Apache mod-proxy ProxyErrorOverride for specific URL patterns - apache

I am using Apache 2.2 with mod-proxy and I have configured it with several ProxyPass statements to proxy from remote URL to local URL. I need to have custom error documents returned from Apache for these proxied URLs so I set "ProxyErrorOverride On" in my mod-proxy configuration along with some ErrorDocument directives (with local URL path) to return custom error pages for a few HTTP status codes of interest. However, when a status code is returned for which I have NOT created an ErrorDocument directive for, Apache replaces the response body with a default error page instead of leaving the original response body intact. This won't work with the application. So I really have 2 questions:
1) Is it possible to configure Apache to leave the original response body intact for a particular status code if I don't have an ErrorDocument override defined for it?
2) Is it possible to have the ProxyErrorOverride directive only apply to some of the URLs in my ProxyPass statements?

As arober11 pointed out in the comment above:
Afraid the answer is: No and No. If the directive could be limited to
a location, directory, or set of URL's, then there would be something
in the "Context" section, of the man page:
httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride
on the other hand: you can always add it to mod_proxy.c yourself.

For question 2:
Definitely doable. Using internal redirects to either new host or port this is possible. Brief outline using hosts (add noErrorOverrideUrl,doErrorOverrideUrl in DNS or /etc/hosts of apache-machine):
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(/noErrorOverrideUrl/.*) http://noErrorOverrideUrl$1 [L,P]
RewriteRule ^(/doErrorOverrideUrl/.*) http://doErrorOverrideUrl$1 [L,P]
</VirtualHost>
<VirtualHost *:80>
ServerName noErrorOverrideUrl
ProxyErrorOverride Off
ProxyPass ...
...
</VirtualHost>
<VirtualHost *:80>
ServerName doErrorOverrideUrl
ProxyErrorOverride On
ProxyPass ...
...
</VirtualHost>
Brief outline using ports:
Listen 80
Listen 81
Listen 82
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^(/noErrorOverrideUrl/.*) http://server:81$1 [L,P]
RewriteRule ^(/doErrorOverrideUrl/.*) http://server:82$1 [L,P]
</VirtualHost>
<VirtualHost *:81>
ProxyErrorOverride Off
ProxyPass ...
...
</VirtualHost>
<VirtualHost *:82>
ProxyErrorOverride On
ProxyPass ...
...
</VirtualHost>

You can upgrade apache and use the If sentence avaible on 2.4+
<VirtualHost *:80>
...
<If "%{REQUEST_URI} =~ m#^\/QA(.*)$#">
ProxyErrorOverride Off
</If>
..
</VirtualHost>
Documentation

Related

ProxyPass worker name (*long url here*) too long

I have a URL www.example.com.
This should point to the page
www.data.city.author/blah/blah/fjfjf/fkkeklf/eied/shudfj
and show the content in
www.data.city.author/blah/blah/fjfjf/fkkeklf/eied/shudfj
but in the address box, it should show www.example.com
My present configuration in vhost.conf for the proxy is:
SSLProxyEngine on
Proxypass "/" www.data.city.author/blah/blah/fjfjf/fkkeklf/eied/shudfj
ProxyPassReverse "/" www.data.city.author/blah/blah/fjfjf/fkkeklf/eied/shudfj
The Problem is that Apache 2.4 has a bug that when using ProxyPass, URL should not be more than 96 characters. So it is truncating the URL to 96 characters and hence the configuration is returning with an error message.
Any other way to solve my case. I tried using apache RewriteRule with [P] flag but it does not work in my case.
EDIT
Below is my present configuration
<VirtualHost *:11080>
ServerAdmin webmaster#dummy-host.example.com
ServerName int.chicagomeningvax.org
ServerAlias www.int.chicagomeningvax.org
DocumentRoot "/app/web-vhosts"
ErrorLog "/app/apache-vhosts/logs/error_log"
CustomLog "/app/apache-vhosts/logs/access_log" combined env=!dontlog
RewriteEngine on
RewriteRule / https://data.cityofchicago.org/Health-Human-Services/Meningitis-Vaccine-Locations-Map-Visualization/n4bi-r8ij [R=302,P]
</VirtualHost>
If your url is too long please use Alias instead, it worked for me.
In your mod_proxy.conf file:
Alias http://dummy:8009 http://yourlongoriginalurl:8009
Proxypass / http://dummy:8009

