[users@httpd] Re: mod_proxy ProxyPassReverse incorrectly adjusting Location header in redirect?
Rainer Frey rainer.frey at inxmail.de writes: So the result of ProxyPassReverse will *always* be a URL within the current VHost, but you need to send a redirect to your other, non-SSL VHost. Another idea is using mod_headers to process the Location header in the proxy response. But I'm not sure that will work, depending on how Apache will chain mod_proxy and mod_headers in that case. This is the misunderstanding. The URL as second argument to the ProxyPassReverse directive is *not* used in the response in any way, it is only used to match a location header returned by a proxy backend to determine if and what to replace. The replacement is always the current host URL. Excellent, you pinpointed my confusion exactly. I misunderstood ProxyPassReverse to be a URL rewriting rule for the response headers, including the protocol part of the URL. I went and played with the mod_proxy source to see what actually happens and saw that the protocol to use in fixing the Location header is determined by ap_http_scheme(), not from what is listed in the ProxyPassReverse directive. Without delving deeper into the code, I assume this is what you are explaining to me, that the protocol will always be that of the current VHost. In my case, since I am reverse-proxying the entire site, I can just remove the ProxyPassReverse directives and use mod_headers like you suggest, globally applying Header edit Location internal.example.com www.example.com This is working great. Thanks very much for helping me get straightened out! Charlie - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_proxy ProxyPassReverse incorrectly adjusting Location header in redirect?
Hi, as an interim solution in an internal reorganization of server resources, I want to use mod_proxy as a reverse proxy to move the entire functionality of a public-facing server (www.example.com) to an internal server (internal.example.com). (configuration at end) https is used in this site only for logging in, after which a 302 redirect is issued pointing to http://www.example.com/home.html, and the session continues through http. I am having trouble getting ProxyPassReverse to rewrite the Location header in the redirect properly. Here's the sequence: -client sends POST login credentials to https://www.example.com/login.html -request is proxied by https://www.example.com to https://internal.example.com/login.html -login succeeds, respond with 302 redirect to http://internal.example.com/home.html -reply goes to https://www.example.com - ProxyPassReverse rewrites the Location header from http://internal.example.com/home.html to https://www.example.com/home.html -reply received by client, which acts on the redirect The starred *** step is what is going wrong, as the proxy is changing the http to https despite the explicit ProxyPassReverse / http://internal.example.com; line. I have tried many different tweaks to the configuration, but I always find that the header is rewritten back to https despite my explicitly specifying http in the response. I feel like I must be misunderstanding something here. Can anyone help me untangle it? Regards, Charlie Katz configuration on www.example.com VirtualHost _default_:80 ProxyRequests off ProxyPass / http://internal.example.com/ ProxyPassReverse / http://internal.example.com/ ProxyPassReverse / https://internal.example.com/ ProxyPassReverseCookieDomain internal.example.com www.example.com /VirtualHost VirtualHost _default_:443 SSLProxyEngine on ProxyRequests off ProxyPass / https://internal.example.com/ ProxyPassReverse / http://internal.example.com/ # ProxyPassReverse / https://internal.example.com/ # same behavior with or without this line ProxyPassReverseCookieDomain internal.example.com www.example.com /VirtualHost - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
