You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ch...@t-systems.com on 2020/05/18 09:51:45 UTC
[users@httpd] RewriteRules with ajp and secret
Hi there.
I am running apache 2.4.43 with a tomcat 7.0.103 as backend server.
I have tried to implement proxy configuration to tomcat backend with ajp and secret.
It works fine when using ProxyPass or BalancerMemeber, just like documented at https://httpd.apache.org/docs/trunk/mod/mod_proxy_ajp.html:
The secret is sent when the secret=secret_keyword parameter is used in ProxyPass<https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass> or BalancerMember<https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#balancermember> directives. The backend needs to support secret and the values must match. request.secret or requiredSecret are documented in the AJP configuration of the Apache Tomcat.
But there are several context based RewriteRules like this:
RewriteRule (.*) ajp://IP:PORT$1 [QSA,P,L]
I haven't found any solution to get secret parameter passed in RewriteRules.
I have tried this one:
RewriteRule (.*) ajp:// IP:PORT$1?secret=my_secret
This isn´t working and secrets value should not appear in tomcat access logfile.
Is there any solution for RewriteRules with ajp and secret?
Mit freundlichen Grüßen
Christian Unnering
DEUTSCHE TELEKOM IT GMBH
Digital Transformation and Operations Telekom IT
Central Operation Services
Team COS 3
Telefon: (0521) 92 15-54 29
Telefax: (0521) 92 15-57 99
Email: christian.unnering@t-systems.com<ma...@t-systems.com>
Internet: http://www.t-systems.de<http://www.t-systems.de/>
Die gesetzlichen Pflichtangaben finden Sie unter:
https://www.telekom.com/pflichtangaben-dtit
Re: [users@httpd] RewriteRules with ajp and secret
Posted by Yann Ylavic <yl...@gmail.com>.
Hi Christian,
On Mon, May 18, 2020 at 11:52 AM <Ch...@t-systems.com> wrote:
>
> But there are several context based RewriteRules like this:
>
> RewriteRule (.*) ajp://IP:PORT$1 [QSA,P,L]
>
> I haven’t found any solution to get secret parameter passed in RewriteRules.
You need a Proxy directive (provided by mod_proxy) to define a proxy
entity/URL (called proxy worker) on which you can associate parameters
(like "secret"). A RewriteRule [P] won't let you do that, without an
associated mod_proxy declaration, the above RewriteRule will use a
generic reverse proxy with no parameter, no connection reuse etc..
The usual way to declare a proxy worker, and its parameters, without
any particular path mapping is:
<Proxy "ajp://IP:PORT">
ProxySet secret=my_secret
</Proxy>
Then "ajp://IP:PORT" can be mapped to any path with either a ProxyPass
or a RewriteRule [P] like you did.
Hth,
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org