We are using Apache 2.4.48 and a module that Oracle provides (the "WebLogic Plugin for Apache" - I guess equivalent to ProxyPass/ProxyPassReverse, but more WebLogic specific) to proxy some endpoints that are on WebLogic server. The configuration was setup awhile ago, and I am trying to understand the behavior of the directive.
In the Apache ssl.conf, we have (for example):
<VirtualHost _default_:443 _default_:14101>
<Location />
WLSRequest On
SetHandler weblogic-handler
WebLogicCluster XXX01.foo.com:14101,XXX02.foo.com:14101,XXX03.foo.com:14101,XXX04.foo.com:14101
WLCookieName OAMSESSIONID
SecureProxy ON
WLSSLWallet "/apps/products/apache/2.4.46/instances/apache_oam/conf/certs/wallet"
#RequireSSLHostMatch false
Debug OFF
WLLogFile "/apps/products/apache/2.4.46/instances/apache_oam/logs/oam_location.out"
</Location>
<Location /service/show>
SetHandler default-handler
WLSRequest Off
AuthType None
Require all granted
Header always set Access-Control-Allow-Origin %{ACAO}e env=ACAO
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Origin, Content-Type, Accept, Authorization"
</Location>
.
.
.
### Cert Check ###
ScriptAlias /certcheck "/apps/products/apache/instances/apache_oam/cgi-bin/certcheck"
<Location /certcheck>
SSLVerifyClient optional_no_ca
</Location>
### End Cert Check ###
</VirtualHost>
I (probably mistakenly) always thought that, in Apache configuration, the more specific directive would take precedence over the less specific, but, when I test with the above, the
<Location />
appears to cause EVERY request to be proxied to the backend servers, even though the "<Location /certcheck>" is "more specific".
Because of this, the /certcheck, which is supposed to be a local resource, is causing the request to be proxied to the backend, instead of serving from the local resource.
Can someone explain why this is happening?
Also, if what we WANTED was to proxy every request/URI UNLESS we specify the URI in a "<Location /xxxx>", how can we accomplish this?
Thanks,
Jim
Related
I want to check my logic with you experts to check if it is correct.
What do I want to do?
Requests to Location search of suggest are send to Proxypass.
Proxypass connection is passed through the proxy with the Proxy Remote directive
Will that eventually work?
How can see if the proxy is being used?
ProxyRemote "https://website.com/query/search/" "http://proxy.com:8080"
ProxyRemote "https://website.com/query/suggest/" "http://proxy.com:8080"
<Location "/search">
RequestHeader set Auth-Key "test"
ProxyPass https://website.com/query/search/
</Location>
<Location "/suggest">
RequestHeader set Auth-Key "test"
ProxyPass https://website/query/suggest/
</Location>
Try adding LogLevel proxy:trace5 above the ProxyRemote entries.
Then check the apache2 logs (usually /var/log/apache2/access_log) for [proxy:...] entries: specifically look for [...] connecting https://website.com/[...] to website.com:443.
Don't forget to remove the LogLevel entry again, proxy:trace5 is pretty verbose.
I have to set connection properties on an Apache 2.4 Proxy which only uses the ProxyPassRerverse directive instead of the ProxyPass directive which accepts additional parameters like lim, max, ttl, timeout ...
<Location /postbox-sdd/>
LuaHookTranslateName /etc/httpd/conf.d/hooks.lua map_xxx_to_postbox early
ProxyPassReverse /postbox-sdd/
Session On
SessionEnv On
SessionCookieName cfsession path=/
SessionCookieName2 session path=/;domain=localhost;httponly;secure;version=1;
SessionHeader X-Replace-Session
SetEnv HTTPS on
RequestHeader edit Destination ^http: https: early
Header add referer "https://postbox.xxx"
RequestHeader set referer "https://postbox.xxx"
Header unset CACHE-CONTROL
RequestHeader unset CACHE-CONTROL
</Location>
When i try to use the ProxySet directive (for example ProxySet ttl=20) after the ProxyPassReverse line i end up with an error because i don't know the worker name. Is there a default worker name or is it possible to set one?
ProxySet can not find 'ttl=20' Worker
The reason for doing this is to use a kind of connection pooling to the destination system postbox.xxx. I want to reuse existing connections for new requests instead of permanent open/close for every new request.
Thanks for help
I am trying to proxy a SCORM entry point on my LMS to the content on another LMS. The manifest resource href looks like:
https://example.com/training/rest/of/the/content/link?key=value
And in my httpd.conf, I have the following:
SSLProxyEngine on
RewriteRule ^proxy:.* - [F]
ProxyPass /training/ https://theirsite.com/
ProxyPassReverse /training/ https://theirsite.com/
<Location /training/>
SetOutputFilter proxy-html
Header add referer https://theirsite.com/
Header set Accept-Ranges none
RequestHeader set referer https://theirsite.com/
RequestHeader unset Accept-Encoding
ProxyHTMLEnable on
ProxyHTMLExtended on
ProxyHTMLURLMap / ppt/
ProxyHTMLURLMap https://example.com/ ppt/
ProxyHTMLURLMap https://example.com/training/ ppt/
ProxyHTMLURLMap ppt/ https://example.com/training/
</Location>
The problems I am having are this:
The value in my manifest href is correctly hitting the content host (so my proxy values are correct), but are not returning to https://example.com/training/, they are returning to https://example.com, which leads to my next problem.
I am having to map all of the URLs when the body returns to me, which is not a problem, except the client host is actually using a third-party for a particular JS library, and mapping / to a standardized value so I can then re-standardize the entire body back to https://example.com/training/, is breaking that particular link.
I have tried various rewrites and substitutions, but I feel I may be missing a key component on this proxying business :/
We have an Apache web server that receive user requests. It only allows https connections JkHTTPSIndicator HTTPS. But now we have a new requirement, which will allow a particular url pattern like /myurl on http via Apache. That is, we want Apache to only accept http if a particular url pattern is thrown at it.
You can use a Location block to restrict/allow access
http://httpd.apache.org/docs/2.2/sections.html
I'm not quite sure if this is what you want, but you could block the root location:
<Location />
Deny from all
</Location>
And then add a location to allow
<Location /myurl>
Allow from all
</Location>
The above suggestion did not work for me with Apache 2.2.15. I had to do something different although still along the lines suggested above:
<VirtualHost *:80>
...
<Location / >
Require all denied
</Location>
<Location /my-dir>
Require all granted
</Location>
</VirtualHost>
Okay, I've been struggling on development because of this cross domain restriction on my php-angular application development.
I am using yeoman to scaffold my application thus it has a grunt task of server which opens an http server at port 9001
Now I have created a REST-like api in php as my backend to provide service to my angularjs application.
During development I always create a dummy data in instead of using that api I made because I cannot make those two separate things together, then after I am finish building the front end, I will build it and copy to the folder of the api, so I can now test it to work together, which is really not so efficient and fast for development.
Now I came across this article
That taught how to make those two work together, but I think I failed to understand and failed to do it properly.
Here is my configuration for a site-available in apache.
<VirtualHost *:80>
ServerName foo.dev
ServerALias www.foo.dev
DocumentRoot /var/www/html/foo
ProxyPass /api/ http://foo.dev/api/ retry=0 timeout=30
ProxyPass / http://localhost:9001/ retry=0 timeout=30
<Directory "/var/www/html/foo">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
What happens now, is that http://foo.dev now works, just like what I see in localhost:9001, but it cannot access http://foo.dev/api
What is wrong in my setup. Thanks!
If you backend has created with PHP, you will need create a .htaccess file in the root directory of you PHP.
Set this:
<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type"
</ifModule>