Apache Virtual Hosts Non-www not working

I'm setting up a Virtual Hosts file on my CentOS 7 box and I'm having trouble getting my domain to resolve correctly.
Here's what my current /etc/httpd/conf.d/vhost.conf file looks like
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster#domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/domain.com/public_html/
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
It seems the the correct redirects are happening. For exmaple:
domain.com redirects to https: //www.domain.com
www works fine
BUT
https: //domain.com doesn't work
http ://domain.com doesn't work
In fact, if I remove the redirects I have set, domain.com ins't working at all, so it looks like the ServerAlias is broken?
I'm wondering if I need another redirect or is there some other step I'm missing?
Also, don't mind the spaces between http and the domain name. StackOverflow made me format it that way.
As presented, no request to anything https will ever work. Normal, you only have a VirtualHost on port 80. You do have a Listen directive for that port right?
For your redirections. It says: if you ask for http://www.example.com or http://example.com, redirect to https://<WHAT THE USER ASKED FOR>. In essence you are forcing your users to use https all the time, no problem there. But you do not have a VirtualHost on port 443, hence no response.
So:
Listen *:80
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ErrorLog /var/log/httpd/80_error.log
CustomLog /var/log/httpd/80_access.log combined
RewriteEngine on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
Listen *:443
<VirtualHost *:443>
ServerName www.example.com
# in case users do directly to https
ServerAlias example.com
DocumentRoot /var/www/html/domain.com/public_html/
DocumentIndex index.html
ErrorLog /var/log/httpd/443_error.log
CustomLog /var/log/httpd/443_access.log combined
# SSL CONFIGURATIONS, TODO!
</VirtualHost>
In your *:443 VH, you will have to configure certificates and SSL.
Your certificates will have to be valid for both www.example.com and example.com to avoid browser complaints.
Careful there might be an ssl.conf included file under conf.d that defines some of this. Make sure you only set it once to avoid confusion.
No need to define DocumentRoot in *:80 VH since it only redirects and does not respond content to client.
Have fun!
I solved the issue. I had my local hosts file configured to point to an old out of date IP address……
domain.com *bad ip address*
I'm so embarrassed. I must have set that up months ago and forgot.

Redirect specifc HTTPS request to a specific port with apache

I have a problem to redirect some request to an other port. Here's my configuration:
I have a public domain like XXXX.ddns.net
I have a Rapsbian server with apache and files in my /var/www folders are correctly served (angular website)
On the same Raspbian server there is a REST server running on the 3000 port
This is running on HTTPS with SSL(letsencrypt)
I would like that all requests to XXXX.ddns.net/api/* to be redirected to the 3000 port.
I change the .htaccess file and the rewrite rule seems to works on local but I can't make it working from my internet site. API requests achieve with a error 500.
Here is my current .htaccess file:
RewriteEngine On
RewriteRule ^api/(.*) https://localhost:3000/api/$1 [QSA]
# not sure if it should be http or https in the rule but nothing works
#RewriteRule ^api/(.*) http://localhost:3000/api/$1 [QSA]
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
# If the requested pattern is file and file doesn't exist, send 404
RewriteCond %{REQUEST_URI} ^(\/[a-z_\-\s0-9\.]+)+\.[a-zA-Z]{2,4}$
RewriteRule ^ - [L,R=404]
Here is my current 000-default-le-ssl.conf file (in /etc/apache2/sites-available):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName XXXX.ddns.net
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location /api>
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
</IfModule>
If someone could help me to achieve it...
Thanks!
Your self-found solution looks strange to me. You switch on the SSLProxyEngine and than disable all security measures. Is the backend API running under HTTPS and HTTP at port 3000 at the same time? This is not possible.
I use this setup (apache as proxy to backend application) pretty often and would suggest the following configuration:
As I did not understand the purpose of the rewrite directives I left them out. The VirtualHost at port 80 always redirects HTTP requests to HTTPS. If this works add permanent to the directive (permanent is cached by some browsers, see comment in VirtualHost *:80).
The VirtualHost for HTTPS serves content from your DocumentRoot at /var/www/html. The Directory directive takes care that only correctly addressed files are served (no lookups possible). The VirtualHost also provides the proxy for the /api on the same server on port 3000.
It should work for apache 2.4 if your letsencrypt configuration is correct (fill-in the XXXX). Both VirtualHost configurations can be written into a single file, usually located in /etc/apache2/sites-available with a symlink to /etc/apache2/sites-enabled. Please remove/rename your .htaccess file and other configurations before testing this configuration. If you need access control through apache this could also be configured directly in the VirtualHost configuration.
<VirtualHost *:80>
ServerName XXXX.ddns.net
# Always https
Redirect / https://XXXX.ddns.net/
# Redirect permanent / https://XXXX.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for api
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
Thanks for your help. I don't really know how but it works now!
I dont rember exactly what i did, but the last one was to modify my 000-default-le-ssl.conf file like this:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /api>
ProxyPass http://127.0.0.1:3000/api/
ProxyPassReverse http://127.0.0.1:3000/api/
ProxyPass https://127.0.0.1:3000/api/
ProxyPassReverse https://127.0.0.1:3000/api/
</Location>

