We needed to implement SSL for our Zabbix monitoring frontend and it's caused havok on some of our backend scripting (which would be more trouble than it's worth to fix).
I'm currently working under the theory that I should be able to use some redirection magic in order to:
Access our normal Zabbix Frontend via HTTPS
Access our API via HTTP (this is the key hangup right now).
Initially - redirection was easy enough:
<VirtualHost *:80>
ServerName <servername>
RedirectMatch /zabbix/(.*) https://<servername>/zabbix/$1
</VirtualHost>
But this causes all sorts of issues with our API calls needing to still be done via HTTP (which is being done via a scripts calling API values to drive interface selections in other tools). I actually end up getting a 412 response.
So I thought I could maybe do something like this:
RedirectMatch /zabbix/(!api_jsonrpc.php)(.*) https://<servername>/zabbix/$2
While this will still let my API succeed over HTTP, it doesn't redirect my zabbix frontend to HTTPS.
This has been driving me nuts! Any help would be appreciated.
Sample URLS:
https://<servername>/zabbix/zabbix.php?action=dashboard.view
https://<servername>/zabbix/index.php
http://<servername>/zabbix/api_jsonrpc.php
Ultimately - anything that isn't "api_jsonrpc.php" needs redirected to HTTPS, and anything with that value needs to go over HTTP.
We are using Apache 2.2 and upgrading is not currently an option.
Ultimately, the issue I was having was coming down to the fact that you can't really redirect POSTs.
To resolve this, I ended up winning my argument that he library file update (forcing all traffic over HTTPS) and mass push was the only working solution and we're now golden.
You cannot negate strings just by prefixing them with an exclamation mark, lookarounds would have to be used.
I don't think API requests pass any GET parameters - try the following:
RedirectMatch /zabbix/(.*)(?<!api_jsonrpc\.php)$ https://<servername>/zabbix/$1
Related
I'm using Apache and its proxy settings to serve a web page over HTTPS (more detail here: click).
In the previous question, I was struggling with why the POST data was disappearing between my browser and my server. Now I know that it was caused by using Apache's RewriteRule. So I tried working around that with proxies, but this resulted in the web page sending out all other requests on the main domain, instead of the sub domain it's at. For example: My main web page is at myUrl.com/sprinklers. This goes through a proxy, which goes to localhost:8091. The main HTML page loads, but ALL other calls it makes, it makes at myUrl.com/any/path/it/needs, while it should be at myUrl.com/sprinklers/any/path/it/needs.
Sadly, I'm stuck in the middle:
Using RewriteRule means that everything works, but I lose the POST data, which I need.
Using proxies means that the POST data works, but also that I get a ton of 404's, because the web page somehow now expects things to be at the root of the domain, instead of the subdomain it's at.
The trailing slash needs to be there, since without it, the same happens as when I use proxies, I get a ton of 404's for all bits and pieces of the web page.
I tried using ProxyHTMLURLMap in all shapes and forms (all found online), but none worked.
TL;DR:
I need to enable two-way traffic between myUrl.com/sprinklers/.* and localhost:port/.*, while also retaining POST data. How do I do that?
As always, ask and you shall find the answer yourself...
It turned out to be a lot simpler than I imagined. Simply telling RewriteRule to use HTTP code 307 did the trick. Apparently, this is the same as the other redirection codes, but 307 also keeps the POST data.
For those wondering how to do this in Apache:
RewriteRule ^/sprinklers$ /sprinklers/ [R=307]
That's it, fixed.
I have a website in angular using a api. Now i want to create automated landing pages.
My api url is made like this (https://) system.mydomain.com/api - its a rest api using slim framework
now i have created routes for the landing pages like (https://) system.mydomain.com/content/seo-name-of-item
this works but i dont want to show "system.mydomain.com" in this case (so in the URI "content") but then i want it to be (https://) mydomain.com/content/seo-name-of-item or/and (https://) www.mydomain.com/content/seo-name-of-item
what is the best approach to get this behaviour?
