Apache mod_rewrite and multiple domains - apache

I'm trying to use mod_rewrite to map multiple domains to different servlets on one host.
Example:
www.dom1.com -> 192.168.1.n/dom1
www.dom2.com -> 192.168.1.n/dom2 ...
I'm using the mod_rewrite and mod_proxy and VirtualHost directive but it seems that the reverse mapping via ProxyPassReverse doesn't work as I expected.
ProxyPassReverse /subdomain.domain.com http://192.168.1.n/subdomain
doesn't work. I've turned rewrite-logging on with
RewriteLog /var/log/rewrite.log
From the logs I'd say that rewriting works and the problem seems to be with reverse mapping. However I can't see any Reverse mapping entries.
It seems that reverse mapping isn't logged or needs a different command to be activated.
(Apache and the servlet container are on different machines but this should not matter I'd think ?)


After all I've found a solution that works for me.
This is an excerpt from my configuration that shows one virtual host for domain 1
<VirtualHost *>
ServerName www.dom1.com
ServerAlias dom1.com
RewriteEngine On
# logs might be omitted
RewriteLog /var/log/dom1_rewrite.log
RewriteLogLevel 2
CustomLog /var/log/dom1_custom.log common
ErrorLog /var/log/dom1_error.log
# rewrite to internal ip
RewriteRule ^/(.*) http://192.168.1.105/dom1/$1 [L,P,E=proxy_ok:1]
# Preserve the host-part in the forwarded url
ProxyPreserveHost On
# Substitute responses with the original
ProxyPassReverse / http://192.168.1.105/dom1/
ProxyPassReverse / http://192.168.1.105/dom1
ProxyPassReverse / http://dom1.com/dom1/
ProxyPassReverse / http://dom1.com/dom1
</VirtualHost>
What was wrong with my first configuration - I had to preserve the host and then add all necessary ProxyPassReverse rules to substitute the responses.
And this is my mod_proxy configuration:
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
# Proxies just in case Proxy_ok is set
Allow from env=proxy_ok
</Proxy>
# Not sure whether we need this ...
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>
There may be cleaner solutions but - if works as it should.

Related

Reverseproxy Apache configuration is allowing unwanted traffic through the server

To allow the access to a specific server not publicly available, we've structured an architecture with a Apache webserver exposed on internet, and we would like to configure it as Reverse Proxy to redirect only some requests to the private server.
This is the piece of httpd.conf file:
Listen 5000
<VirtualHost *:5000>
ServerAdmin webmaster#localhost
ServerName servername
ErrorLog /etc/httpd/conf/error.log
#<Location />
# ProxyPass "http://...:5000/"
# ProxyPassReverse "http://...:5000"
# Order allow,deny
# Allow from all
#</Location>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" "http://...:5000/" interpolate connectiontimeout=30 timeout=12000
#RewriteRule ^(.*) "http://...:5000/$1"
#ProxyPassMatch ^(.*) "http://...:5000/$1"
ProxyPassReverse "/" "http://...:5000/"
</VirtualHost>
Whenever we put Listen 5000 a lot of undesired traffic pass through the server to other servers on Internet.
In the code above the commented lines are some of attempts I've done.
What is wrong in the configuration that is not blocking the server to works as proxy for everything?
Thank you in advance for the help

IF you want to deny some paths from being proxied you have to use the "!": here is a link to the documentation explaining how to do it http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

Apache Reverse Proxy configuration - Subdomains

I am trying to configure an Apache server to have 2 subdomains making use of a reverse proxy. I am able to redirect traffic to the first subdomain (first.example.com) and retrieve content from the https site successfully. However, whenever I try to access the second subdomain I end up getting content from the first, and since routes don't match my local website, I get a not found page.
I would like to know what can I adjust from my current configuration so I can get content from my localhost site to.
Here is my current configuration:
<Proxy *>
Require all granted
</Proxy>
SSLProxyEngine On
ProxyRequests Off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLProxyVerify none
SSLVerifyClient none
SSLProxyCheckPeerName off
<VirtualHost first.example.com:80>
ServerName first.example.com
ProxyPass /first https://stackoverflow.com
ProxyPassReverse /first https://stackoverflow.com
ProxyPassMatch ^/(.*)$ https://stackoverflow.com/$1
</VirtualHost>
<VirtualHost second.example.com:80>
ServerName second.example.com
ProxyPass /site http://localhost/site
ProxyPassReverse /site http://localhost/site
ProxyPassMatch ^/(.*)$ http://localhost/site/$1
</VirtualHost>
Thank you very much in advance!
Best Regards!
Edgar Martínez.

