Drupal (Apache) behind Proxy - apache

I have a Drupal 7 site running on an Apache webserver on server A with IP # a.2.3.4. This site A can be accessed and allows login using server A specific DNS.
Recently, this site has been put behind a corporate proxy server B (IP # b.5.6.7) which uses F5 for all proxy redirects. Lets call this site B.
Issue: I can access and login to site A - IP # a.2.3.4 without any issue. However, when I access site B (IP # b.5.6.7), I can access the site but i cannot login. I get ACCESS DENIED error on the login page after I hit SUBMIT.
Observation:
Site A creates session cookies in the browser where as Site B cookies are not created.
Any help?

Related

IP address and Domain restrictions showing 404 error - IIS 8.5

I want to restrict some IP's to access the website so I'm trying using IP address and domain restrictions feature but it's showing 404 error to allowed IP and for deny IP it's properly showing the request is denied.
I'm configuring this changes on Windows Server 2012 R2 and IIS version 8.5
configuration for the allow IP
This are feature settings
Result When IP not added in Allow list
Result When IP is added in allow list
why this page not found is showing?
any other alternative to restrict the IP to access website?
Try adding the server's IP address(es) to the allowed list, because when you go to /sitefinity, the server sends a request to internal endpoint and if that request is blocked then you are getting redirected to your custom error page.

Blazor Server Side + Apache + Azure AD

I'm integrating Azure AD into a server side blazor application. It works locally (using https), however when I deploy it to production, the redirect URI in the URL is HTTP, not HTTPS, which then once I log in, Microsoft say the redirect URI isn't valid.
I'm running a VM using Ubuntu and Apache, which is forwarding anything from port 80 to port 443 using a Lets Encrypt certificate, however when it sends the user to Microsoft to login, the redirect URI is http://mydomain.tld, rather than https://mydomain.tld. I think it's because the URL it's running on locally is http://localhost:9000 - But when I put it to https://localhost:9000, it throws an exception on start up as it doesn't have a certificate and as I'm not running on a development machine, I don't really want to install the net core SDK and create dev certificate.
I've seen a few people put this in their code to solve it, however my requests are still going through to Azure AD with a HTTP redirect URI:
var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();
app.UseForwardedHeaders(fordwardedHeaderOptions);
Any ideas on how to fix it? I can't imagine I'm the first to be using Blazor behind Apache and connecting via openid.
Two options:
1.Set up Redirect URIs: http://localhost/****
2.Edit the Manifest like below:

Steps to redirect Application URL to Custom URL

i have IHS 7 installed on an AIX system and its pointing to Application Server . now my requirement is if Application is not accessible or if we are working on the Application it self then whoever access the URL, it redirects to a custom page on the webserver that Application is under construction .
for example url is https://my.Application.com:8089/application if anyone hits this URL then this URL is redirected to custom URL on same webserver https://my.webserver
i have configured a proxy on IHS httpd.conf but it is not working
The good practice in such case is to create two config files and one maintenance page. When your app server do not work you should restart http server with config file which point to the maintenance page.

Setup SSL on 2-3 sites on mulitsite server

After installing SSL on some of the sites on multi-site server, I am facing issue with non-ssl site.
When user accidentally visit non-ssl site with https, browser shows domain mismatch error. When user ignore warning and click on proceed to site, its shows the content of ssl site but URL still shows the non-ssl site's URL.
Also for some of the non-ssl site the google crawl wrong URL which contain path of ssl site.
Let me explain the scenario. I have 1 server which have 5 sites A, B, C, D and E. Out of five 2 (Say C and D ) are secured with SSL.Both the sites are working properly without any issue. Now the problem with non-ssl sites ( Say A, B and E ). Here whenever user visit any of the site with https ( https://www.A.com) browser (chrome) shows error "Your connection is not private" and when I click on "Advanced" button, here browser says "This server could not prove that it is www.A.com; its security certificate is from C.com". and when I click on "Proceed" the next screen show content of C.com but URL is still A.com.
Some one please check and help.
Thanks,

Using multiple iframe with different sessions through a proxy server

I'm developing an automation tool using javascript/jQuery.
To manipulate the DOM I've tunneled all iframe/browser access through an proxy server to have all them on same domain.
All this is working fine! But my end point app is a transactional jsp/servlet database and I wanna have multiple access to it.
I guess, because the proxy 'tunneling' all access through proxy has the same session, wich is not desirable since I need multiple access to the app, and to do this I must create different sessions.
I'm trying to figure out how to achieve a unique sessionID for each Iframe/browser pointing to the same web app passing through the same (?) proxy server, roughly:
iframe ---\
iframe -----> browser ---> apache proxy ---> jsp transactional app
iframe ---/
I was sniffing the traffic on FireFox (FireBug) and all iframes has the same session ID. That's not exclusively on iframe, even if I start another browser and use the link passing trhough the proxy I keep the same session ID.
Using Apache http Server 2.2.20 (win32).
Proxy config (if useful):
ProxyPass /bbb http://xxx/bbb/
ProxyPassReverse /bbb/ http://xxx/bbb/
Do the iframes src attributes point to the same domain or subdomain?
Remember that Session is implemented through cookies and that cookies are shared through the domain and subdomains they belong to, eg:
If Cookie belongs to yourdomain.com then subdomain.yourdomain.com has access to it
but
If Cookie belongs to subdomain.yourdomain.com then yourdomain.com or subdomain1.subdomain.yourdomain.com DOES NOT have access to it
And it doesn´t matter if it's an iframe or another browser window or tab...