[EMAIL PROTECTED] Passing WIA Information
Is it possible to pass WIA information to a backend IIS5 server using Apache 2.0.55, reverse proxy and SSL? R2 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2.055 Best Practices
Title: Message All, I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall. My Apache server listens on both ports 443 and 80. The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues. The traffic on port 80 is redirected to another machine running IIS using a reverse proxy. I also have a third machine serving images. All of the traffic from my DMZ to my backend servers must do so over 1 port. VirtualHost _default_:80 DocumentRoot "e:/apache2/htdocs2" ServerName portal.mda.mil ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /xyz http://xyzmachine:9030/xyz ProxyPassReverse /xyz http://xyzmachine:9030/xyz ProxyPass /imagerequest http://imagemachine:9030/imagerequest ProxyPassReverse /imagerequest http://imagemachine:9030/imagerequest My challenges are: The pages are served correctly by the URL's are not being preserved, and the links on the served pages are also not being preserved. i.e.: An inbound request may look like: http://www.sumplace.com/xyz/somefunction.htm The page returned to the browser will have the url: http://xyzmachine:9030/xyz/somefunction.htm And the links on the page will also have the issue. I've tried using the ProxyPreserverHost directive, which really didn't help. Question: How can I forward the URL to the backend and have all of the URL's return to the browser with the proper URL's? Thanks for any assistance. R2
RE: [EMAIL PROTECTED] Apache 2.055 Best Practices
Mr. Boyle, Thanks for the reply, sorry about the inadvertant post. I hit send befor typingnot enough coffee yet. Anyway, you were correct about the typo. There are only the two directives. I'm attaching my httpd.conf file. This one is for the Apache server that's listening on port 80 only, but exhibits the same behavior. The access log does show lots of 304's 302's, but I'm seeing a lot of 200's for the imagemachine requests as well. R2 -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 2:38 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Montag, 6. Februar 2006 16:37 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2.055 Best Practices All, I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall. My Apache server listens on both ports 443 and 80. The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues. The traffic on port 80 is redirected to another machine running IIS using a reverse proxy. I also have a third machine serving images. All of the traffic from my DMZ to my backend servers must do so over 1 port. redirected A redirection is an alternative to proxying - the server responds to the client with a 301 or 302 and the client makes a new request directly to the new server. To do this you use Redirect directives or mod_rewrite with the [R] flag. Is this what you are doing (you don't have any directives like this in the config below)? VirtualHost _default_:80 DocumentRoot e:/apache2/htdocs2 ServerName portal.mda.mil ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /xyz http://xyzmachine:9030/xyz http://xyzmachine:9030/xyz ProxyPassReverse /xyz http://xyzmachine:9030/xyz http://xyzmachine:9030/xyz ProxyPass /imagerequest http://imagemachine:9030/imagerequest http://imagemachine:9030/imagerequest ProxyPassReverse /imagerequest http://imagemachine:9030/imagerequest http://imagemachine:9030/imagerequest Why have you got *three* arguments to the Proxy directives? You can only have [path] [url] - I assume this is a typo... My challenges are: The pages are served correctly by the URL's are not being preserved, and the links on the served pages are also not being preserved. i.e.: An inbound request may look like: http://www.sumplace.com/xyz/somefunction.htm http://www.sumplace.com/xyz/somefunction.htm The page returned to the browser will have the url: http://xyzmachine:9030/xyz/somefunction.htm http://xyzmachine:9030/xyz/somefunction.htm Pages don't have URLs. The client requests a URL and the server returns a page (with no indication of what was originally requested). The URL you see in the browser is a record of what the browser requested to get the page you see. If this changes from what you typed in, it's because the original server sent a 301 or 302 redirect to a new URL. The browser then requested this page and changed the URL in the address bar. Your results look exactly like you are redirecting instead of proxying. My guess is that you have some other directives somewhere that we don't know about (further up the config, outside the VH, in a .htaccess file)? These are being hit before we get to the Proxy directives and causing the redirect. Look in the access log and see what HTTP-status you are getting for these requests (I bet it's 301/302 - it should be 200). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. And the links on the page will also have the issue. I've tried using the ProxyPreserverHost directive, which really didn't help. Question: How can I forward the URL to the backend and have all of the URL's return to the browser with the proper URL's? Thanks for any assistance. R2 Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any
RE: [EMAIL PROTECTED] Apache 2.055 Best Practices
