Apache mod_rewrite internally to different port - apache

Is it possible to internally redirect (so url won't change in address bar) with mod_rewrite to different port on same host?
Eg
http://host.com:8080 -> http://host.com:9999/myapplication/?param=val

1, Enable mod_proxy
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
2, You should configure apache for vhost :
<VirtualHost *:8080>
....
ProxyPass / http://host.com:9999/myapplication/?param=val
ProxyPassReverse / http://host.com:9999/myapplication/?param=val
</VirtualHost>
3, Setup also VHost on port 9999
More info here:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
http://www.apachetutor.org/admin/reverseproxies

Elaboration on the mod_proxy solution with [P], the proxy flag:
Enable modules mod_proxy and mod_proxy_http:
a2enmod proxy proxy_http
Without these two enabled, you'd later get a 300 Forbidden status and the error message "AH00669: attempt to make remote request from mod_rewrite without proxy enabled" in the logs.
Place the following into the Apache2 vhost config section for the forwarding host:
<VirtualHost *:8080>
…
RewriteEngine on
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [R=400,L]
RewriteRule (.*) http://host.com:9999/myapplication/$1?param=val [P,L]
…
</VirtualHost>
This includes a technique by Steve Webster to prevent malicious URL crafting, explained here. Not sure how to deal with appending the GET parameter in this context, though.
Restart Apache2:
sudo service apache2 restart

Related

mod_rewrite - Port 80 does not change to 443 when HTTP is explicitly requested

I have an app deployed to Elastic Beanstalk whose Tomcat container uses Google OpenID Connect for authentication. I want to redirect all http requests to https, for which I have the following mod_rewrite configuration in a file in .ebextensions -
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
Google OAuth2 credentials console has https://example.com/j_security_check as an authorized redirect URL. The configuration works fine when either example.com or https://example.com is requested, whereupon the app is redirected to the mentioned authorized URL.
However, when http is explicitly requested - http://example.com - the app is being redirected to https but port 80 is still being used. The authorized redirect URL then becomes https://example.com:80/j_security_check and I get Error: redirect_uri_mismatch.
How can I redirect explicit http requests to https with the port changed to 443? The main goal is to match the mentioned authorized redirect URL. If possible, I'd like to implement this with the .ebextensions configuration file or a similar solution.
Can you something like this. If it got worked I will give you the explanation.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
The problem was not with the rewrite rule. The file had to be placed in a specific path within .ebextensions for it to work in Tomcat 8. The configuration files had to be setup differently too. Most examples provided were not for Tomcat so I ended up putting them in the wrong location.
What worked -
In /.ebextensions/httpd/conf.d/myconf.conf, place -
LoadModule rewrite_module modules/mod_rewrite.so
and in /.ebextensions/httpd/conf.d/elasticbeanstalk/00_application.conf, place -
<VirtualHost *:80>
<Proxy *:80>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
Take note of the use of .conf files instead of .config. This is important!
Also, the redirection that I was getting was not genuine. I was not paying close attention, because when I requested example.com, the browser cache was serving me https://example.com. It was not actually redirecting an http request to https.

Apache - Proxy external files to download

Consider this:
we have an external server for files that can be downloaded
our website (plone based) is the interface for downloading them and we try to hide the direct links as much as possible
jquery.fileDownload plugin needs a cookie set on file on download
I'm trying to set our Apache configuration to replace links like this:
original: data-files-example.com/folder/subfolder/file.zip
replaced: our-website-example.com/_downloads/folder/subfolder/file.zip
So, the missing part in my case is: how to set Apache to work like this?
I'm trying:
NameVirtualHost *:80
<VirtualHost :80>
ServerAdmin email#our-website-example.com
ServerName our-website-example.com
RewriteEngine On
RewriteRule "^/_downloads(.)$" "https://data-files-example.com/$1" [P]
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|PROPFIND|OPTIONS|TRACE|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)$
RewriteRule .* - [F,L]
RewriteRule ^/(.*) http://127.0.0.1:/VirtualHostBase/http/data-files-example.com:80/my_plone_website/VirtualHostRoot/$1 [L,P]
</VirtualHost>
I receive 503 Service Unavailable.
How to fix this?
Try a reverse proxy. Just make sure that mod_proxy and mod_proxy_http are enabled in your Apache configuration and that your proxy rule is set before the VirtualHostBase rule for Plone, if the pattern is the root slash.
ProxyPass /_downloads http://data-files-example.com
ProxyPassReverse /_downloads http://data-files-example.com
When proxying to a https backend you'll also need mod_ssl installed and the directive SSLProxyEngine On.
SSLProxyEngine On
ProxyPass /_downloads https://data-files-example.com
ProxyPassReverse /_downloads https://data-files-example.com
Following code at least rewrites your given original- to your desired target-URL:
<VirtualHost>
SSLProxyEngine On
RewriteEngine On
RewriteCond %{HTTP_HOST} ^our-website-example.com$
RewriteRule "^/_downloads(.*)$" "https://data-files-example.com/$1" [P,L]
</VirtualHost>
This requires the modules mod_ssl, mod_proxy and mod_rewrite to be activated.
Let us know if it was your sought solution and if not, where it went wrong :)

