cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

reverse proxy with apache2

christian_gnther3
Participant

on ‎06-22-2005 3:11 PM

0 Kudos

Hi folks,

I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.

I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.

And ny the way, the portal itself works perfectky when connected directly.

Kind regards,

Christian Guenther

      1. Reverse proxy configuration ############################################

NameVirtualHost 172.30.210.96

<VirtualHost 172.30.210.96>

ServerAdmin webmaster@external.de

ServerName host.external.de

  1. SSL is turned off at the moment

SSLEngine Off

SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert

SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key

  1. Set up as a proxy for internal SAP systems

ProxyRequests Off

ProxyPreserveHost Off

<Proxy *>

Order deny,allow

Allow from all

</Proxy>

  1. IRJ

<Location /irj/>

ProxyPass http://host.internal.lan:8001/irj/

ProxyPassReverse http://host.internal.lan:8001/irj/

  1. rewriting rules for proxy

RewriteEngine On

RewriteCond % \.jsp RewriteRule ^(.+) % [P] RewriteCond % \.servlet

RewriteRule ^(.+) %

  1. Portal
  2. rewriting rules for proxy
[P] </Location> <Location /> ProxyPass http://host.internal.lan:8001/ ProxyPassReverse http://host.internal.lan:8001/ RewriteEngine On RewriteCond % \.jsp RewriteRule ^(.+) % [P]

RewriteCond % \.servlet

RewriteRule ^(.+) % [P]

</Location>

</VirtualHost>

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-16-2006 2:49 PM
0 Kudos

Hi Christian,

Having the same problem. Did you solve the problem?

Thanks.

Christian

Show replies
Show replies
Former Member
‎07-30-2007 11:00 PM
0 Kudos

This is a valid configuration for an Apache Reverse Proxy:

ThreadsPerChild 250

MaxRequestsPerChild 0

ServerRoot /usr/local/apache2

Listen 443

#LoadModule dir_module modules/mod_dir.so

LoadModule rewrite_module modules/mod_rewrite.so

LoadModule include_module modules/mod_include.so

#LoadModule autoindex_module modules/mod_autoindex.so

LoadModule access_module modules/mod_access.so

#LoadModule auth_module modules/mod_auth.so

LoadModule log_config_module modules/mod_log_config.so

#LoadModule mime_module modules/mod_mime.so

#LoadModule env_module modules/mod_env.so

#LoadModule headers_module modules/mod_headers.so

#LoadModule setenvif_module modules/mod_setenvif.so

LoadModule alias_module modules/mod_alias.so

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_http_module modules/mod_proxy_http.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule ssl_module modules/mod_ssl.so

ServerAdmin webmaster@servername.com

ServerName your.servername.com

UseCanonicalName Off

  1. make sure zou include these with valid entries...

Include conf/log.conf

Include conf/mime.conf

Include conf/default.conf

Include conf/ssl.conf

BrowserMatch "Mozilla/2" nokeepalive

BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

BrowserMatch "RealPlayer 4\.0" force-response-1.0

BrowserMatch "Java/1\.0" force-response-1.0

BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully

BrowserMatch "MS FrontPage" redirect-carefully

BrowserMatch "^WebDrive" redirect-carefully

BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully

BrowserMatch "^gnome-vfs" redirect-carefully

BrowserMatch "^XML Spy" redirect-carefully

BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

  1. this is for the MS IE SSL bug

BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#

force-response-1.0

Header add P3P CP="NOI"

      1. Proxy with caching

LoadModule cache_module modules/mod_cache.so

LoadModule disk_cache_module modules/mod_disk_cache.so

CacheRoot /usr/local/apache2/Cache

CacheEnable disk /

CacheDirLevels 5

CacheDirLength 3

<VirtualHost *:443>

ServerName your.servername.com

ServerAdmin webmaster@servername.com

  1. Set the level of log entries - debug produces A LOT of messages

LogLevel debug

ErrorLog logs\error.log

LogFormat "%h %l %u %t \"%r\" %>s %b" common

CustomLog logs\access.log common

  1. NEVER turn this On, it would create a forward proxy

ProxyRequests Off

ProxyPreserveHost On

  1. it is important that the proxy uses active protocol used in the

  1. internet section of the request

RequestHeader set ClientProtocol https

Header add P3P CP="NOI"

  1. we need to answer HTTPS requests, so we need an ssl engine

SSLEngine On

  1. and a cipher suite plus certificate

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL

SSLProtocol all -SSLv2

  1. of course these entries have to be adopted

SSLCertificateFile conf/certs/server.crt

SSLCertificateKeyFile conf/certs/server.key

SSLOptions +StdEnvVars

  1. this is for the bloody MS IE - I don't know why, but they seem to

  1. have trouble learning in redmond

BrowserMatch ".MSIE." \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request.log \

"%t %h %x %x \"%r\" %b"

  1. below are the proxied hosts - you always need ProxyPass

  1. AND ProxyPassReverse otherwise it will not work correctly

  1. ITS

#ProxyPass /iac/ http://itsserver:8081/iac/

#ProxyPassReverse /iac/ http://itsserver:8081/iac/

  1. direct portal connection this ought to be the IP

ProxyPass /irj/ http://10.8.1.14:50000/irj/

ProxyPassReverse /irj/ http://10.8.1.14:50000/irj/

ProxyPass /logon/ http://10.8.1.14:50000/logon/

ProxyPassReverse /logon/ http://10.8.1.14:50000/logon/

  1. Rewrite Rule in case ICM puts session information in URL

  1. NEVER REALLY HARMS

RewriteEngine On

RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]

#ProxyPass /chooselogin/ http://10.8.9.0:50000/chooselogin/

#ProxyPassReverse /chooselogin/ http://10.8.9.0:50000/chooselogin/

</VirtualHost>

Former Member
‎06-22-2005 7:52 PM
0 Kudos

Christian,

Try setting the

ProxyPreserveHost on

ProxyRequests Off -- Not sure about this.

Hope this helps.

-Venkat Malempati

Show replies
Show replies
Ask a Question