Most elegant probably is to use apaches proxy module in combination with rewriting rules. That leaves the URL visible in the browser unchanged but internally proxies the requests between otherwise separate http hosts.
Use such a rule in the hosts www.example.com and/or example.com host:
RewriteEngine on
RewriteRule ^/?content/seo-name-of-item https://system.example.com/api [END,P]
The syntax should work in the real http host configuration or in htaccess style files. But a general hint: you should always prefer to place such rules inside the http servers host configuration instead of using .htaccess style files. Those files are notoriously error prone, hard to debug and they really slow down the server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).
If you get an internal server error with that (http status 500), you might have to replace the END flag with the older L flag.
You need validatable ssl certificates for the externally visible host name, so www.example.com and/or example.com.
You can also decide to use http internally, for the internal proxy connection, since ssl encryption does not really make sense there.
Oh, and obviously you need the proxy module installed.
An alternative would be to use the proxy module only. Take a look at the documentation and examples of the ProxyPass rule: https://httpd.apache.org/docs/current/mod/mod_proxy.html
I'm working on a site which shows lots of images hosted on third party CDN's. Right now, the images are not delivered over SSL. Is there a way to use mod_proxy in htaccess to do something like the following -
https://example.com/imageProxy?url=http://www.example.org/some3rdPartyHostedImage.jpg
Where I could take a given image URL and deliver it via my own server? In this way, I could have the images being served via SSL. I realize the security benefits of this is are a little dubious, but I'm trying to figure out if it is even possible at this point.
Weird your CDN doesn't provide SSL access.
Before continuing you must understand setting up a proxy on your Apache will kill most of the CDN benefits. Otherwise yes, you could make it.
I suggest you use your proxy through a rewrite rule, something in the lines of (examples straight from the documentation):
RewriteRule "/(.*)\.(jpg|gif|png)$" "http://images.example.com/$1.$2" [P]
Or (ref):
ProxyPassMatch "^/(.*\.jpg|gif|png)$" "http://backend.example.com/$1.$2"
We've been struggling with a problem involving a Magento website and a reverse proxy.
Server A is used as a reverse proxy (apache) and redirects incoming subdomain.domain.com/appname to local-ip/appname hosted on server B (apache as well).
What is really weird is that everything works fine on backend. We can login, modify stuff, everything perfectly normal there.
But on frontend nothing works and there is an infinite redirection.
However setting up Magento with local-ip/appname as the base url, and accessing it through subdomain.domain.com/appname (not with local-ip/appname)
works fine if accessed from local network.
As soon as Magento uses adress subdomain.domain.com/appname as base url, frontend gives an infinite redirection error.
If anyone has any input on that we would really appreciate.
Thanks!
For the record, reverse proxy needed the directive
ProxyPreserveHost On
As it is set to Off by default there was an infinite redirection as Magento was trying to access the external address which was transformed as local ip by reverse proxy ans so on.
With ProxyPreserveHost On reverse proxy transmits original url to the website behind him. As a consequence Magento can be set up with external address as base url.
My Question is this
I redirect the form in
Redirect /formviewer/faces/pages/view/viewform.xhtml
///formviewer/faces/pages/view/viewform.xhtml
in Apache Http Server but the form is not redirecting while doing post request from client Side.
So what is it doing?
I rather suspect that its normalising the thing you want to redirect to ///... and considering it the same.
When looking at redirects, there are three things in my list of 'go-to' tools:
curl -I http://..... and look at the response and the Location header. I use this when installing new redirects (it avoids following chained redirects and gives me a better view of what is happening at each step.
Something like Fiddler or a browsers developer tool. Frankly I'd only use this if curl wasn't doing it for me.
Enable the RewriteLog in Apache... I almost never use this, but for your case it may shed some light.
But let's take a step back: why are you wanting to redirect to a path with and extra // prepended (which as I've previously speculated, likely won't work)?