HTTP redirect to HTTPS AWS EC2 with Load Balancer

Here's my set up:
EC2 with Apache using elastic load balancer.
I'm looking to have all http traffic redirect automatically to https. I found this reco and tried it by adding to my httpd.conf file:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
</VirtualHost>
However, this didn't work before or after I restarted the server. HTTP didn't redirect and my sites threw all sorts of errors until I removed the rule from my config.
I'm thinking that I'm updating the file wrong or have the load balancer set up incorrectly. For the listeners for the load balancer I have LB protocol HTTP with port 80 with instance protocol HTTP and instance port 80. I have LB protocol HTTPS on port 443 with instance port 443. My SSL is on this latter protocol.
Any idea where to head from here?
The configuration that you have mentioned should work well. The problem might be that the mod_rewrite module is not loaded. Add below lines to your apache configuration to load rewrite module.
LoadModule rewrite_module modules/mod_rewrite.so
You can try below configuration which is much simpler than what you are using.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

mod_jk and mod_rewrite with prefix

We are trying to configure apache to forward requests to different servers hosting different Application servers.
We want to achieve the following.
www.mydomain.com/server1 --->forward to ---> 172.30.34.50:8082 (AP1 jboss)
www.mydomain.com/server2 --->forward to ---> 172.30.34.51:8082 (AP2 jboss)
Our current configuration:
mod_jk.conf:
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
httpd.conf
JkMount /cliente1* ajp13unsecure
RewriteEngine on
RewriteLog logs/apache-mod_rewrite.log
RewriteLogLevel 3
RewriteRule ^/cliente1(/)?([^/]*)/?$ /$2 [L,PT] (tried w/o PT with no success)
The problem is that when mod_jk forwards the request, it gets to the application servers like this: 172.30.34.50:8082/server1
Which is not a valid resource in the application server, it should go to root (172.30.34.50:8082)
We tried using mod_rewrite, but it triggers before mod_jk, so when apache try to match mod_jk rule, it doesn't satisfy the condition anymore. And the request is not forwarded.
How can we get mod_rewrite to trigger right before mod_jk does the forwarding so the application servers get the correct URI.
Or is there a way to configure mod_jk to forward request without the context?
How can we get mod_rewrite to trigger right before mod_jk does the
forwarding so the application servers get the correct URI.
Not too sure why I have noticed an uptick in people asking about mod_jk, but in my experience mod_proxy works better & is easier to understand for doing what you are attempting to do.
To enable mod_proxy in Apache do the following; assuming you are on Ubuntu/Debian:
sudo a2enmod proxy proxy_http
Then restart Apache like this; again assuming you are on Ubuntu/Debian:
sudo service apache2 restart
That done, this is a simple setup that should work within your Apache config. Winging it based on your settings:
# Settings for adding a trailing slash to the URL
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/(server1|server2)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1/ [R=301,L]
# Settings for Apache Reverse Proxying
<IfModule mod_proxy.c>
# Proxy specific settings
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass /server1 http://172.30.34.50:8082/
ProxyPassReverse /server1 http://172.30.34.50:8082/
ProxyPass /server2 http://172.30.34.51:8082/
ProxyPassReverse /server2 http://172.30.34.51:8082/
</IfModule>
The initial mod_rewrite settings add a trailing slash to URLs which I found I needed to do in cases where a path fragment—like /server1 and /server2—were going through a reverse proxy.
Also note I have /server1 and /server2 set but they might need to have a slash added to them like this /server1/ and this /server2/. Experiment to see what works best.

MASKING URL with HTACCESS

I am trying to redirect visitors of alldomain.com to the domain newdomain.com it does redirect however I want that when the user open's alldomain.com the data should be of newdomain.com however the top url should be alldomain.com
My Current HTACCESS:
RedirectMatch .* http://www.newdomain.com
I believe the solution to this consist of two parts: correct .htaccess, and using mod_proxy on your Apache server:
Uncomment these lines in httpd.conf (and restart Apache!):
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Add the following lines to your .htaccess:
RewriteEngine on
RewriteRule .* http://www.newdomain.com/ [P]
ProxyPassReverse / http://www.newdomain.com/
The key here is that the [P] flag in the RewriteRule tells Apache to use mod_proxy (which you enabled earlier), and the ProxyPassReverse makes sure that any links from the new domain are properly "attributed" to the old domain as well. I think that does it, but I can't test... Let me know whether this works for you!