Re: [us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects

2010-04-28 Thread Nick Kew 
On Wed, 28 Apr 2010 11:22:00 +0200
Timo Meinen  wrote:

> ServerName it.localhost.de
> ProxyPass   /   ajp://127.0.0.1:8009/spike/
> ProxyPassReverse/   ajp://127.0.0.1:8009/spike/
> ProxyPassReverseCookiePath  /spike  /
> 
> (This is the configuration in the VirtualHost entry for port 80. There
> is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).

Do both virtualhosts have the same proxy config?

You may be experiencing a variant on the problem described in
http://svn.haxx.se/users/archive-2006-03/0549.shtml
If so, the fix is "Header edit" from mod_headers.

-- 
Nick Kew

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] change 404 status for given filespec?

2010-04-28 Thread Gary Webster 
Hello. Thanks for the response.

Would the rewrite be 'lightweight' ?
I don't understand how I would use it to change the status code (from 404) 
when the file isn't there, yet not interrupt when the file does show up?

You are talking about "conditional logging" in Apache?  I don't think that 
would help me here.  I am not using the Apache log, but rather what 
(status) gets returned to NeoLoad, via http(s).




Eric Covener  
04/24/2010 12:22 PM
Please respond to
users@httpd.apache.org


To
users@httpd.apache.org
cc

Subject
Re: [us...@httpd] change 404 status for given filespec?




On Sat, Apr 24, 2010 at 12:09 PM, Gary Webster  
wrote:
> Hello.
>
> I thought this might be simple, but I've not been able to find anything
> which works after much searching/experimenting.
>
> I have an application which submits a job to my webserver, then polls
> every few seconds for the output result file to be available.
> I am using NeoLoad (http://www.neotys.com/) to test my server.
> When the app (& NeoLoad) polls, & the file is not there (most of the
> time), Apache returns a 404 .
> There are many of these, so my NeoLoad results show many 'errors', & I 
can
> hardly tell if I have an actual error.
>
> So, I need either someone to tell me how to get NeoLoad to 'filter' 404s
> for a given filespec, or a lightweight way to have Apache rather return
> 204, or some such, for DocumentNotFound for a given filespec.

You could configure mod_rewrite to return 410 (Gone) for some of those
resources if that would help you differentiate.

You could also disable logging for the results file ("conditional 
logging")

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

AW: [us...@httpd] Intercepting Error Responses from a handler

2010-04-28 Thread Schermuly-Koch, Achim 
>> i have an apache setup using a proprietary handler (let's call it 
>> "my-handler")
>> to render the content
>>
>> 
>>   SetHandler my-handler
>> 
>>
>> This is similar to using a php-script handler, i guess.
>>
>> Now the handler does some URI resolution magic, thus it might return a
>> 404-not found response. I would like to intercept these (and 500, 401,
>> etc. as well) and display some custom error message.
>>
>> I tried
>
>> ErrorDocument 404 /notfound.html
>
>> But that does only work for pages not beginning with "/mypages" because
>> apache does not find them. However, if i request "/mypages/nonexistent.html" 
>> which is
>> handled by "my-handler" I just see a boring 404 rendered by the handler.
>
>> Is there any way to intercept this one _easily_? I could imagine, I could set
>> up a proxy - at least I have found some documentation about intercepting in 
>> mod_proxy. >> But I really like to keep things simple (and fast).
>>
>> If mod_proxy would be the only solution, is it possible to set up this
>> "in situ", I mean on the one and same apache hosting the "my-handler"

> Since you have to write the custom response page anyway, why not have
> my-handler return it directly as a response?

For various reasons:

1. I would like to keep things simple and centralized. I would need the
   error page on the apache anyway, in case a user types in a URL, that is not
   handled by "my-handler" - thus I don't want to deploy the error pages twice.

