Skip to Content
0
Former Member
Nov 27, 2006 at 02:17 PM

More Apache + SSL + WebDynpro problems

73 Views

Scenario:

Apache (2.0.55) Reverse proxy, no HTTP support - only HTTPS - enforced by rewrite rules snipped here:

<VirtualHost *:80>

ServerName portal.myclient.com

RewriteEngine On

RewriteCond % off

RewriteRule (.*) https://%%

</VirtualHost>

<VirtualHost default:443>

RedirectMatch ^/$ https://portal.myclient.com/irj/portal

RedirectMatch ^/index.htm(.*) https://portal.myclient.com/irj/portal

ProxyPreserveHost On

ProxyRequests Off

ProxyVia On

ProxyPass /irj http://portal2.internalservers.com:51100/irj

ProxyPassReverse /irj https://portal.myclient.com/irj

ProxyPass /logon http://portal2.internalservers.com:51100/logon

ProxyPassReverse /logon https://portal.myclient.com/logon

ProxyPass /webdynpro http://portal2.internalservers.com:51100/webdynpro

ProxyPassReverse /webdynpro https://portal.myclient.com/webdynpro

</VirtualHost>

Results when navigating to a webdynpro iView:

IE 6: prompt for non-secure content from explorer; accept this and the SSL flag is remvoed, yet the content seems to? remain secure as there is NO proxying on http for webdynpro target.

Firefox: Throws an exception because it interpretes the badly formed request (as seen below from trace file) and does not properly display the webdynpro iview (styles missing).

Here's a few packets from the browser trace:

REQUEST FOR WEBDYNPRO iVIEW

12:03:58.991[1061ms][total 1061ms] Status: 200[OK]

POST https://portal.myclient.com/webdynpro/dispatcher/sap.com/pb/PageBuilder;jsessionid=(J2EE114332100)ID0922028850DB01659913620375586996End Load Flags[INHIBIT_PERSISTENT_CACHING LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[text/html]

Request Headers:

Host[portal.myclient.com]

User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0]

Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5]

Accept-Language[en-gb,en;q=0.5]

Accept-Encoding[gzip,deflate]

Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]

Keep-Alive[300]

Connection[keep-alive]

Referer[https://portal.myclient.com/irj/servlet/prt/portal/prteventname/navigate/prtroot/pcd!3aportal_content!2fcom.ao.ttelectronics!2fcom.ao.customer_portal!2fcom.ao.desktop!2fexternal_full_desktop!2fframeworkPages!2fcom.ao.full_frameworkpage!2fcom.sap.portal.innerpage?InitialNodeFirstLevel=true&windowId=WID1164629013614]

Cookie[saplb_*=(J2EE114332100)114332150; PortalAlias=portal; JSESSIONID=(J2EE114332100)ID0922028850DB01659913620375586996End; MYSAPSSO2=AjExMDAgAAxwb3J0YWw6QkVHR1OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAFQkVHR1MCAAMwMDADAANTUDEEAAwyMDA2MTEyNzExNDIFAAQAAAAICgAFQkVHR1P%2FAPYwgfMGCSqGSIb3DQEHAqCB5TCB4gIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHCMIG%2FAgEBMBMwDjEMMAoGA1UEAxMDU1AxAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNjExMjcxMTQyMzlaMCMGCSqGSIb3DQEJBDEWBBRESxFbh7JDsB4da53Y7hYLM8d6gTAJBgcqhkjOOAQDBDAwLgIVAKBbiTBmWSmuSCUWDGc5HL2tAR1MAhUAiOtw9ooUm2sC2TJ6TG6ZZuvqzfY%3D; SAPWP_active=1]

Post Data:

sap-ext-sid[uMsGMiG6UkquQm4lyw4fBw%3D%3DUgJ06AmDq1nj%2FeYZJLgAGw%3D%3D]

sap-wd-cltwndid[WID1164629013614]

sap-wd-tstamp[1164628867176]

PagePath[pcd%3Aportal_content%2Fcom.ao.ttelectronics%2Fcom.ao.customer_portal%2Fcom.ao.roles%2Fcom.ao.customer%2Fcom.ao.sales%2Fcom.ao.sales_order_status]

sap-wd-app-namespace[zzzz]

sap-ep-version[7.00.200603050114]

sap-locale[en_GB]

sap-accessibility[]

sap-rtl[]

sap-cssurl[http%3A%2F%2Fportal.myclient.com%3A80%2Firj%2Fportalapps%2Fcom.sap.portal.design.urdesigndata%2Fthemes%2Fportal%2Ftte_a%2Fur%2Fur_nn7.css%3F7.0.6.0.1]

sap-cssversion[7.0.6.0.0]

DynamicParameter[]

NavigationTarget[navurl%3A%2F%2F2cf5e3495c4ae06661069e051fb881a0]

Response Headers:

Date[Tue, 03 Oct 2006 11:59:24 GMT]

Server[SAP J2EE Engine/7.00]

Content-Type[text/html; charset=UTF-8]

Expires[-1]

Cache-Control[no-cache, no-store, must-revalidate]

Pragma[no-cache]

Content-Encoding[gzip]

Via[1.1 portal.myclient.com]

Transfer-Encoding[chunked]

You can see that the (default in this case) value of the sap-cssurl parameter for the webdynpro is a very fully qualified http request.

Does anyone know of a way to specify that the sap-cssurl (and maybe others) should take account of the proxy port mappings (and so be generated as https?). This seems specific to webdynpro as the remainder of the portal seems to pick up the style sheets under https.

Thanks.