I would like to grand access to certain IP's to mysite.com:1234 but deny that port to other users and redirect them to port 80 or 443, the first part is working with my vhosts file but I can't seem to get the redirection part working, other IP's get 403 error
<VirtualHost 12.123.123.123:443>
<Directory "/home/mysite/public_html">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
SSLRequireSSL
</Directory>
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
ProxyPass / http://127.0.0.1:1234/
ProxyPassReverse / http://127.0.0.1:1234/
<Proxy "http://127.0.0.1:1234/">
Deny from all
allow from 1.1.1.1
allow from 1.1.1.2
allow from 1.1.1.3
allow from 1.1.1.4
</Proxy>
</IfModule>
One solution would be to implement your proxy rule with mod_rewrite. Rewrite rules have a [P] flag which means "reverse proxy". You could have a rewrite condition that checks for the correct IP addresses before a rule that does the proxy. Then all other requests would fall through to a second rule that does the redirect.
RewriteEngine On
# Reverse proxy for allowed remote addresses
RewriteCond %{REMOTE_ADDR} ^1.1.1.[1234]$
RewriteRule ^/?(.*)$ http://127.0.0.1:1234/$1 [P,L]
# Redirect everything else to the main site
RewriteRule ^/?(.*)$ https://mysite.example/$1 [R=301,L]
Related
I have configured server with lucee tomcat and apache2 for virtual host on ubuntu. I have enabled rewrite rule and my virtual host is as followes.
<VirtualHost *:80>
ServerAdmin admin#example.com
ServerName example.com
ServerAlias example.com www.example.com
DocumentRoot /var/www/html/example.com/
<Directory /var/www/html/example.com/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error_main_example.log
CustomLog ${APACHE_LOG_DIR}/access_main_example.log combined
DirectoryIndex index.cfm
</VirtualHost>
redirect from htaccess file is working good but rewrite rule is not working. Here is the htaccess file that i am trying.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^(.*)/abc/([0-9]+)$ /test-404.cfm [L]
Here are the example URLs:
https://www.example.com/example.cfm/abc/2
https://www.example.com/example.cfm/abc/8
https://www.example.com/example.cfm/abc/15
It is showing me tomcat 404 error that
HTTP Status 404 – Not Found
Type Status Report
Message The requested resource [/example.cfm/abc/2] is not available
Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Apache Tomcat/9.0.35
Can any body help me about this issue. By the way, site is configured using classic load balancer on AWS.
I'm posting a working solution here also, because you didn't answer to our posts of this cross post at the Lucee forum. This solution might also help others with the same problem.
The issue is that mod_proxy will always preced urlrewrite, unless you invoke mod_proxy with a special urlrewrite rule. To make urlrewrite work and use mod_proxy, you need to flag the rewrite rule with [P] (for proxy). Here is a working example that should work for you:
Step: Set everything in apache2.conf in mod_proxy.c as comment, just leaving ProxyPreserveHost and ProxyPassReverse, like so:
<IfModule mod_proxy.c>
ProxyPreserveHost On
#ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1$2
#ProxyPassMatch ^/(.+\.cfml)(/.*)?$ http://127.0.0.1:8888/$1$2
# optional mappings
#ProxyPassMatch ^/flex2gateway/(.*)$ http://127.0.0.1:8888/flex2gateway/$1
#ProxyPassMatch ^/messagebroker/(.*)$ http://127.0.0.1:8888/messagebroker/$1
#ProxyPassMatch ^/flashservices/gateway(.*)$ http://127.0.0.1:8888/flashservices/gateway$1
#ProxyPassMatch ^/openamf/gateway/(.*)$ http://127.0.0.1:8888/openamf/gateway/$1
#ProxyPassMatch ^/rest/(.*)$ http://127.0.0.1:8888/rest/$1
ProxyPassReverse / http://127.0.0.1:8888/
</IfModule>
Step: In your virtual host configuration set the following rewrite rules ( that may work also in your .htaccess, but I’m not sure).
...
<Directory /var/www/html/example.com/>
...
...
