You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Womann, Sven" <sw...@de.festo.com> on 2013/08/21 10:30:46 UTC
[users@httpd] Apache 2.4 ReverseProxy Issue
Hello,
I migrated my Apache 2.2 to 2.4. It is working as a reverse proxy. Now I have the following issue:
For the listener on Port 80 I set a request header ClientProtocol=http.
For the listener on Port 443 I set it to https.
So my application on the backend knows for example that for a login it has to redirect to https. So it sends a 302 with Location: https://www.server.com/login.
But on the client side, it is a redirect to http://www.server.com/login. That results in a loop.
I sniffered between client and RP and backend, the Apache 2.4 modifies the Location to http.
Is this a bug?
Best Regards,
Sven
Festo AG & Co. KG
Sven Womann
Abteilung IM-WMS
Inf. Mgmt. Web and Security
Plieninger Stra?e 50
73760 Ostfildern-Scharnhausen
Deutschland
Telefon +49(711)347-2898
Telefax +49(711)34754-2898
http://www.festo.com
Der Inhalt dieser E-Mail und moeglicher Anhaenge sind ausschliesslich fuer den bezeichneten Adressaten bestimmt.
Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail und
moeglicher Anhaenge durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender der E-Mail in
Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind sowie das Material von Ihrem Computer zu loeschen.
This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying
or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended
recipient of this e-mail, please delete it and immediately notify the sender.
Rechtsform: Kommanditgesellschaft, Sitz: Esslingen a.N., Registergericht Stuttgart HRA 211583, Umsatzsteuerident-Nummer: DE 145339206
Pers?nlich haftende Gesellschafterin: Festo Management Aktiengesellschaft, Sitz: Wien/?sterreich, Firmenbuchgericht: Handelsgericht Wien, Firmenbuch Nr. FN 303027 d
Vorstand: Dipl.-Kfm. Alfred Goll, Dr. Claus Jessen, Dr. Ansgar Kriwet, Dipl.-Kfm. Michael M?lleken, Dr. Eberhard Veit (Vorsitzender)
Aufsichtsratsvorsitzender: Prof. Dr.-Ing. Dr.-Ing. E.h. Klaus Wucherer
RE: [users@httpd] Apache 2.4 ReverseProxy Issue
Posted by "Womann, Sven" <sw...@de.festo.com>.
I figured out the following:
I run a 2.4.6 Apache as reverse proxy in front of serveral backend servers. Therefor I use Rewrite with P flag and ProxyPassReverse.
My config looks like this:
RewriteRule ^/cms/(([a-z]{2})(-[a-z]{2})?)_([a-z]{2,})/(.*)$ http://twww2_I.example.com:8080/cps/rde/xchg/${lc:$4}/hs.xsl/$5?Locale=$2&wsLocale=$1&wsCountry=$4 [P,NC,QSA,L]
<Location /cms/>
ProxyPassReverse /cps/rde/xchg/de/hs.xsl/
ProxyPassReverse /cps/rde/xchg/at/hs.xsl/
ProxyPassReverse /cps/rde/xchg/de-de/hs.xsl/
ProxyPassReverse /cps/rde/xchg/ch-fr/hs.xsl/
ProxyPassReverse /cps/rde/xchg/gb/hs.xsl/
ProxyPassReverse /cps/rde/xchg/us/hs.xsl/
ProxyPassReverse /cps/rde/xchg/en-us_us/hs.xsl/
ProxyPassReverse /cps/rde/xchg/en-gb_gb/hs.xsl/
ProxyPassReverse /cps/rde/xchg/es/hs.xsl/
ProxyPassReverse /cps/rde/xchg/fi/hs.xsl/
ProxyPassReverse /cps/rde/xchg/fi_fi/hs.xsl/
</Location>
Now I request a URL (http://www.example.com/cms/de_de/basket.htm) which send a redirect 302 to https. The RP changes the location to http and I have a loop.
I sniffered between client and RP and backend. It is really the RP.
In other scenarios where I just have
<Location /app/>
ProxyPassReverse /
</Locationn>
it works as it should.
With Apache 2.2 I don' t have this issue.
-----Original Message-----
From: Rainer Jung [mailto:rainer.jung@kippdata.de]
Sent: Saturday, August 24, 2013 10:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache 2.4 ReverseProxy Issue
On 21.08.2013 13:42, Womann, Sven wrote:
> Sorry, I meant to write example.com...
>
> I use include my RP-Rules in a dedicated file.
> There I work with RewriteRule ^/(.*)$ http://internal.example.com/$1
> [P,QSA,L] ProxyPassReverse is used in a Location directive like
>
> <Location />
> ProxyPassReverse /
> </Location>
>
> The 302 Location is full qualified, so normaly the ProxyPassReverse shouldn' t match...
A standards conforming Location header always if a full URL.
The only reason for a ProxyPassReverse is fixing Location headers, so your assumptions are not valid here ;)
If your backend already provides the correct Location headers for any redirect, then remove the ProxyPassReverse.