Sorry about the shyness, although even if I wasn't, the access is ip restricted. I appreciate your looking at the file and thanks for the advice, I'll continue to investigate the backend. The thing that strikes me as odd, is that the links on the returned page are that of the proxy i.e. http://xyz2:port/xyz. This may sound like a dumb question, but from my point of view (network engineering) please forgive. Which would you recommend using, mod_proxy or mod_rewrite for doinf this type of traffic manipulation? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 9:30 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Dienstag, 7. Februar 2006 15:16 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices Mr. Boyle, Thanks for the reply, sorry about the inadvertant post. I hit send befor typingnot enough coffee yet. Anyway, you were correct about the typo. There are only the two directives. I'm attaching my httpd.conf file. I don't normally like ploughing throw other people's config... but I had a look at yours since it wasn't too long... There are no obvious redirects (unless in .htaccess files) so my guess is that it is the back-end server that is issuing the redirects. Something like: client (request) - apache, apache (proxy request) - backend, backend (redirect to backend) - apache apache () - client client (reads redirect, new request) - backend NB the client must have a path to the backend... So check out the backend's config. BTW, if you weren't so coy about your domain names etc., we could check it out directly. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. This one is for the Apache server that's listening on port 80 only, but exhibits the same behavior. The access log does show lots of 304's 302's, but I'm seeing a lot of 200's for the imagemachine requests as well. R2 -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 2:38 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Montag, 6. Februar 2006 16:37 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2.055 Best Practices All, I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall. My Apache server listens on both ports 443 and 80. The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues. The traffic on port 80 is redirected to another machine running IIS using a reverse proxy. I also have a third machine serving images. All of the traffic from my DMZ to my backend servers must do so over 1 port. redirected A redirection is an alternative to proxying - the server responds to the client with a 301 or 302 and the client makes a new request directly to the new server. To do this you use Redirect directives or mod_rewrite with the [R] flag. Is this what you are doing (you don't have any directives like this in the config below)? VirtualHost _default_:80 DocumentRoot e:/apache2/htdocs2 ServerName portal.mda.mil ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /xyz http://xyzmachine:9030/xyz http://xyzmachine:9030/xyz ProxyPassReverse /xyz http://xyzmachine:9030/xyz http://xyzmachine:9030/xyz ProxyPass /imagerequest http://imagemachine:9030/imagerequest http://imagemachine:9030/imagerequest ProxyPassReverse /imagerequest http://imagemachine:9030/imagerequest http://imagemachine:9030/imagerequest Why have you got *three* arguments to the Proxy directives? You can only have [path] [url] - I assume this is a typo... My challenges are: The pages are served correctly by the URL's are not being preserved, and the links on the served pages are also not being preserved. i.e.: An inbound request may look like: http://www.sumplace.com/xyz/somefunction.htm http://www.sumplace.com/xyz/somefunction.htm The page returned to the browser will have the url: http://xyzmachine:9030/xyz/somefunction.htm http://xyzmachine:9030/xyz/somefunction.htm Pages don't have URLs. The client requests a URL and the server returns a page (with no indication of what was originally requested). The URL you see in the browser is a record of what the browser requested to get the page you see. If this changes from what you typed in, it's because
RE: [EMAIL PROTECTED] Apache 2.055 Best Practices
Ok, I forgot to mention that I have a host file entry that points xyz2 to the backend server ip address that has a completely different url. The porxy points to that entry. -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 10:05 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Dienstag, 7. Februar 2006 15:55 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices Sorry about the shyness, although even if I wasn't, the access is ip restricted. I appreciate your looking at the file and thanks for the advice, I'll continue to investigate the backend. The thing that strikes me as odd, is that the links on the returned page are that of the proxy i.e. http://xyz2:port/xyz. Not of the proxy, they are of the backend. The proxy is in front, the backend is behind. The URL modification in the browser is exactly what happens when the client is redirected. This may sound like a dumb question, but from my point of view (network engineering) please forgive. Which would you recommend using, mod_proxy or mod_rewrite for doinf this type of traffic manipulation? Proxy. You want to hide the URLs on the backend (they don't even need to be accessible from the client - the backend can be on a private network). You need to look at the HTTP traffic directly to see the headers. Use wget -v or firefox with http://livehttpheaders.mozdev.org/ or just telnet to the server and issue the GET by hand. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 9:30 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Dienstag, 7. Februar 2006 15:16 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices Mr. Boyle, Thanks for the reply, sorry about the inadvertant post. I hit send befor typingnot enough coffee yet. Anyway, you were correct about the typo. There are only the two directives. I'm attaching my httpd.conf file. I don't normally like ploughing throw other people's config... but I had a look at yours since it wasn't too long... There are no obvious redirects (unless in .htaccess files) so my guess is that it is the back-end server that is issuing the redirects. Something like: client (request) - apache, apache (proxy request) - backend, backend (redirect to backend) - apache apache () - client client (reads redirect, new request) - backend NB the client must have a path to the backend... So check out the backend's config. BTW, if you weren't so coy about your domain names etc., we could check it out directly. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. This one is for the Apache server that's listening on port 80 only, but exhibits the same behavior. The access log does show lots of 304's 302's, but I'm seeing a lot of 200's for the imagemachine requests as well. R2 -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 07, 2006 2:38 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.055 Best Practices -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Montag, 6. Februar 2006 16:37 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2.055 Best Practices All, I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall. My Apache server listens on both ports 443 and 80. The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues. The traffic on port 80 is redirected to another machine running IIS using a reverse proxy. I also have a third machine serving images. All of the traffic from my DMZ to my backend servers must do so over 1 port. redirected A redirection is an alternative to proxying - the server responds to the client with a 301 or 302 and the client makes a new request directly to the new server. To do this you use Redirect directives or mod_rewrite with the [R] flag. Is this what you are doing (you don't have any directives like this in the config below)? VirtualHost _default_:80 DocumentRoot e:/apache2/htdocs2 ServerName portal.mda.mil ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log ProxyRequests Off
[EMAIL PROTECTED] Apache 2.055 Best Practices
Title: Apache 2.055 Best Practices All, I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall. My Apache server listens on both ports 443 and 80. The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues. The traffic on port 80 is redirected to another machine running IIS using a reverse proxy. I also have a third machine serving images. All of the traffic from my DMZ to my backend servers must do so over 1 port. VirtualHost _default_:80 DocumentRoot e:/apache2/htdocs2 ServerName portal.mda.mil ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /xyz http://xyzmachine:9030/xyz ProxyPassReverse /xyz http://xyzmachine:9030/xyz ProxyPass /imagerequest http://imagemachine:9030/imagerequest ProxyPassReverse /imagerequest http://imagemachine:9030/imagerequest My challenges are: The pages are served correctly by the URL's are not being preserved, and the links on the served pages are also not being preserved. i.e.: An inbound request may look like: http://www.sumplace.com/xyz/somefunction.htm The page returned to the browser will have the url: http://xyzmachine:9030/xyz/somefunction.htm And the links on the page will also have the issue. I've tried using the ProxyPreserverHost directive, which really didn't help. Question: How can I forward the URL to the backend and have all of the URL's return to the browser with the proper URL's? Thanks for any assistance. R2
RE: [EMAIL PROTECTED] Apache 2.0.54 Proxy information request
Thanks for your reply, Working: Intranet(WAN)---HTTP--- apache ---HTTP-- IIS --- Plumtree Portal SSO (using AD Authentication) Not Working: Intranet(WAN)---HTTPS--- apache ---https--- IIS Plumtree Portal SSO (using AD Authentication) Working: Intranet ---HTTPS--- IIS --- Plumtree Portal SSO (using AD Authentication) When opening access to the other ITO's on the WAN they will be coming in over https. The reason I need to keep apache on the front door is I'll also have internet traffic coming through the same pipe and need to protect my back-end. Apache will reside in the DMZ. Rod -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Friday, December 16, 2005 4:06 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache 2.0.54 Proxy information request Plain text please... I assume when say port 443 you mean HTTPS and not that you're just changing the port number under normal HTTP. Your main application is an undefined Single Sign-On authentication scheme. Your set up is: Internet --HTTPS-- apache --HTTP-- IIS ...and this works. But when you change to: Internet --HTTPS-- apache --HTTPS-- IIS ...it doesn't. So it looks like your SSO application doesn't work via HTTPS. What do you get in the apache and/or IIS logs? Is there any SSO logging? BTW, What happens if you try: DMZ browser --HTTPS-- IIS Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -Original Message- From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 15. Dezember 2005 22:12 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache 2.0.54 Proxy information request Hi all, I'm new, have mercy. I've set up an Apache server in my DMZ and it is accessed via port 443 only. I reverse proxy requests to a back-end IIS server and application. My issue is with SSO. I configured my Apache Server in a test environment to accept and reverse proxy requests over port 80 and the information is passed correctly to the IIS server and application and allows the user to SSO. However, when I change this to port 443, the SSO no longer works. I can get to the backend app, but no SSO. Is there something I haven't configured properly? Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]