RewriteEngine On
RewriteBase /
# Catch non-existing files/directories and pass them via proxy to a 404 cfml errorpage
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule "^(.*)$" "http://127.0.0.1:8888/my-404.cfm" [P]
# Catch https://www.example.com/example.cfm/abc/2
# Catch https://www.example.com/example.cfm/abc/7 etc.
RewriteRule "^example.cfm(/abc/[0-9]+)$" "http://127.0.0.1:8888/my-404.cfm" [P]
# Pass request for cfm/cfc files to proxy with mod_rewrite rule
RewriteRule "^(.+\.cf[cm])(/.*)?$" "http://127.0.0.1:8888/$1$2" [P]
...
</Directory>
I’ve tested it and the solution above works fine.
I'm trying to get this RewriteRule working, but the Proxy flag [P] is behaving like a redirect:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ - [E=MAPTO:${domainmap:%1}]
RewriteCond %{ENV:MAPTO} !=""
RewriteRule ^.*$ https://mywebsite.com/%{ENV:MAPTO}/$0/ [P,NC]
</IfModule>
I enabled rewrite logging by using LogLevel alert rewrite:trace6, which confirmed that a match is being found in my map, but from my log:
RewriteCond: input='proxiedwebsite.com' pattern='^(?:www\\.)?(.+)$' [NC] => matched
map lookup OK: map=domainmap key=proxiedwebsite.com -> val=path/to/dynamic-content
setting env variable 'MAPTO' to 'path/to/dynamic-content'
strip per-dir prefix: /var/www/mywebsite.com/html/ ->
applying pattern '^.*$' to uri ''
RewriteCond: input='path/to/dynamic-content' pattern='!=""' => matched
rewrite '' -> 'https://mywebsite.com/path/to/dynamic-content/'
escaped URI in per-dir context for proxy, https://mywebsite.com/path/to/dynamic-content/ -> https://mywebsite.com/path/to/dynamic-content/
forcing proxy-throughput with https://mywebsite.com/path/to/dynamic-content/
go-ahead with proxy request proxy:https://mywebsite.com/path/to/dynamic-content/ [OK]
What ends up happening is I get https://mywebsite.com/path/to/dynamic-content/ in my address bar instead of the intended https://proxiedwebsite.com.
And here's what my Apache config looks like:
<Directory "/var/www/mywebsite.com/html">
DirectoryIndex disabled
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:443>
ServerName www.mywebsite.com
ServerAlias mywebsite.com proxiedwebsite.com www.proxiedwebsite.com
DocumentRoot /var/www/mywebsite.com/html
UseCanonicalName Off
ProxyRequests On
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /path/to/cert/fullchain.pem
SSLCertificateKeyFile /path/to/cert/privkey.pem
LogLevel alert rewrite:trace6
</VirtualHost>
I've also tried doing this without https on port 80, but I get the same issue.
UPDATE
I added ProxyPreserveHost On to my VirtualHost configuration and it seems to be responding to my rewrite conditions — however, it's creating a loop. After several seconds I'm getting a 403 Forbidden error with the %{ENV:MAPTO} variable repeated over and over again. Not sure why.
UPDATE 2
Okay, now I understand why ProxyPreserveHost On is creating a loop. But I still don't understand why my Proxy [P] flag is resulting in a 301 Redirect. So, back to the original problem.
Please help with my task.
I'm must to install apache which will be balance connections by nodes (P.S. there is JIRA app nodes, if this is important).
I find how to do this, and once i have do this, and all works correctly. But in this time i put the same part of code in the httpd.conf
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
NameVirtualHost *:443
<VirtualHost *:443>
ProxyRequests off
ServerName jira-host
SSLEngine on
SSLCertificateFile "/etc/httpd/certs/jira-host.crt"
SSLCertificateKeyFile "/etc/httpd/certs/jira-host.key"
ProxyTimeout 900
Timeout 900
SSLSessionCacheTimeout 1800
<Proxy balancer://jiracluster>
BalancerMember http://jira-host1:8080 route=node1
BalancerMember http://jira-host2:8080 route=node2
Order Deny,Allow
Deny from none
Allow from all
ProxySet stickysession=ROUTEID
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Allow from all
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://jiracluster/
ProxyPreserveHost on
</VirtualHost>
<VirtualHost *:80>
ServerName jira-host
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://jira-host [R,L]
</VirtualHost>
And after restart apache get the standart apache hello page, instead balancing.