2. I want a to show the errorpage in case my-handler is down

3. I want the error page on the apache in case the handler renders crap
   or leaks a stacktrace

4. I want to use the handler as an out of the box / black box, with
   as few customizations as possible


achim

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Intercepting Error Responses from a handler

2010-04-28 Thread John Iliffe 
On Wed, 2010-28-04 at 17:54 +0200, Schermuly-Koch, Achim wrote:
> Hi all,
> 
> i have an apache setup using a proprietary handler (let's call it 
> "my-handler") to render the content
> 
> 
>   SetHandler my-handler
> 
> 
> This is similar to using a php-script handler, i guess.
> 
> Now the handler does some URI resolution magic, thus it might return a 
> 404-not found response. I would like to intercept these (and 500, 401, etc. 
> as well) and display some custom error message.
> 
> I tried
> 
> ErrorDocument 404 /notfound.html
> 
> But that does only work for pages not beginning with "/mypages" because 
> apache does not find them. However, if i request "/mypages/nonexistent.html" 
> which is handled by "my-handler" I just see a boring 404 rendered by the 
> handler.
> 
> Is there any way to intercept this one _easily_? I could imagine, I could set 
> up a proxy - at least I have found some documentation about intercepting in 
> mod_proxy. But I really like to keep things simple (and fast).
> 
> If mod_proxy would be the only solution, is it possible to set up this "in 
> situ", I mean on the one and same apache hosting the "my-handler"
> 
> Any help appreciated
> 
> regards   achim
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>"   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
Since you have to write the custom response page anyway, why not have
my-handler return it directly as a response?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Intercepting Error Responses from a handler

2010-04-28 Thread Schermuly-Koch, Achim 
Hi all,

i have an apache setup using a proprietary handler (let's call it "my-handler") 
to render the content


  SetHandler my-handler


This is similar to using a php-script handler, i guess.

Now the handler does some URI resolution magic, thus it might return a 404-not 
found response. I would like to intercept these (and 500, 401, etc. as well) 
and display some custom error message.

I tried

ErrorDocument 404 /notfound.html

But that does only work for pages not beginning with "/mypages" because apache 
does not find them. However, if i request "/mypages/nonexistent.html" which is 
handled by "my-handler" I just see a boring 404 rendered by the handler.

Is there any way to intercept this one _easily_? I could imagine, I could set 
up a proxy - at least I have found some documentation about intercepting in 
mod_proxy. But I really like to keep things simple (and fast).

If mod_proxy would be the only solution, is it possible to set up this "in 
situ", I mean on the one and same apache hosting the "my-handler"

Any help appreciated

regards   achim

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [us...@httpd] RE: Wield problem with a reverse proxy server

2010-04-28 Thread Ruiyuan Jiang 
Hi, Justin

The request is when people type the URL www.survey.juicycouture.com with or 
without trailing tellus, the client request needs to be redirected to the site 
survery.juicycouture.com/tellus which is hosted by an outside ISP. I host the 
URL www.survey.juicycouture.com and www.survey.juicycouture.com/tellus through 
Apache reverse proxy server. I will test your suggestion. Thanks.

Ryan

-Original Message-
From: Justin Pasher [mailto:just...@newmediagateway.com] 
Sent: Wednesday, April 28, 2010 10:37 AM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] RE: Wield problem with a reverse proxy server

- Original Message -
> From: Ruiyuan Jiang 
> Date: Tue, 27 Apr 2010 15:54:24 -0400
> Subject: [us...@httpd] RE: Wield problem with a reverse proxy server
> To: users@httpd.apache.org 
> 
>
> Hi, all
>
> I posted below email but got no answer. Now I found that my Apache 2.2.15 
> stopped working. It behaves the same way as Apache 2.2.14.
> As a test, I switched the order on Apache 2.2.15 for these two virtual host 
> statements:
>
> 
> 
> 
> 
>
> 
>   ServerName  www.survey.juicycouture.com
>   Redirect/   http://survey.juicycouture.com/tellus
> 
>
> 
>   ServerName  www.survey.juicycouture.com
>   Redirect/tellus http://survey.juicycouture.com/tellus
> 
>   

You have two VirtualHost containers with the exact same settings (same 
IP:port and same ServerName). There's no way for Apache to distinguish 
between the two (it can only do so based upon the IP:port or ServerName).

