[users@httpd] Targeting specific files in reverse proxy mode
I have setup apache2 to run in reverse proxy mode with mod_proxy and ProxyPass. I am trying to target the robots.txt file to modify it with mod_ext_filter and am having no such luck. I have mod_ext_filter working fine changing links on other parts of the site, So I don't believe it's configuration is an issue. ExtFilterDefine robots mode=output cmd="/usr/bin/robots.pl" SetOutputFilter robots Using the Files directive is not working and I read somewhere that it won't work because I am using a reverse proxy and that I should use the Location directive. Is that correct? What would be the proper way to target the robots.txt file so I can process it with mod_ext_filter? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Mod_Rewrite and reverse proxy
Is it possible to use Mod_Rewrite and apache in reverse proxy mode simultaneously? I have a web server (server1) that is a mirror of another of another web server (server2) and all requests from the server1 are reverse proxyed to server2. The robots.txt from server2 needs to be changed to disallow crawling when accessed through server1. So I created a robots2.txt, uploaded onto server2 and tried this configuration on server1 but it is not working. RewriteEngine on RewriteBase / RewriteRule ^robots\.txt$ robots2.txt ProxyPass / http://www.server2/ retry=0 ProxyPassReverse / http://www.server2/ ProxyPreserveHost On Any recommendations as to how to accomplish this are very much appreciated. Thank you. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mod_Rewrite and reverse proxy
On Wed, Apr 20, 2011 at 4:58 PM, Mark Montague wrote: > On April 20, 2011 18:43 , Joel Donahue wrote: >> >> Is it possible to use Mod_Rewrite and apache in reverse proxy mode >> simultaneously? > >> >> RewriteEngine on >> RewriteBase / >> RewriteRule ^robots\.txt$ robots2.txt >> >> >> ProxyPass / http://www.server2/ retry=0 >> ProxyPassReverse / http://www.server2/ >> ProxyPreserveHost On > > > Yes, but the stanza applies to files that are being served from > the front-end server's filesystem. The rewrite rules you put in the > stanza have no effect because the requests are being proxied, > not served from the filesystem. > > Move the RewriteEngine and RewriteRule directives out of the > context and into the virtual host context with the ProxyPass directive. You > should also get rid of the RewriteBase directive and make the RewriteRule > directive operate on absolute (not relative) URLs, like this: > > RewriteRule ^/robots\.txt$ /robots2.txt > > -- > Mark Montague > m...@catseye.org > > I just realized I wasn't replying to the list Here is the config that got it working thanks to Mark's suggestions ServerName server1 ServerAlias server1 ProxyPass / server2/ retry=0 ProxyPassReverse / server2/ ProxyPreserveHost On RewriteEngine on RewriteRule ^/robots\.txt$ /robots2.txt [PT] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Basic Auth with ProxyPass Through SSL
I am setting up a reverse proxy to an internal webserver from an apache server with a public IP. I want to use Basic Auth and SSL on the public apache server which then forwards standard http, non-ssl traffic, to the internal webserver. Basic auth with ProxyPass works perfectly without using ssl but when using ssl the browser prompts me for the credentials but apache never accepts them as valid. Accessing the internal site with ssl and ProxyPass WITHOUT basic auth required works as well. This configuration works great without using ssl: ProxyPass / http://site.internal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On AuthType Basic AuthName "Restricted Area" AuthUserFile /usr/local/apache/access-file Require valid-user However this configuration does not work, however if I remove basic auth I can get through: ProxyPass / http://site.interal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On AuthType Basic AuthName "AFC Restricted Access" AuthUserFile /user/local/apache/access-file Require valid-user What am I missing? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Basic Auth with ProxyPass Through SSL
On Thu, Jul 28, 2011 at 1:06 PM, Tim Watts wrote: > On 28/07/11 19:23, Joel Donahue wrote: >> >> I am setting up a reverse proxy to an internal webserver from an >> apache server with a public IP. I want to use Basic Auth and SSL on >> the public apache server which then forwards standard http, non-ssl >> traffic, to the internal webserver. Basic auth with ProxyPass works >> perfectly without using ssl but when using ssl the browser prompts me >> for the credentials but apache never accepts them as valid. Accessing >> the internal site with ssl and ProxyPass WITHOUT basic auth required >> works as well. >> >> This configuration works great without using ssl: >> >> >> >> ProxyPass / http://site.internal/ retry=0 >> ProxyPassReverse / http://site.internal/ >> ProxyPreserveHost On >> >> >> AuthType Basic >> AuthName "Restricted Area" >> AuthUserFile /usr/local/apache/access-file >> Require valid-user >> >> >> >> >> However this configuration does not work, however if I remove basic >> auth I can get through: >> >> >> >> ProxyPass / http://site.interal/ retry=0 >> ProxyPassReverse / http://site.internal/ >> ProxyPreserveHost On >> >> >> AuthType Basic >> AuthName "AFC Restricted Access" >> AuthUserFile /user/local/apache/access-file >> Require valid-user >> >> >> >> >> What am I missing? >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> Seehttp://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > Anything in the apache logs? > > I can't see anything straight off that's wrong. > > Here's the recipe I use which is known to work: > > http://squiddy.blog.dionic.net/2011/06/apache-22-pam-authentication-and-ssl.html > > That breaks it down a bit, and does more (always does an SSL redirect for an > auth'd location for security) but it should work for you if you change the > Auth* lines in /etc/apache2/snippets/auth > > I tend to dispense with ProxyPass in favour of Rewrite rules with the Proxy > flag - just for my sanity, as then I can be sure of the order of execution > of the various rewrites. > > But I do a lot of what you are doing (in my case, proxy through to various > tomcat servers) mixed with PAM (ultimately LDAP) auth - but any auth method > will work with the recipe above... > > It looks fiddly, but there is an explanation and the snippets/* files are > invariant across sites/servers (unless you need different auth methods or > files of course). > > Sorry - in a rush, supper cooked - I'll come back later if anything doesn;t > make sense... > > Cheers > > Tim > > -- > Tim Watts > Personal Blog: http://www.dionic.net/tim/ > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > I got it working now. I didn't see anything in the logs to start with because I wasn't checking the ssl logs. It was a simple typo. I used 'user' and not 'usr' AuthUserFile /user/local/apache/access-file changed to AuthUserFile /usr/local/apache/access-file Thanks for your help Tim. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
