Apache :: Remote User Reverse Proxy And Authentication
Dec 17, 2013
I have several applications that use authentication and expect REMOTE_USER to be set by Apache for authentication/authorization.
I am putting a reverse proxy, with shibboleth in front of these applications, on a separate server.
Currently, REMOTE_USER is not sent. I have tried a few things, and I am currently sending it inside another header, but I have some applications that are closed sources and this will not work.
Is this possible to do? I am running this with Apache 2.4.7, I believe, on the Windows platform.
View 2 Replies
ADVERTISEMENT
Oct 17, 2013
We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy:
[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443
[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync
So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2.
View 2 Replies
View Related
Nov 19, 2013
I have Apache 2.4.6 on a Windows Server 2008 (windows build from apachelounge). I want to use it as reverse proxy cache with mod_cache_disk.
My configuration is:
Code:
<IfModule cache_module>
<IfModule cache_disk_module>
CacheRoot C:/temp/cache
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 3
[Code] .....
Loading a page with ~150 files (most images and js files) i keep runing into "locked requests" that are not comeing back and block the whole page from finishing loading. The files differ every time.
I see this warnings in my error.log (looks like they are connected to the behauviour above).
Code:
[Tue Nov 19 20:38:10.890013 2013] [cache_disk:warn] [pid 216692:tid 15924] (OS 5)Access is denied. : [client x.x.x.x:58963] AH00699: rename tempfile to file failed: C:/temp/cache/aptmpcBQArf -> C:/temp/cache/H8Cta/9ha4U/Uhhhs/OlQfU/1Q.data,
[Code] .....
View 1 Replies
View Related
Apr 22, 2014
I m trying to setup a reverse proxy with several site that will redirect the request into several internal server.I wanted to do that with several VirtualHost (like shown below). Unfortunatly whatever I type on my browser testsupport.xxxx.com or support2.xxxx.com I m redirected at the first of the config file (in the exemple http://10.253.12.41/.Is it the ServerName key that will redirect to the right proxypass ?
<VirtualHost *>
ServerName testsupport.xxxx.com
ProxyRequests Off
ProxyPass / http://10.253.12.41/
ProxyPassReverse / http://10.253.12.41/
</VirtualHost>
<VirtualHost *>
ServerName support2.xxxx.com
ProxyRequests Off
ProxyPass / http://10.253.11.31/
ProxyPassReverse / http://10.253.11.31/
</VirtualHost>
View 10 Replies
View Related
Nov 23, 2014
We are struggling to configure our Apache reverse proxy (on WIN 2008) server to force https.
We have the cert installed on the proxy server, and it seems to be working but we are unable to force connections to https: and the site is still available via http:
How do you enforce https on the site?
reading read about the .htaccess file, virtual hosts but still having a hell of a time putting it all together
Internet -> SSL -> Apache 2.2 -> HTTP -> web app
View 2 Replies
View Related
Apr 24, 2014
I'm trying to do a setup of alfresco.It has two basic sites. [URL]. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
View 3 Replies
View Related
Apr 6, 2015
I'm currently in the process of configuring a red hat linux server as a proxy server for a number of back end web servers. I set up reverse proxying to hide the web server url's, but I've run into a problem with the second web server, because some of the directory structures are identical on both servers.
View 2 Replies
View Related
May 14, 2013
I am having a little trouble getting a reverse proxy redirect to work. I have a Linux server running Apache2. I have installed SABnzbd+, Sickbeard, Couchpotato & Headphones onto this device. I want to access SABnzbd+, Sickbeard, Couchpotato & Headphones from the outside world (via a DYNDNS name).
I know that I could just forward the ports through the router, but I don't want all the extra ports opened. I was told that I can have Apache to do a revers proxy, but I can't get it to work. I basically want to be able to do type myname.dyndns.org/sickbeard instead of typing in myname.dyndns.org:8081.
View 1 Replies
View Related
Nov 5, 2014
I am running a few different web servers on my home network and have found a way of binding each wb server (and any virtual hosts) to domain names and having a "central" web server rerouting a request to the appropriate server using reverse-proy. at the moment, this central web server is IIS (Windows Server 2008 R2) based and it works perfectly. I want to change the central server to an Apache based one.