What are you expecting to happen when someone visits a URL that is NOT 
http://www.survey.juicycouture.com or 
http://www.survey.juicycouture.com/tellus? Where should it go? Depending 
on the answer to this, why not just create one VirtualHost with a simple 
RewriteRule to push all requests to the new URL?

RewriteEngine on
RewriteRule . http://survey.juicycouture.com/tellus

Otherwise, just handle the two special cases

RewriteEngine on
RewriteRule ^/$ http://survey.juicycouture.com/tellus
RewriteRule ^/tellus$ http://survey.juicycouture.com/tellus

-- 
Justin Pasher

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] RE: Wield problem with a reverse proxy server

2010-04-28 Thread Justin Pasher 

- Original Message -

From: Ruiyuan Jiang 
Date: Tue, 27 Apr 2010 15:54:24 -0400
Subject: [us...@httpd] RE: Wield problem with a reverse proxy server
To: users@httpd.apache.org 


Hi, all

I posted below email but got no answer. Now I found that my Apache 2.2.15 
stopped working. It behaves the same way as Apache 2.2.14.
As a test, I switched the order on Apache 2.2.15 for these two virtual host 
statements:







ServerName  www.survey.juicycouture.com
Redirect/   http://survey.juicycouture.com/tellus



ServerName  www.survey.juicycouture.com
Redirect/tellus http://survey.juicycouture.com/tellus

  


You have two VirtualHost containers with the exact same settings (same 
IP:port and same ServerName). There's no way for Apache to distinguish 
between the two (it can only do so based upon the IP:port or ServerName).


What are you expecting to happen when someone visits a URL that is NOT 
http://www.survey.juicycouture.com or 
http://www.survey.juicycouture.com/tellus? Where should it go? Depending 
on the answer to this, why not just create one VirtualHost with a simple 
RewriteRule to push all requests to the new URL?


RewriteEngine on
RewriteRule . http://survey.juicycouture.com/tellus

Otherwise, just handle the two special cases

RewriteEngine on
RewriteRule ^/$ http://survey.juicycouture.com/tellus
RewriteRule ^/tellus$ http://survey.juicycouture.com/tellus

--
Justin Pasher

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HTML rendering capability

2010-04-28 Thread Tom Evans 
On Wed, Apr 28, 2010 at 3:12 AM, rangeli nepal  wrote:
> Good Evening Everybody,
>
> I am not sure if I am asking this question at right forum or not. I am sorry
> if it is not the right forum.
> I am wondering "if there is way based on http headers to determine if the
> requesting party has html rendering capability or not"?
> Any ideas or suggestion will be appreciated.
> Thank you.
> Santos
>

Most browsers will send an Accept header:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

If the header isn't there, you should assume that they can handle all
content types.

Cheers

Tom

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HTML rendering capability

2010-04-28 Thread Jonathan Zuckerman 
On Tue, Apr 27, 2010 at 10:12 PM, rangeli nepal wrote:

> Good Evening Everybody,
>
> I am not sure if I am asking this question at right forum or not. I am
> sorry if it is not the right forum.
> I am wondering "if there is way based on http headers to determine if the
> requesting party has html rendering capability or not"?
> Any ideas or suggestion will be appreciated.
> Thank you.
> Santos
>

This is definitely not the right forum for that question, I think this is
dedicated to questions about installing and configuring the apache web
server, however.. I think it's a safe bet that if someone is transporting
data on the hypertext transfer protocol, you can expect that they have the
ability to parse hypertext markup language.

Re: [us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects

2010-04-28 Thread Timo Meinen 
Hi,

yes SSLProxyEngine On is activated in the SSL VirtualHost. But this
doens't help.