> The header is set correctly, but the 302 changes in front of the RP.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Festo AG & Co. KG
Sven Womann
Abteilung IM-WMS
Inf. Mgmt. Web and Security
Plieninger Strasse 50
73760 Ostfildern-Scharnhausen
Deutschland
Telefon +49(711)347-2898
Telefax +49(711)34754-2898
http://www.festo.com
Der Inhalt dieser E-Mail und moeglicher Anhaenge sind ausschliesslich fuer den bezeichneten Adressaten bestimmt.
Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail und
moeglicher Anhaenge durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender der E-Mail in
Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind sowie das Material von Ihrem Computer zu loeschen.
This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying
or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended
recipient of this e-mail, please delete it and immediately notify the sender.
Rechtsform: Kommanditgesellschaft, Sitz: Esslingen a.N., Registergericht Stuttgart HRA 211583, Umsatzsteuerident-Nummer: DE 145339206
Persoenlich haftende Gesellschafterin: Festo Management Aktiengesellschaft, Sitz: Wien/Oesterreich, Firmenbuchgericht: Handelsgericht Wien, Firmenbuch Nr. FN 303027 d
Vorstand: Dipl.-Kfm. Alfred Goll, Dr. Claus Jessen, Dr. Ansgar Kriwet, Dipl.-Kfm. Michael Moelleken, Dr. Eberhard Veit (Vorsitzender)
Aufsichtsratsvorsitzender: Prof. Dr.-Ing. Dr.-Ing. E.h. Klaus Wucherer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.4 ReverseProxy Issue
Posted by Rainer Jung <ra...@kippdata.de>.
On 21.08.2013 13:42, Womann, Sven wrote:
> Sorry, I meant to write example.com...
>
> I use include my RP-Rules in a dedicated file.
> There I work with RewriteRule ^/(.*)$ http://internal.example.com/$1 [P,QSA,L]
> ProxyPassReverse is used in a Location directive like
>
> <Location />
> ProxyPassReverse /
> </Location>
>
> The 302 Location is full qualified, so normaly the ProxyPassReverse shouldn' t match...
A standards conforming Location header always if a full URL.
The only reason for a ProxyPassReverse is fixing Location headers, so
your assumptions are not valid here ;)
If your backend already provides the correct Location headers for any
redirect, then remove the ProxyPassReverse.
> The header is set correctly, but the 302 changes in front of the RP.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache 2.4 ReverseProxy Issue
Posted by "Womann, Sven" <sw...@de.festo.com>.
Sorry, I meant to write example.com...
I use include my RP-Rules in a dedicated file.
There I work with RewriteRule ^/(.*)$ http://internal.example.com/$1 [P,QSA,L]
ProxyPassReverse is used in a Location directive like
<Location />
ProxyPassReverse /
</Location>
The 302 Location is full qualified, so normaly the ProxyPassReverse shouldn' t match...
The header is set correctly, but the 302 changes in front of the RP.
Best Regards,
Sven
-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: Wednesday, August 21, 2013 1:10 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache 2.4 ReverseProxy Issue
On Wed, 2013-08-21 at 08:30 +0000, Womann, Sven wrote:
> But on the client side, it is a redirect to
> http://www.server.com/login. That results in a loop.
Are you working for server.com, or did you mean to write example.com?
What ProxyPassReverse directives do you have?
If that isn't what you want, see the docs for "Header edit"
(mod_headers).
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Festo AG & Co. KG
Sven Womann
Abteilung IM-WMS
Inf. Mgmt. Web and Security
Plieninger Strasse 50
73760 Ostfildern-Scharnhausen
Deutschland
Telefon +49(711)347-2898
Telefax +49(711)34754-2898
http://www.festo.com
Der Inhalt dieser E-Mail und moeglicher Anhaenge sind ausschliesslich fuer den bezeichneten Adressaten bestimmt.
Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail und
moeglicher Anhaenge durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender der E-Mail in
Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind sowie das Material von Ihrem Computer zu loeschen.
This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying
or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended
recipient of this e-mail, please delete it and immediately notify the sender.
Rechtsform: Kommanditgesellschaft, Sitz: Esslingen a.N., Registergericht Stuttgart HRA 211583, Umsatzsteuerident-Nummer: DE 145339206
Persoenlich haftende Gesellschafterin: Festo Management Aktiengesellschaft, Sitz: Wien/Oesterreich, Firmenbuchgericht: Handelsgericht Wien, Firmenbuch Nr. FN 303027 d
Vorstand: Dipl.-Kfm. Alfred Goll, Dr. Claus Jessen, Dr. Ansgar Kriwet, Dipl.-Kfm. Michael Moelleken, Dr. Eberhard Veit (Vorsitzender)
Aufsichtsratsvorsitzender: Prof. Dr.-Ing. Dr.-Ing. E.h. Klaus Wucherer
Re: [users@httpd] Apache 2.4 ReverseProxy Issue
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 2013-08-21 at 08:30 +0000, Womann, Sven wrote:
> But on the client side, it is a redirect to
> http://www.server.com/login. That results in a loop.
Are you working for server.com, or did you mean to write example.com?
What ProxyPassReverse directives do you have?
If that isn't what you want, see the docs for "Header edit"
(mod_headers).
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org