Pound & Apache: REMOTE_HOST contains host of proxy [closed] - apache

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a server running Ubuntu 12.04 LTS, Pound 2.6 and Apache 2.2. I have also the apache module mod_rpaf (installed from https://github.com/gnif/mod_rpaf) installed and enabled to ensure, that in the variable REMOTE_ADDR appears the real user ip address and not the address of the proxy.
This works fine, but the variable REMOTE_HOST is not changed by mod_rpaf. This variable contains "localhost" and not the host of the given user ip address.
Can you help me, please?
Here is my mod_rpaf configuration:
root#perseus ~ # cat /etc/apache2/mods-enabled/rpaf.conf
RPAF_Enable On
RPAF_ProxyIPs 127.0.0.1
RPAF_Header X-Forwarded-For
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
Thank you

Check theses answers on a previous question about a missing REMOTE_HOST:
REMOTE_HOSTS is a variable that may or may not be populated by apache (and it's better if it is not set, else it imply a DNS query by apache for every incoming request). So Nothing on your code should rely on REMOTE_HOST. No application should assume this variable will be there and correctly filled.
mod_rpaf does what it is designed for, documentation:
Sets REMOTE_ADDR, HTTPS, and HTTP_PORT to the values provided by an upstream proxy.
Now you have a working REMOTE_ADDR, which is the only variable you should trust, make a copy of it in REMOTE_HOST if you really wants that, and simply do it in your application code.

There is a bug in Ubuntu LTS 12.04 that prevents rpaf to work at all.
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-rpaf/+bug/1002571
workaround
in rpaf.conf replace
<IfModule mod_rpaf.c>
by
<IfModule mod_rpaf-2.0.c>

Related

Same domain - 2 separate servers [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have a website that runs on a framework on a LAMP stack.
Now I want to extend this website by adding a bunch of new pages, but served from a different framework on a separate LAMP stack on another server that is prepared to handle more traffic.
I don't want this traffic to pass by the original website as it will be a burden to be processed by the framework. However, I can afford to have apache forwarding the traffic request to a specific folder forwarded to a separate server with a different IP address.
For example:
mydomain.com/ -> goes to server A,
mydomain.com/folder1/ -> goes to server B
How can I accomplish this with apache?
I can even afford setup a separated server to handle the separation of these request, so each server will only receive the requests it is intended to process.
Another option could be to set a subdomain like ww2.mydomain.com pointed to the IP of a separated server but will this affect my SEO ranking?
What are other options and what would be the best option for this case?
You are looking for ProxyPass directive.
Example location for mydomain.com virtualhost:
<VirtualHost ...>
ServerName mydomain.com
...
<Location /folder1/>
ProxyPass http://serverb/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
</Virtualhost>

Trying to enable https on apache server in Ubuntu 12.04 [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've got an installation of the apache2 package on Ubuntu 12.04, and I've installed the PHP mod so that I can run PHP scripts on my server. I'm now trying to set up the server for HTTPS. The application I'm working on needs to have https access enabled, but I've never had much experience with SSL, certs, or any of that security stuff (I'm trying to learn, however).
I've tried following tutorials online, but there always seems to be a failure with each tutorial. Here's my most recent attempt:
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
This series of commands doesn't output any errors, but when I navigate to https://, it tells me the webpage is not available. Navigating to http:// works fine.
Am I missing something, or has this tutorial just led me astray? I'd really like to figure out how to enable Apache on Ubuntu 12.04 to handle https requests. :)

Apache default port change not working ubuntu 12.04 [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm using Ubuntu 12.04
I tried to change my default apache2 port from 80 to 8085
I edited /etc/apache2/ports.conf
I edited line Listen 80 to Listen 8085
then restarted my apache service
then to test this in browser I putted http://localhost:8085
The result is 404 Not Found
then I opened terminal and ran
netstat -tulpn | grep 8085
o/p is:
tcp 0 0 0.0.0.0:8085 0.0.0.0:* LISTEN
Am I doing something wrong? or Am I missing something?
Thanks and regards!
I would almost have to guess, given your configuration is correct, that you needed to just to reload and restart apache:
sudo service apache2 reload
sudo service apache2 restart
If not, I believe why this has gone unanswered is there was not enough basic info posting like "/var/log/apache2/error.info" output or further explanation, along with providing us with what you had done prior as far as configuration.
Hope you got it handled and did not give up!
=^)

How to set mod_proxy to serve some files while others to be served by apache [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have enabled mod proxy to serve my jsp and servlets and it seem to work fine. So if i hit localhost, it takes request to tomcat and executes it. What is want is that servlets and jsp are forwarded to tomcat while php is handled by apache. Both JSP/Servlets and PHP files are in the same folder and I need to make a call from JSP?Servlet to PHP or may be vice versa as well. Now the problem is that PHP is also forwarded to tomcat it seems if I use following pattern -
ProxyPass /auto http://serv.corp.com:8080/auto/
All JSP/Servlets and PHP files are inside auto folder which is in webapps folder.
Kindly help me to route static content i.e. PHP to apache.
To server static content by Apache and remain files by appserver (jboss in my case)..
httpd.conf of Apache should look as:--
DocumentRoot /usr/local/apache2/htdocs
ProxyPass / !
ProxyPass / https://www.example.com:8443/
ProxyPassReverse / https://www.example.com:8443/
here for example /logo.gif will be served directly by
Apache from the /usr/local/apache2/htdocs/logo.gif file.
And everything else will be served by appserver.
Hope it will be useful
You want to use ProxyPassMatch rather than ProxyPass. Something like (untested)
ProxyPassMatch ^/(.*\.php)$ !

Allow request coming from specific IP only [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have application hosted Apache UNIX, and I am allowing users to access the application url from citrix environment (from citrix machine).
However, currently its possible to access the url from all the connected machines. I would like to put the restriction that it should be only accessed from citrix machine. So if any one needs to access it, he needs access to citrix machine.
I tried with below:
<Directory /APP>
Order Deny,Allow
Deny from all
Allow from 160.120.25.65
Allow from 127
</Directory>
it didn't work. Any suggestion?
Few replied with iptables solution, however this one loaded on Solaris (it doesn't have builtin firewall to OS as linux).
This should do what you need:
<Directory /APP>
Order Allow,Deny
Allow from 160.120.25.65
Allow from 127.0.0.0/8
</Directory>
See the mod_authz_host documentation for details.
What version of Apache are you running? The IP allowing mechanisms are, AFAIK, provided by mod_authz_host, which was introduced in 2.2 (well, 2.1 technically). If you do have 2.2, make sure it wasn't compiled with mod_authz_host disabled.
Generally speaking, though, you may find a simpler and more robust solution is the iptables or other firewalling suggested in the other answers.
I would suggest Iptables for this purpose. put a rule in the iptables that wherever the destination port is the port number of your apache machine and the source ip is the ip address of critix machine, the linux machine should drop that packet. This way would solve your problem provided there are no other applications hosted on the apache of your machine which ought to be open for all ips. An example of the perspective rule could be :-
iptables -I INPUT 1 -s 160.120.25.65 -d <port_of_apache_on_your_machine> -j DROP
This should solve your problem, once you replace by its proper value
I would probably use an iptables rule for this. I'm not sure what the example you posted is, but you should be able to configure just about any firewall to work like you want it.