I was curious - what is the reason behind using an underscore in the _search endpoints ?
Related
I've been trying out Application Gateway, and have managed to get to the point where hosting 2 applications in different pools, albeit with same port is possible using the "host" header to choose where i intended to be directed.
However, what i actually intended to do was route subdomains to certain applications.
For example, my application gateway is "app-gw.example.com", and i have 2 Azure Functions sat behind that, for simplicity, func1.example.com and func2.example.com. (They actually have distinct domains themselves, not subdomains).
I would like to route "func1.app-gw.example.com"'s traffic to func1.example.com, and "func2.app-gw.example.com" to "func2.example.com".
However, i can't seem to figure this out. Can someone explain how this can be done?
I've had also some success hosting on different ports and using the listener + routes to direct to each individual site, but they should rather be on the same port, which rules this out.
I've also tried messing with URL Rewrites, but wasn't able to get something useful from that either.
EDIT: I think maybe i'm missing something here. Perhaps i need something that points the domain names to the application gateway, and then route on that? For example:
Site 1, reachable at func1.example.com may have an entry called "func1-gw.example.com", which actually just points to the application gateway, however, the application gateway now knows that it's really supposed to be going to "func1"?
Sounds like a DNS record pointing to the gateway may work, but then i wonder how to do the routing, hmm.
Thanks.
As you are already aware of Application Gateway multiple site hosting, you can enhance the Application Gateway to route the traffic based on the URLs.
Below references might help you configure the URL based routing.
URL Path Based Routing
Application Gateway redirection
Configure URL redirection on an application gateway
Say we have an internal URL https://my.internal.url (in our case a Liferay Portal) and from a web application firewall an external URL https://my.external.url pointing to this internal URL.
The internet user is using the external URL.
PrimeFaces extends attributes like for example
onclick="...;window.open('https://my.interal.url'..."
This leads to CORS problems.
The HTTP header Access-Control-Allow-Origin is not an option, since the internal URL is internal.
We'll talk with the WAF people about URL replacement, but I'd like to know wether or not we can tell PrimeFaces to use the external URL (or maybe relative URLs in case this would work).
The portal doesn't know about the external URL but of course we could implement this as a configuration option.
(watching the source code, there are more occurences of the internal URL outside of the jsf/PrimeFaces portlet, so I add the liferay tag too)
Update
The question is obsolete, WAF has to handle this correctly (an old SSL environment did it, a new WAF environment doesn't)
You say
The portal doesn't know about the external URL
however, any properly configured reverse proxy (or WAF) should forward the actual host name used to request the current page.
On Apache httpd's mod_proxy_http, this is done with the option ProxyPreserveHost On. When forwarding with AJP, the host is automatically forwarded. Other WAF/Proxy configurations - of course - differ. But the proper way to generate the URL is to let the generating server know what URLs it should generate.
If you need to worry about the proper host name, you'll need to do so by request: Liferay is well able to use Virtual Host names to distinguish between different sites - and if they're completely different, you might be signed in to one of them, but not to the other. This has a repercussion on the permissions.
Have the infrastructure handle it for you. Don't write code (or application configuration) for it.
My problem has been asked here: Request.URL always returns http even though SSL is enabled but I do not see any workable solution in my situation.
So my website is hosted on a server which is behind a loadbalancer which causes all requests to contain the urls having http protocol even though the original request from clients contain https. Now this post: http://www.bugdebugzone.com/2013/12/identifying-https-or-ssl-connection-in.html suggests that we can check for a custom header added by the loadbalancer and get the original protocol. But my problem is that I can't ask all of my clients to make sure that they are adding a custom header in their loadbalancer and provide me with the name of that custom header. Is there a way to fix this without getting any additional details from the loadbalancer?
Is it possible to set a wildcard * in a path pattern?
address=.example.com/foo/*/bar does not seem to work.
address=.example.com/foo/xxx/bar works but I have random characters I need to match for and I don't know what they are ahead of time.
Not possible.
dnsmask is about the resolution of the host name only.
Everything after the slash is between the web browser (or client) and the web server, the name servers don't ever get to see this part.
It can get confusing, because dnsmasq uses '/' as its separator character in a lot of its settings, but this is nothing to do with the path part of a url, simply a chose of config file delimiter.
To achieve some fine grained manipulation of what parts of a web server you want your users to see, you should be googling "http proxies" or possibly "transparent http proxies" and this should get you started. These provide an intermediate server that does get to see the "path" part of the URL, and con do this level of filtering.
It took me a while to learn that I have to put a dot after the "localhost" in the URL so that I can use fiddler with my development server.
Why do I need to put this dot here to make fiddler work for my local:
http://localhost.:1888/MyPage.aspx
What does it stand for?
thanks
It's not that you're making fiddler work, but you're making Internet Explorer work. Internet Explorer is written specifically to bypass the proxy server for "localhost" . By attaching a trailing dot, you're providing a valid DNS name that does not match the mechanism within IE that checks the domain (IE does a stricmp(userdata, "localhost") or equivalant).
localhost. just makes the hostname visible to Fiddler; otherwise, IE bypasses proxies.
You can also substitute "ipv4.fiddler" for "localhost" -- which can help prevent confusion, since the dot is easy to miss.