What i do wrong? please help.
Thx.
Please ensure that you check all your configuration files.
It would seem that another file is still routing traffic to the default apache file.
Please check all your port 80/443 config files.
I installed lamp on debian 7 but i need a non-www url now my website always add www. before
ServerAdmin webmaster#localhost
ServerName www.example.com (the same issu with example.com)
ServerAlias example.com *.example.com
DocumentRoot /home/site/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /home/site/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
I test with htaccess too but browser give me loop
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
Why apache add www ? Its new configuration i have just enable one site.
Thanks
Make sure that the domain example.com actually resolves via DNS
(and not just www.example.com)
Modern browsers (and not-so-modern browsers as well) will try to auto-correct the domain if they cannot resolve it.
Among other things this means that they will try to prepend www. to the domain-name.
I'm trying to use Apache as a gateway to reverse proxy to a backend server with the same name as the requested http_host.
ex:
ProxyPass / https://%{HTTP_HOST}/
ProxyPassReverse / https://%{HTTP_HOST}/
I'm getting an error when I use this setup. Suggestions?
There's no way to dynamically reverse proxy like that using proxy pass. However, you can do it using mod_rewrite's P flag. The same thing with ProxyPassReverse, you can't use the %{HTTP_HOST}, however, since the hostnames are the same as the same, you don't need it at all. Just need:
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,P]
One issue you may run into is that since DNS resolves proxying server to some IP, the proxying server must know that the same DNS hostname does not resolve to itself and actually resolves to a backend server (the server to proxy to), otherwise it will cause a loop.
To use Apache ProxyPass directives with dynamic hostnames you will need to also use ModRewrite.
Objective
All requests to the virtualhost will ProxyPass and ProxyPassReverse (also known as an "Apache Gateway") to the %{HTTP_HOST}
The only reason this would make sense to do is if you have localhost entries on the apache server for specfic host names
Examples
Localhost File
10.0.0.2 foo.bar.com
10.0.0.3 bar.bar.com
How it works
The client makes a request to foo.bar.com (dnslookup is a public IP... YOUR APACHE SERVER)
Your apache server has a localhost entry of 10.0.0.2 for foo.bar.com (some other server on your network)
The request goes through ModRewrite and /path1 is appended, then handed off to ProxyPass and ProxyPassReverse
ProxyPass and ProxyPassReverse hand the call off to foo.bar.com at ip 10.0.0.2
Client requests foo.bar.com ---reverse proxies to----> foo.bar.com/path1 (on some OTHER internal server)
Apache Configuration
<VirtualHost *:443>
Servername *
# Must not contain /path1 in path (will add /path1)
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/path1/.*
RewriteRule ^/(.*) https://%{HTTP_HOST}/path1$1 [NC,R=302,L]
# Must contain /path1 in path (will send request to the proxy)
RewriteEngine On
RewriteOptions Inherit
RewriteCond %{REQUEST_URI} ^/path1/.*
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]
SSLEngine on
SSLProxyEngine On
ProxyRequests Off
ProxyPass / https://$1/
ProxyPassReverse / https://$1/
ProxyPreserveHost On
###################
# SSL Constraints #
###################
SSLProtocol -ALL +SSLv3 +TLSv1
# Choose cipher suites
SSLHonorCipherOrder On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
# SameOrigin The page can only be displayed in a frame on the same origin as the page itself
Header set X-Frame-Options SAMEORIGIN
SSLCertificateFile /etc/apache2/example.crt
SSLCertificateKeyFile /etc/apache2/example.key
SSLCertificateChainFile /etc/apache2/gd_bundle.crt
SetOutputFilter INFLATE;proxy-html;DEFLATE
</VirtualHost>
source: http://brakertech.com/apache-proxypass-with-dynamic-hostname/