on 06-22-2005 3:11 PM
Hi folks,
I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
And ny the way, the portal itself works perfectky when connected directly.
Kind regards,
Christian Guenther
Reverse proxy configuration ############################################
NameVirtualHost 172.30.210.96
<VirtualHost 172.30.210.96>
ServerAdmin webmaster@external.de
ServerName host.external.de
SSL is turned off at the moment
SSLEngine Off
SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
Set up as a proxy for internal SAP systems
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
IRJ
<Location /irj/>
ProxyPass http://host.internal.lan:8001/irj/
ProxyPassReverse http://host.internal.lan:8001/irj/
rewriting rules for proxy
RewriteEngine On
RewriteCond % \.jsp RewriteRule ^(.+) % [P] RewriteCond % \.servlet
RewriteRule ^(.+) %
[P]
</Location>
<Location />
ProxyPass http://host.internal.lan:8001/
ProxyPassReverse http://host.internal.lan:8001/
RewriteEngine On
RewriteCond % \.jsp
RewriteRule ^(.+) % [P]
RewriteCond % \.servlet
RewriteRule ^(.+) % [P]
</Location>
</VirtualHost>
Hi Christian,
Having the same problem. Did you solve the problem?
Thanks.
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is a valid configuration for an Apache Reverse Proxy:
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot /usr/local/apache2
Listen 443
#LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule include_module modules/mod_include.so
#LoadModule autoindex_module modules/mod_autoindex.so
LoadModule access_module modules/mod_access.so
#LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule alias_module modules/mod_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin webmaster@servername.com
ServerName your.servername.com
UseCanonicalName Off
make sure zou include these with valid entries...
Include conf/log.conf
Include conf/mime.conf
Include conf/default.conf
Include conf/ssl.conf
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
this is for the MS IE SSL bug
BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
force-response-1.0
Header add P3P CP="NOI"
Proxy with caching
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheRoot /usr/local/apache2/Cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
<VirtualHost *:443>
ServerName your.servername.com
ServerAdmin webmaster@servername.com
Set the level of log entries - debug produces A LOT of messages
LogLevel debug
ErrorLog logs\error.log
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs\access.log common
NEVER turn this On, it would create a forward proxy
ProxyRequests Off
ProxyPreserveHost On
it is important that the proxy uses active protocol used in the
internet section of the request
RequestHeader set ClientProtocol https
Header add P3P CP="NOI"
we need to answer HTTPS requests, so we need an ssl engine
SSLEngine On
and a cipher suite plus certificate
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
SSLProtocol all -SSLv2
of course these entries have to be adopted
SSLCertificateFile conf/certs/server.crt
SSLCertificateKeyFile conf/certs/server.key
SSLOptions +StdEnvVars
this is for the bloody MS IE - I don't know why, but they seem to
have trouble learning in redmond
BrowserMatch ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request.log \
"%t %h %x %x \"%r\" %b"
below are the proxied hosts - you always need ProxyPass
AND ProxyPassReverse otherwise it will not work correctly
ITS
#ProxyPass /iac/ http://itsserver:8081/iac/
#ProxyPassReverse /iac/ http://itsserver:8081/iac/
direct portal connection this ought to be the IP
ProxyPass /irj/ http://10.8.1.14:50000/irj/
ProxyPassReverse /irj/ http://10.8.1.14:50000/irj/
ProxyPass /logon/ http://10.8.1.14:50000/logon/
ProxyPassReverse /logon/ http://10.8.1.14:50000/logon/
Rewrite Rule in case ICM puts session information in URL
NEVER REALLY HARMS
RewriteEngine On
RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
#ProxyPass /chooselogin/ http://10.8.9.0:50000/chooselogin/
#ProxyPassReverse /chooselogin/ http://10.8.9.0:50000/chooselogin/
</VirtualHost>
Christian,
Try setting the
ProxyPreserveHost on
ProxyRequests Off -- Not sure about this.
Hope this helps.
-Venkat Malempati
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.