allow-origin not working for multiple domains on apache2 - apache

I am trying to allow only certain domains to access the source. When I am inserting
Header Set Access-Control-Allow-Origin "domain.tld" it works perfectly.
When I try it for multiple domains, it does the opposite. It allows any domain but not cors.domain.tld:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
ServerName map.domain.tld
ServerAlias map.domain.tld
<Proxy *>
SetEnvIf Origin "http(s)?://(www\.)?(cors.domain.tld|staging.google.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
What do I do wrong?
Thanks!

I figured it out, I had to set --no-cors on the my docker image, where I proxy the domain to. Now it works fine.

Related

Directory listing behind a reverse proxy in apache

I am trying to run a directory listing through a reverse proxy in apache. Current OS is Ubuntu. My issue is I can get to my directory listing just fine but opening any listed folder throws a 404. Here is my current configuration
ProxyRequests Off
ProxyPreserveHost on
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass /opendir http://192.168.1.7
ProxyPassReverse /opendir http://192.168.1.7
Header always unset X-Frame-Options
So an example of what's happening. If I got to www.myserver.com/opendir I see the folders as expected. If I click on one of the folders it redirects me to www.myserver.com/folder_name and throws a 404. Not sure how to over come this.
Simply adding a / to the directory names solved my issue
ProxyRequests Off
ProxyPreserveHost on
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass /opendir/ http://192.168.1.7/
ProxyPassReverse /opendir/ http://192.168.1.7/
Header always unset X-Frame-Options

Why following proxy does not bypass X-Frame-Options header?

I need to show some sites in a iframe and I cannot do that directly as some of those sites have the header X-Frame-Options set to 'SAMEORIGIN'. As a way to bypass this I tried using an reverse proxy in apache. Below is the my apache configuration
<VirtualHost *:80>
ServerName google.local
ProxyRequests Off
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
But still I cannot load the site in iframe and I am getting the error Load denied by X-Frame-Options: https://www.oracle.com/index.html does not permit cross-origin framing.
The issue with the above configuration was that the proxy only worked for http protocol. But as seen in the console error message the external site actually redirect http to https automatically.
So to handle the https requests all it was needed to enable ssl in apache and turn on SSLProxyEngine. To do that,
run sudo a2enmod ssl on terminal
add the line 'SSLProxyEngine On' to the above config
<VirtualHost *:80>
ServerName google.local
ProxyRequests On
ProxyPreserveHost Off
SSLProxyEngine On
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
</VirtualHost>

Tableau Reverse Proxy Issue

I want to make Tableau (which is on an internal network) accessible on the public network. One of the ways recommended by Tableau Support is a Reverse Proxy.
I have set up the required modules and have the reverse proxy functioning. The login page is available through these settings in httpd given below. However, once I log in and want to open Projects, Views etc. It routes to
http://actualsite.com/#/vieworproject
which should actually be http://actualsite.com/tableauaccess/#/vieworproject.
Here is the httpd configuration:
ProxyPass /tableauaccess/ http://tableauserverexample.com/
ProxyPassReverse /tableauaccess/ http://tableauserverexample.com/
<Location /tableauaccess/>
Order deny,allow
Allow from all
ProxyHTMLURLMap / /tableauaccess/
</Location>
This doesnt solve the main issue with #. I tried
ProxyPass /#/ http://tableauserverexample.com/#/
ProxyPassReverse /#/ http://tableauserverexample.com/#
But it doesnt help. Any suggestions?? Thanks!
We had this same issue recently. Your httpd.conf file is technically correct for mod_proxy, however the url you are attempting to use is not supported by Tableau. You cannot use:
http://actualsite.com/tableauaccess
But rather you must use the format:
http://tableauaccess.actualsite.com
We ended up setting up that sub-domain name and then using a VirtualHost block such as:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName actualsite.com
DocumentRoot "/path/path2/pathx"
</VirtualHost>
<VirtualHost *:80>
ServerName tableauaccess.actualsite.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://tableauaccess.actualsite.com/
ProxyPassReverse / http://tableauaccess.actualsite.com/
<IfModule mod_cache.c>
CacheDisable *
</IfModule>
RequestHeader set X-Forwarded-Proto "http" #or "https", depending on preference
</VirtualHost>
Be sure to double-check your Tableau server to update the URL format.
Sources:
https://community.tableau.com/thread/198095
https://community.tableau.com/thread/218678
(I don't have enough reputation points to post all of my sources, but thanks to Tableau community, shanemadden at ServerFault, and the Apache documentation.)
edit: forgot trailing slashes

How to forward only *.jsp or *.do requests to Tomcat using mod_proxy?

I am using mod_proxy module to forward all requests for one of my domain to be served by Tomcat. However I want to forward only requests ending *.jsp or *.do or *.something to Tomcat and rest (e.g. *.html, *.php, *.png) to be served by Apache server. How to achieve that using mod_proxy?
Following is sample httpd.conf config that I am using currently:
<VirtualHost *:80>
DocumentRoot /usr/share/tomcat6/webapps/mywebapp
ServerName example.com
ServerAlias www.example.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
I know that you had found the answer but I write this answer for others that maybe need it:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ProxyPass / ajp://localhost:8009/
ProxyPassMatch ^/(.*\.do)$ ajp://localhost:8009/$1
ProxyPassMatch ^/(.*\.jsp)$ ajp://localhost:8009/$1

Apache, include correct "Server" header when proxying

I got the following section in mine httpd.conf
<virtualhost *>
ServerName my.domain.com
ProxyRequests off
ProxyPass / http://192.168.1.193/
ProxyPassReverse / http://my.domain.com
</virtualhost>
The problem is that apache replaces the "Server" header with it's own IP address.
How do I force it to use "my.domain.com" in the server header?
ProxyPreserveHost On