Your current configuration is conflicting with itself. ProxyPass and ProxyPassMatch does the same thing (in regex) but you declared it both with different rules.
ProxyPass /site http://localhost/site
Rule says: anyone that visits http://second.example.com/site will be fed content from http://localhost/site. If you visit http://second.example.com/foo, you get nothing.
The match line
ProxyPassMatch ^/(.*)$ http://localhost/site/$1
Rule says: Anyone that visits http://second.example.com/site will be fed content from http://localhost/site/site. If you visit http://second.example.com/foo, you get http://localhost/site/foo.
If you use the Match version (regex), you're also out of luck for the reverse rule which doesn't have a regex version. Though, I'm not certain you actually need the reverse rule.
As to why your second request got result from the first... I have no idea.

Tableau Reverse Proxy Issue

I want to make Tableau (which is on an internal network) accessible on the public network. One of the ways recommended by Tableau Support is a Reverse Proxy.
I have set up the required modules and have the reverse proxy functioning. The login page is available through these settings in httpd given below. However, once I log in and want to open Projects, Views etc. It routes to
http://actualsite.com/#/vieworproject
which should actually be http://actualsite.com/tableauaccess/#/vieworproject.
Here is the httpd configuration:
ProxyPass /tableauaccess/ http://tableauserverexample.com/
ProxyPassReverse /tableauaccess/ http://tableauserverexample.com/
<Location /tableauaccess/>
Order deny,allow
Allow from all
ProxyHTMLURLMap / /tableauaccess/
</Location>
This doesnt solve the main issue with #. I tried
ProxyPass /#/ http://tableauserverexample.com/#/
ProxyPassReverse /#/ http://tableauserverexample.com/#
But it doesnt help. Any suggestions?? Thanks!

We had this same issue recently. Your httpd.conf file is technically correct for mod_proxy, however the url you are attempting to use is not supported by Tableau. You cannot use:
http://actualsite.com/tableauaccess
But rather you must use the format:
http://tableauaccess.actualsite.com
We ended up setting up that sub-domain name and then using a VirtualHost block such as:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName actualsite.com
DocumentRoot "/path/path2/pathx"
</VirtualHost>
<VirtualHost *:80>
ServerName tableauaccess.actualsite.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://tableauaccess.actualsite.com/
ProxyPassReverse / http://tableauaccess.actualsite.com/
<IfModule mod_cache.c>
CacheDisable *
</IfModule>
RequestHeader set X-Forwarded-Proto "http" #or "https", depending on preference
</VirtualHost>
Be sure to double-check your Tableau server to update the URL format.
Sources:
https://community.tableau.com/thread/198095
https://community.tableau.com/thread/218678
(I don't have enough reputation points to post all of my sources, but thanks to Tableau community, shanemadden at ServerFault, and the Apache documentation.)
edit: forgot trailing slashes

Infinite redirect when using mod_proxy_ajp ?

I'm trying to configure access from the root context of port 80 to redirect to my tomcat app. My config is set up like
<VirtualHost *:80>
ServerName localhost
ErrorLog /var/log/apache2/ajp.error.log
CustomLog /var/log/apache2/ajp.log combined
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/testApp
ProxyPassReverse / http://localhost/testApp
</VirtualHost>
Is this the correct way to do this ? It currently results in an infinite redirect loop.

Your ProxyPassReverse configuration is wrong. You want:
ProxyPass / ajp://localhost:8009/testApp
ProxyPassReverse / ajp://localhost:8009/testApp
The ProxyPass and ProxyPassReverse lines should have identical arguments.
Since you are changing the application path you may run into all sorts of additional issues including but not limited to:
cookies having the wrong path
embedded links using the wrong path
some libraries that place paths in custom HTTP headers using the wrong paths
Generally, life is a lot easier if you rename testApp to ROOT.

Can I turn off an Apache Directive then turn it on in an include?

I have a VirtualHost block that includes common configuration items, one directive is ProxyPreserveHost.
Can I "procedurally" turn off ProxyPreserveHost for a Rewrite directive then have the include turn it back on? For example:
<VirtualHost *:80>
ServerName www.blah.com
...
...
ProxyPreserveHost off
RewriteRule /somepath http://otherhost/otherpath [P]
Include /path/to/file/turning-on-ProxyPreserveHost
</VirtualHost>
The otherhost is on a CDN and preserving the host is creating some name resolution issue that is not allowing the proxying of content in the host namespace.
ProxyReserveHost is only allowed in a Server Config or VirtualHost. It doesn't look like I can selectively turn it off for the ProxyPass and ProxyPassReverse directives (encapsulated in the proxy flag of mod_rewrite).

The following, found on the internet, addressed my dilemma. As an aside, there is an open feature request to make ProxyPreserveHost configurable at the Location and Directory level within the Apache HTTPD project.
<IfModule mod_headers.c>
<Proxy "http://${build.replace.host}/">
RequestHeader set Host ${build.replace.external.host}
</Proxy>
RewriteRule ^/proxypath/ http://${build.replace.external.host}/path/to/resource.html [P]
ProxyPassReverse /proxypath/ http://${build.replace.external.host}/path/to/resource.html
</IfModule>