Apache proxypass - show local file if exist

i use apache proxypass to show content from other server to my base server
i use this code
<VirtualHost *:80>
ServerAdmin webmaster#example.com
DocumentRoot /var/www/html/2
ServerName 2.example.com
ProxyPass /tv http://t1.example.com/tv/
ProxyPassReverse /tv http://t1.example.com/tv/
ErrorLog logs/errorlive_log
CustomLog logs/access_live common
</VirtualHost>
so is there a way first to check if file exist on 2.example.com (/var/www/html/2) if file exist show from this server and if file dont exist then request and server from t1.example.com/tv/
-and i have second question:
if server2 serve a video which is located in server1 and on server 2 are watching 10 users (10mbps) , so from which server will be taken 10mbps from server 2 or server 1 or both servers will have 10mbps load
In apache doc,you can see Ordering ProxyPass and RewriteRule Directives
RewriteRule directives are evaluated before ProxyPass ones.
So, you can add a rewrite rule which test if file exist
<VirtualHost *:80>
ServerAdmin webmaster#example.com
DocumentRoot /var/www/html/2
ServerName 2.example.com
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* - [L]
ProxyPass /tv http://t1.example.com/tv/
ProxyPassReverse /tv http://t1.example.com/tv/
ErrorLog logs/errorlive_log
CustomLog logs/access_live common
</VirtualHost>
RewiteCond test if %{REQUEST_FILENAME} is a regular file and then rewriteRule rewrites to the file. It can be a html, image, php file, etc ...
Now, you can adapt to your need.
EDIT
For second question, I forgot to answer. Sorry, my bad.
According to Apache mod_proxy documentation :
"A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the namespace of the reverse proxy. The reverse proxy then decides where to send those requests and returns the content as if it were itself the origin."
So, both server are loaded.

apache RewriteRule and proxypass

I am in the process of setting up a jira server and will use apache to be a proxy to the tomcat service. I have my apache setup 90% completed but can't workout the final configuration. The goal is to have users be able to access the FQDN, the alias or the fully qualified alias but the URL is always rewritten to the DNS alias. e.g user browses to:
http://jira.domian.com rewrite to https://jira
http://nbsrvjira-07v rewrite to https://jira
http://nbsrvjira-07v.diasemi.com rewrite to https://jira
All the above work however the below fail:
https://jira.domian.com rewrite to https://jira
https://nbsrvjira-07v rewrite to https://jira
https://nbsrvjira-07v.diasemi.com rewrite to https://jira
Unless a specific URL is used it will cause issue within the application, the apache configuration is below:
The http to https redirect:
<VirtualHost *:80>
ServerName nbsrvjira-07v.domain.com
ServerAlias jira-test jira-test.domain.com
ErrorLog "/var/log/httpd/nbsrvjira-07v.domain.com_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/nbsrvjira-07v.domain.com_access.log" combined
RewriteEngine On
RewriteRule ^/(.*) https://jira-test/ [noescape,last,redirect=302]
</VirtualHost>
The https to proxy pass:
VirtualHost *:443>
ServerName nbsrvjira-07v.domain.com
ServerAlias jira jira.domain.com
ErrorLog "/var/log/httpd/nbsrvjira-07v.domain.com_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/nbsrvjira-07v.domain.com_access.log" combined
SSLEngine On
SSLCertificateFile "/etc/pki/tls/certs/nbsrvjira-07v.domain.com.cert"
SSLCertificateKeyFile "/etc/pki/tls/private/nbsrvjira-07v.domain.com.key"
RewriteEngine On
ProxyPass / http://localhost:8080/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I have tried various rewrite rules within the https configuration but none seem to work. Can someone help?
Chris
Maybe set up more than one VirtualHost for *:443 where one or more will just redirect to https://jira and only one will act as https://jira and contain the proxying? Just a guess.