Re: [users@httpd] RewriteRules with ajp and secret

2020-05-18 Thread Yann Ylavic
Hi Christian,

On Mon, May 18, 2020 at 11:52 AM  wrote:
>
> But there are several context based RewriteRules like this:
>
> RewriteRule (.*) ajp://IP:PORT$1 [QSA,P,L]
>
> I haven’t found any solution to get secret parameter passed in RewriteRules.

You need a Proxy directive (provided by mod_proxy) to define a proxy
entity/URL (called proxy worker) on which you can associate parameters
(like "secret"). A RewriteRule [P] won't let you do that, without an
associated mod_proxy declaration, the above RewriteRule will use a
generic reverse proxy with no parameter, no connection reuse etc..

The usual way to declare a proxy worker, and its parameters, without
any particular path mapping is:


   ProxySet secret=my_secret


Then "ajp://IP:PORT" can be mapped to any path with either a ProxyPass
or a RewriteRule [P] like you did.

Hth,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] RewriteRules with ajp and secret

2020-05-18 Thread Christian.Unnering
Hi there.
I am running apache 2.4.43 with a tomcat 7.0.103 as backend server.
I have tried to implement proxy configuration to tomcat backend with ajp and 
secret.
It works fine when using ProxyPass or BalancerMemeber, just like documented at 
https://httpd.apache.org/docs/trunk/mod/mod_proxy_ajp.html:
The secret is sent when the secret=secret_keyword parameter is used in 
ProxyPass or 
BalancerMember
 directives. The backend needs to support secret and the values must match. 
request.secret or requiredSecret are documented in the AJP configuration of the 
Apache Tomcat.

But there are several context based RewriteRules like this:
RewriteRule (.*) ajp://IP:PORT$1 [QSA,P,L]
I haven't found any solution to get secret parameter passed in RewriteRules.
I have tried this one:
RewriteRule (.*) ajp:// IP:PORT$1?secret=my_secret
This isn´t working and secrets value should not appear in tomcat access logfile.
Is there any solution for RewriteRules with ajp and secret?
Mit freundlichen Grüßen
Christian Unnering
DEUTSCHE TELEKOM IT GMBH
Digital Transformation and Operations Telekom IT
Central Operation Services
Team COS 3
Telefon: (0521) 92 15-54 29
Telefax: (0521) 92 15-57 99
Email: christian.unner...@t-systems.com
Internet: http://www.t-systems.de

Die gesetzlichen Pflichtangaben finden Sie unter:
https://www.telekom.com/pflichtangaben-dtit