Timo

2010/4/28 Arunkumar Janarthanan :
> Hi,
>
> Did you try the "sslProxyEngine On", However I have got the specific error
> in my Apache log stating have to check this one.
>
> Hope this helps.
>
> Best Regards,
> Arun Janarthanan
>
> On Wed, Apr 28, 2010 at 5:44 AM, Mauri  wrote:
>>
>> Hi Timo.
>>
>> i don't know ajp protocol, but I have a similar configuration.
>> this is my configuration that work fine with apache, mod_proxy as frontend
>> and a tomcat 6 with SSL (8443) as backend.
>> u don't set the end point (spike/) but only the ProxyPass. I'm using
>> another modules, also.
>> Please check my configuration. I hope it can help you.
>> Read this tutorial, it's very usefull:
>> http://www.apachetutor.org/admin/reverseproxies
>>
>> Cheers,
>> Mauri
>>
>> LoadModule ssl_module modules/mod_ssl.so
>> LoadFile   /usr/lib/libxml2.so
>> LoadModule proxy_html_module modules/mod_proxy_html.so
>> LoadModule xml2enc_module modules/mod_xml2enc.so
>> LoadModule headers_module    modules/mod_headers.so
>>
>> AddType application/x-httpd-php .amf
>> AddType video/x-ms-asf asf asx
>> AddType audio/x-ms-wma .wma
>> AddType  application/octet-stream  .doc .xls .pdf
>> AddType application/x-shockwave-flash  swf
>>
>> Listen 443
>> Listen 80
>> AddType application/x-x509-ca-cert .crt
>> AddType application/x-pkcs7-crl    .crl
>> SSLPassPhraseDialog  builtin
>> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
>> SSLSessionCacheTimeout  300
>> SSLMutex default
>> SSLRandomSeed startup file:/dev/urandom  256
>> SSLRandomSeed connect builtin
>> SSLCryptoDevice builtin
>>
>> NameVirtualHost mydomain.com:443
>> 
>> ServerName mydomain.com
>> ProxyRequests off
>> ProxyPass / https://10.173.90.167:8443/
>> ProxyHTMLURLMap https://10.173.90.167:8443 /
>> 
>>     ProxyPassReverse https://10.173.90.167:8443/
>>     ProxyHTMLEnable On
>>     ProxyHTMLURLMap  /  /
>>     RequestHeader    unset  Accept-Encoding
>> 
>> SSLEngine on
>> SSLProxyEngine on
>> SSLProtocol all -SSLv2
>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>> SSLCertificateFile /etc/httpd/cert/certificate.cer
>> SSLCertificateKeyFile /etc/httpd/cert/certificate.key
>> SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
>>
>> 
>>     SSLOptions +StdEnvVars
>> 
>> 
>>     SSLOptions +StdEnvVars
>> 
>> SetEnvIf User-Agent ".*MSIE.*" \
>>  nokeepalive ssl-unclean-shutdown \
>>  downgrade-1.0 force-response-1.0
>> CustomLog logs/ssl_request_log \
>>   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>> 
>>
>>
>>
>>
>> 2010/4/28 Timo Meinen 
>>>
>>> Hi,
>>>
>>> I have a problem with our reverse proxy. I asked this question to the
>>> tomcat-users mailinglist, too, but no one could help me and I am
>>> absolutely stuck with this problem. So, I hope some of the httpd
>>> experts here, may have an idea:
>>>
>>> Our configuration is a Apache 2.2 web server, acting as a reverse
>>> proxy for Tomcat 6. This is the configuration:
>>>
>>> ServerName it.localhost.de
>>> ProxyPass               /       ajp://127.0.0.1:8009/spike/
>>> ProxyPassReverse        /       ajp://127.0.0.1:8009/spike/
>>> ProxyPassReverseCookiePath      /spike  /
>>>
>>> (This is the configuration in the VirtualHost entry for port 80. There
>>> is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).
>>>
>>> As you can see, the webapp is hosted under ContextPath /spike but
>>> available through the proxy via /. Everything works fine, until the
>>> webapp sends an redirect to HTTPS. This is done via SpringSecurity.
>>> The problem is, that the ProxyPassReverse directive doesn't catch the
>>> ContextPath and converts it, if it includes the complete address.
>>> These are the logs from the web browser:
>>>
>>> GET http://it.localhost.de/users/65 => 302 =>
>>> https://it.localhost.de/spike/users/65
>>>
>>> 1) Why does the ProxyPassReverse doesn't convert the /spike back to /
>>> in https://it.localhost.de/spike/users/65? Is it because the Header
>>> isn't relative? The protocol is still AJP and so the Proxy should know
>>> how to convert it, right?
>>> 1a) If so, how could the webapp switch from http to https and vice
>>> versa, when not able to send the absolute address with a new protocol?
>>>
>>> After this, I tried to set additional ProxyPassReverse directives:
>>>
>>> ProxyPassReverse    /    https://it.localhost.de/spike/
>>> ProxyPassReverse    /    http://it.localhost.de/spike/
>>>
>>> This time, the /spike/ is converted to /, but the two directives leads
>>> to an infintive loop of redirects to
>>> http://it.localhost.de/.
>>>
>>> 2) How can I stop this loop? or better
>>> 3) How can I configure the ProxyPassReverse correctly?
>>>
>>> Thank you very much for any help
>>> Timo
>>>
>>> Here are the debug information from httpd:
>>>
>>> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy:
>>> APR_BUCKET_IS_EOS
>>

