and wish to access that app using a url such as the following .
hxxp://myserver.domain.com/wso2/
The myserver.domain.com is accessible on the internet
Internally on my network I have set up a virtualhost running in my apache2 configuration with the following parameters:
For various reasons, port 80 is unavailable and the virtualhost must stay as :8080.
Finally, here is my virtual host configuration
<VirtualHost *:8080>
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>
The issue:
I can use my web browser ( Firefox/Chrome) to request the http://myserver.domain.com/wso2/ resource. In my log files I see that the request does hit the apache server and the virtualhost catches the /wso2/ location.
It passes through the proxy and lands on the internal.wso2.node server. however, the product WSO2 IS preforms several redirects which, in the log files I see it requesting the resource with the port appended.
Here is the request flow
hxxp://myserver.domain.com/wso2/ -> hxxps://internal.wso2.node:9443/
REDIRECT x3
hxxps://internal.wso2.node:8080/carbon ->
hxxps://internal.wso2.node:8080/carbon/admin/login.jsp
Back to my web browser
hxxp://myserver.domain.com:8080/wso2/carbon/admin/login.jsp
For some reason the apache response back appends its virtual host to the url I am requesting.
If I remove the port:8080 and request again the full url it will access the resource fine. However any attempt to access using only http://myserver.domain.com/wso2/ will result in redirects and the port appended.
As per covener's suggestion the culprit in this case proved to be the following directives:
UseCanonicalName Off
UseCanonicalPhysicalPort Off
Additionally, the web app I am trying to access makes use of sessions and cookies, therefore we must also proxy those, see the added directives under the ProxyPass & ProxyPassReverse.
Therefore the updated virtualhost configuration file should now look like this
<VirtualHost *:8080>
ServerName: myServer.domain.com
UseCanonicalName Off
UseCanonicalPhysicalPort Off
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
ProxyPassReverseCookiePath / /wso2/
ProxyPassReverseCookieDomain internal.wso2.node myserver.domain.com
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>

Configure Apache to avoid cross domain call with Dart

I'm trying to configure Apache using mod_proxy to develop a Dart web app locally, but I can't seem to get it set up correctly.
In my httpd.conf I've enabled the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Include conf/extra/httpd-vhosts.conf
In httpd-vhosts.conf I tried to set up what I needed, but it doesn't seem to be working. I've got a spring web app I'm running from Eclipse with Jetty. So that is on http://localhost:8080. Then I run Dart from the Dart Editor, and it ends up being on 127.0.0.1:3030 (although the total path of a request like "login" is: http://127.0.0.1:3030/C:/Users/CorayThan/dart/BlightedRealmUi/web/out/login).
Either way, I'm trying to get apache to redirect my requests from 127.0.0.1:3030 to localhost:8080. I've tried to do that like this in httpd-vhosts.conf:
<VirtualHost *:80>
ServerAdmin test#localhost
ServerName 127.0.0.1:3030
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
ErrorLog "logs/proxy-error.log"
</VirtualHost>
But it doesn't seem to be working at all. Can anyone suggest how I can fix it, or suggest a better way to do this in the first place? (I don't want to use CORS or Jsonp, I just want an easy cross-browser compatible hack for development.)
I'm not sure you can do this, your VHost would have to listen on 3030, not 80 as you have above to perform the proxy function which it can't do as Dart is using this port, below is an extract from a Vhost file I use to proxy from Dartium to a CouchDb server to allow a browser based couchdb client access using CORS, this may not be what you want though :-
<VirtualHost *:8080>
<Proxy http://141.196.22.210:5984>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^OPTIONS
Header set Access-Control-Allow-Origin http://127.0.0.1:3030
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers Content-Type
Header merge Access-Control-Allow-Headers Authorization
Header merge Access-Control-Allow-Headers Destination
Header set Access-Control-Allow-Methods GET
Header merge Access-Control-Allow-Methods POST
Header merge Access-Control-Allow-Methods PUT
Header merge Access-Control-Allow-Methods OPTIONS
Header merge Access-Control-Allow-Methods DELETE
Header merge Access-Control-Allow-Methods HEAD
Header merge Access-Control-Allow-Methods COPY
Header set Access-Control-Max-Age 3600
ProxyRequests off
ProxyPreserveHost Off
KeepAlive Off
ProxyPass / http://141.196.22.210:5984/ nocanon
ProxyPassReverse / http://141.196.22.210:5984/
</VirtualHost>
So, when my client app logs in to Couch it uses 141.196.22.210:8080.
I had the same problem and I solved it by creating a virtual host with a proxy for both tomcat and for the dart application. Roughly, here is my virtual host:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName dartapp
<Location "/tomcat-application-context/">
ProxyPass "http://localhost:8080/tomcat-application-context/"
ProxyPassReverse "http://localhost:8080/tomcat-application-context/"
</Location>
<Location "/dart/">
ProxyPass "http://127.0.0.1:3030/"
ProxyPassReverse "http://127.0.0.1:3030"
</location>
</VirtualHost>
Normally when you "Run in Dartium" you'll access the app with the full path to your dart app:
http://127.0.0.1:3030/full/path/to/web/app.html
Instead, access your apache virtual host with your /full/path/to/web/app.html prefixed with your proxy location (i.e. /dart/full/path/to/web/app.html):
http://dartapp:80/dart/full/path/to/web/app.html

Apache proxy with ssl not show basicauth dialog from back-end

I have a Apache proxy which serve the ssl for the client. The Apache then proxy to a plain http tomcat server.
Listen 7777
<VirtualHost *:7777>
ServerName my.server.com
SSLEngine on
SSLCertificateFile /some.crt
SSLCertificateKeyFile /some.pem
SSLProxyEngine on
# Replace HTTP response headers (http to https)
Header edit Location ^http:(.*)$ https:$1
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://my.server.com:8888/
ProxyPassReverse / http://my.server.com:8888/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Everything is working fine but when I access
https://my.server.com:7777/jmx-console
I get a
http status 403 Access to the specified resource () has been forbidden.
If I access the backend directly
http://my.server.com:8888/jmx-console
I get the basic authentication dialog
I want the Apache to show the backend basic authentication dialog from tomcat. What am I missing?
Perhaps you need to use 'proxy-chain-auth':
SetEnv proxy-chain-auth On
AuthType basic
AuthBasicAuthoritative Off