Re: [us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects

2010-04-28 Thread Arunkumar Janarthanan 
Hi,

Did you try the "sslProxyEngine On", However I have got the specific error
in my Apache log stating have to check this one.

Hope this helps.

Best Regards,
Arun Janarthanan

On Wed, Apr 28, 2010 at 5:44 AM, Mauri  wrote:

> Hi Timo.
>
> i don't know ajp protocol, but I have a similar configuration.
> this is my configuration that work fine with apache, mod_proxy as frontend
> and a tomcat 6 with SSL (8443) as backend.
> u don't set the end point (spike/ ) but only
> the ProxyPass. I'm using another modules, also.
> Please check my configuration. I hope it can help you.
> Read this tutorial, it's very usefull:
> http://www.apachetutor.org/admin/reverseproxies
>
> Cheers,
> Mauri
>
> LoadModule ssl_module modules/mod_ssl.so
> LoadFile   /usr/lib/libxml2.so
> LoadModule proxy_html_module modules/mod_proxy_html.so
> LoadModule xml2enc_module modules/mod_xml2enc.so
> LoadModule headers_modulemodules/mod_headers.so
>
> AddType application/x-httpd-php .amf
> AddType video/x-ms-asf asf asx
> AddType audio/x-ms-wma .wma
> AddType  application/octet-stream  .doc .xls .pdf
> AddType application/x-shockwave-flash  swf
>
> Listen 443
> Listen 80
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl.crl
> SSLPassPhraseDialog  builtin
> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom  256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
>
> NameVirtualHost mydomain.com:443
> 
> ServerName mydomain.com
> ProxyRequests off
> ProxyPass / https://10.173.90.167:8443/
> ProxyHTMLURLMap https://10.173.90.167:8443 /
> 
> ProxyPassReverse https://10.173.90.167:8443/
> ProxyHTMLEnable On
> ProxyHTMLURLMap  /  /
> RequestHeaderunset  Accept-Encoding
> 
> SSLEngine on
> SSLProxyEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> SSLCertificateFile /etc/httpd/cert/certificate.cer
> SSLCertificateKeyFile /etc/httpd/cert/certificate.key
> SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
>
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>  nokeepalive ssl-unclean-shutdown \
>  downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
>   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
>
>
>
>
> 2010/4/28 Timo Meinen 
>
> Hi,
>>
>> I have a problem with our reverse proxy. I asked this question to the
>> tomcat-users mailinglist, too, but no one could help me and I am
>> absolutely stuck with this problem. So, I hope some of the httpd
>> experts here, may have an idea:
>>
>> Our configuration is a Apache 2.2 web server, acting as a reverse
>> proxy for Tomcat 6. This is the configuration:
>>
>> ServerName it.localhost.de
>> ProxyPass   /   ajp://127.0.0.1:8009/spike/
>> ProxyPassReverse/   ajp://127.0.0.1:8009/spike/
>> ProxyPassReverseCookiePath  /spike  /
>>
>> (This is the configuration in the VirtualHost entry for port 80. There
>> is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).
>>
>> As you can see, the webapp is hosted under ContextPath /spike but
>> available through the proxy via /. Everything works fine, until the
>> webapp sends an redirect to HTTPS. This is done via SpringSecurity.
>> The problem is, that the ProxyPassReverse directive doesn't catch the
>> ContextPath and converts it, if it includes the complete address.
>> These are the logs from the web browser:
>>
>> GET http://it.localhost.de/users/65 => 302 =>
>> https://it.localhost.de/spike/users/65
>>
>> 1) Why does the ProxyPassReverse doesn't convert the /spike back to /
>> in https://it.localhost.de/spike/users/65? Is it because the Header
>> isn't relative? The protocol is still AJP and so the Proxy should know
>> how to convert it, right?
>> 1a) If so, how could the webapp switch from http to https and vice
>> versa, when not able to send the absolute address with a new protocol?
>>
>> After this, I tried to set additional ProxyPassReverse directives:
>>
>> ProxyPassReverse/https://it.localhost.de/spike/
>> ProxyPassReverse/http://it.localhost.de/spike/
>>
>> This time, the /spike/ is converted to /, but the two directives leads
>> to an infintive loop of redirects to
>> http://it.localhost.de/.
>>
>> 2) How can I stop this loop? or better
>> 3) How can I configure the ProxyPassReverse correctly?
>>
>> Thank you very much for any help
>> Timo
>>
>> Here are the debug information from httpd:
>>
>> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy:
>> APR_BUCKET_IS_EOS
>> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data
>> to read (max 8186 at 4)
>> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0
>> bytes of data
>> [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_r

Re: [us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects

2010-04-28 Thread Mauri 
Hi Timo.

i don't know ajp protocol, but I have a similar configuration.
this is my configuration that work fine with apache, mod_proxy as frontend
and a tomcat 6 with SSL (8443) as backend.
u don't set the end point (spike/ ) but only
the ProxyPass. I'm using another modules, also.
Please check my configuration. I hope it can help you.
Read this tutorial, it's very usefull:
http://www.apachetutor.org/admin/reverseproxies

Cheers,
Mauri

LoadModule ssl_module modules/mod_ssl.so
LoadFile   /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule headers_modulemodules/mod_headers.so

AddType application/x-httpd-php .amf
AddType video/x-ms-asf asf asx
AddType audio/x-ms-wma .wma
AddType  application/octet-stream  .doc .xls .pdf
AddType application/x-shockwave-flash  swf

Listen 443
Listen 80
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog  builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

NameVirtualHost mydomain.com:443

ServerName mydomain.com
ProxyRequests off
ProxyPass / https://10.173.90.167:8443/
ProxyHTMLURLMap https://10.173.90.167:8443 /

ProxyPassReverse https://10.173.90.167:8443/
ProxyHTMLEnable On
ProxyHTMLURLMap  /  /
RequestHeaderunset  Accept-Encoding

SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/certificate.cer
SSLCertificateKeyFile /etc/httpd/cert/certificate.key
SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"





2010/4/28 Timo Meinen 

> Hi,
>
> I have a problem with our reverse proxy. I asked this question to the
> tomcat-users mailinglist, too, but no one could help me and I am
> absolutely stuck with this problem. So, I hope some of the httpd
> experts here, may have an idea:
>
> Our configuration is a Apache 2.2 web server, acting as a reverse
> proxy for Tomcat 6. This is the configuration:
>
> ServerName it.localhost.de
> ProxyPass   /   ajp://127.0.0.1:8009/spike/
> ProxyPassReverse/   ajp://127.0.0.1:8009/spike/
> ProxyPassReverseCookiePath  /spike  /
>
> (This is the configuration in the VirtualHost entry for port 80. There
> is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).
>
> As you can see, the webapp is hosted under ContextPath /spike but
> available through the proxy via /. Everything works fine, until the
> webapp sends an redirect to HTTPS. This is done via SpringSecurity.
> The problem is, that the ProxyPassReverse directive doesn't catch the
> ContextPath and converts it, if it includes the complete address.
> These are the logs from the web browser:
>
> GET http://it.localhost.de/users/65 => 302 =>
> https://it.localhost.de/spike/users/65
>
> 1) Why does the ProxyPassReverse doesn't convert the /spike back to /
> in https://it.localhost.de/spike/users/65? Is it because the Header
> isn't relative? The protocol is still AJP and so the Proxy should know
> how to convert it, right?
> 1a) If so, how could the webapp switch from http to https and vice
> versa, when not able to send the absolute address with a new protocol?
>
> After this, I tried to set additional ProxyPassReverse directives:
>
> ProxyPassReverse/https://it.localhost.de/spike/
> ProxyPassReverse/http://it.localhost.de/spike/
>
> This time, the /spike/ is converted to /, but the two directives leads
> to an infintive loop of redirects to
> http://it.localhost.de/.
>
> 2) How can I stop this loop? or better
> 3) How can I configure the ProxyPassReverse correctly?
>
> Thank you very much for any help
> Timo
>
> Here are the debug information from httpd:
>
> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy:
> APR_BUCKET_IS_EOS
> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data
> to read (max 8186 at 4)
> [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0
> bytes of data
> [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header:
> ajp_ilink_received 04
> [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got
> 04
> [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(491):
> ajp_unmarshal_response: status = 302
> [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(502):
> ajp_unmarshal_response: Number of headers is = 2
> [Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(1071): ppr: real:
> ajp://127.0.0.1:9091/spike/
> [Tue Ap

[us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects

2010-04-28 Thread Timo Meinen 
Hi,

I have a problem with our reverse proxy. I asked this question to the
tomcat-users mailinglist, too, but no one could help me and I am
absolutely stuck with this problem. So, I hope some of the httpd
experts here, may have an idea:

Our configuration is a Apache 2.2 web server, acting as a reverse
proxy for Tomcat 6. This is the configuration:

ServerName it.localhost.de
ProxyPass   /   ajp://127.0.0.1:8009/spike/
ProxyPassReverse/   ajp://127.0.0.1:8009/spike/
ProxyPassReverseCookiePath  /spike  /

(This is the configuration in the VirtualHost entry for port 80. There
is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).

As you can see, the webapp is hosted under ContextPath /spike but
available through the proxy via /. Everything works fine, until the
webapp sends an redirect to HTTPS. This is done via SpringSecurity.
The problem is, that the ProxyPassReverse directive doesn't catch the
ContextPath and converts it, if it includes the complete address.
These are the logs from the web browser:

GET http://it.localhost.de/users/65 => 302 =>
https://it.localhost.de/spike/users/65

1) Why does the ProxyPassReverse doesn't convert the /spike back to /
in https://it.localhost.de/spike/users/65? Is it because the Header
isn't relative? The protocol is still AJP and so the Proxy should know
how to convert it, right?
1a) If so, how could the webapp switch from http to https and vice
versa, when not able to send the absolute address with a new protocol?

After this, I tried to set additional ProxyPassReverse directives:

ProxyPassReverse/https://it.localhost.de/spike/
ProxyPassReverse/http://it.localhost.de/spike/

This time, the /spike/ is converted to /, but the two directives leads
to an infintive loop of redirects to
http://it.localhost.de/.

2) How can I stop this loop? or better
3) How can I configure the ProxyPassReverse correctly?

Thank you very much for any help
Timo

Here are the debug information from httpd:

[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy:
APR_BUCKET_IS_EOS
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data
to read (max 8186 at 4)
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0
bytes of data
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header:
ajp_ilink_received 04
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got 04
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(491):
ajp_unmarshal_response: status = 302
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(502):
ajp_unmarshal_response: Number of headers is = 2
[Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(1071): ppr: real:
ajp://127.0.0.1:9091/spike/
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564):
ajp_unmarshal_response: Header[0] [Location] =
[https://it.localhost.de/spike/users/3]
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564):
ajp_unmarshal_response: Header[1] [Content-Length] = [0]
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header:
ajp_ilink_received 05
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got 05
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(498): proxy: got
response from 127.0.0.1:9091 (127.0.0.1)
[Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(2062): proxy: AJP: has
released connection for (127.0.0.1)
[Tue Apr 27 16:54:39 2010] [info] Initial (No.1) HTTPS request
received for child 9 (server it.localhost.de:80)
[Tue Apr 27 16:54:44 2010] [debug] mod_proxy_ajp.c(45): proxy: AJP:
canonicalising URL //127.0.0.1:9091/spike/spike/users/3
[Tue Apr 27 16:54:44 2010] [debug] proxy_util.c(1488): [client
85.183.135.210] proxy: ajp: found worker ajp://127.0.0.1:9091/spike/
for ajp://127.0.0.1:9091/spike/spike/users/3, referer:
http://it.localhost.de/


Problem is that the "ajp_unmarshal_response: Header[0] [Location] =
[https://it.localhost.de/spike/users/3]"; doesn't remove the /spike in
the response, so that the next request will lead to the
doubled-context-path: ajp://127.0.0.1:9091/spike/spike/users/3.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Redirecting URL to a location

2010-04-28 Thread Luc Bastiaenssen 




Another way to consider is to use a redirect like this:

RedirectMatch permanent ^/notes([/]*)$ /notes/

Luc

On 28/04/2010 9:06, Igor Cicimov wrote:
On the second thought this should work (tested):
  

   DirectorySlash On

  
Any way, shouldn't the trailing slash automatically be added by mod_dir
starting from apache2.0.5?
  
Igor
  
  On Wed, Apr 28, 2010 at 4:51 PM, Edgar Frank
   wrote:
  2010/04/28
Yang Zhang
>Everything works fine, but is there a simple
way for me to make
>/notes get redirected to /notes/?


Hi,

first - IIRC you can't rewrite inside a location. Secondly - you
want the PT-Flag in your rewrite rule. This allows the
Location-handler to kick in after the rewrite - otherwise the URL
respectively the result of the rewrite is considered as "mapped
to filespace".

Regards,
Edgar



-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html>
for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



  
  
  


--

Re: [us...@httpd] Redirecting URL to a location

2010-04-28 Thread Igor Cicimov 
On the second thought this should work (tested):


   DirectorySlash On


Any way, shouldn't the trailing slash automatically be added by mod_dir
starting from apache2.0.5?

Igor

On Wed, Apr 28, 2010 at 4:51 PM, Edgar Frank  wrote:

> 2010/04/28 Yang Zhang
> >Everything works fine, but is there a simple way for me to make
> >/notes get redirected to /notes/?
>
> Hi,
>
> first - IIRC you can't rewrite inside a location. Secondly - you
> want the PT-Flag in your rewrite rule. This allows the
> Location-handler to kick in after the rewrite - otherwise the URL
> respectively the result of the rewrite is considered as "mapped
> to filespace".
>
> Regards,
> Edgar
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>