As an example; I want the central server to see an incoming http request (e.g sub.domain.com) and reroute it using reverse-proxy to a different web server that wouldn't normaly be accessible from the Internet (e.g 192.168.1.122/index.html).
My question is how do you reverse-proxy to a different server on the LAN with mod_rewrite in Apache?
View 1 Replies
View Related
Oct 12, 2012
I am trying to set up a reverse proxy to the application Surveillance Station on my Synology NAS. Altough the reverse proxy works ok for other apps like Webadmin, Download Station and such, parts of the Surveillance Station app do not work, particulary the Live View & Time Line.
From the logs, I suspect an authorisation problem (because of the 401), but I'm not sure. I have tried ProxyPreserveHost on, ProxyVia full, and some rewrite rules, but I'm not sure what I'm doing Direct access to the port of the app works (i.e. 83.xxx.x.xxx:9900), so i know it has something to do with the reverse proxy.
a snippet of my httpd-vhost.conf-user:
View 1 Replies
View Related
Dec 13, 2013
I've been working with the Apache server (primary under CentOS, but some under Red Hat and on XAMPP stacks as well) and have been tasked with a project.
Periodically, we need to have our web sites down for maintenance - updates, backups, etc. What I've been told to do is find a way to have a 'front end' to our web sites so that, when they are down for maintenance, that then end-users will receive a message 'This site is down for maintenance till XX:XX AM/PM' or such.
Here are my questions:
- What would you call what I am trying to setup? The reading I've done implies that what I really want to setup is a reverse proxy server. Is that what I want to do?
- If it isn't a reverse proxy I want to set up, what do I want to setup?
- Of the different types of solutions available, What I could use for this? I've read about using Nginx in front of Apache, I've heard of Squid, I've heard about Tomcat.
- Is this a type of 'clustering/high availability' project I'm really looking at here? I've been hearing those terms thrown about as well.
In case it makes any kind of a difference, the Apache instances are pretty simple - PHP, MySQL and that's about it - not very involved (for now). I'm hoping that I can learn what/how to do this correctly and, when I'm ready to add more capabilities, that I'll be able to extrapolate out from there what I'd need to do.
View 2 Replies
View Related
Dec 4, 2013
Environment(home server/learning):
-1 Public IP
-Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0)
+ VM Windows Server 2008 R2 Exchange 2010/IIS (server1)
+ VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2)
+ VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3)
-All port 80,443 requests points Ubuntu server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed
SomeWebsite:80
SomeOtherWebsite:80
Mail.server1.com:443 (internet <---> server2 reverse proxy:443 +CERT <---> 443+CERT server1)
Bes.dnsname.com:443 (internet <---> server2 reverse proxy:443 +CERT <---> 443+CERT server3)
The problem:
For learning purpose I am configuring a blackberry enterprise server(bes) on server3. It's a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice two like server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn't interact with the page because it was a java application. So digging deeper into this i found that the webpage that bes provided me to use isn't the real application but more like a iframe setup.
Example:
BES Console address: https://server3.com/webconsole/login
Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass reverse to this real address I encountered a other problem. The bes webconsole works with session is and parameters
Example:
https://bes.server3.com/webconsole/app;jsessionid=2C10DDA521DB8408479AAD8F34255C7F? component=login.goToChangeLanguagePageLink&consoleSId=&page=Login&service=direct&session=T
Current httpd.conf for server3:
<VirtualHost *:80>
DocumentRoot /var/www/bes.server3.com
ServerName bes.server3.com
<Directory "/var/www/bes.server3.com">
allow from all
Options +Indexes
</Directory>
[code]....
View 1 Replies
View Related
Dec 21, 2012
Currently i am trying to install an Apache 2.4.3 as a caching reverse proxy. I would like to use memcached as my cache backend. I figured out there is a mod_socache_memcache, which from my understanding, should do exactly that(in combination with mod_cache_socache). So i compiled mod_cache_socache from trunk, loaded mod_cache, mod_cache_socache and mod_socache_memcache, but now i am stuck with the configuration. Here is what i tried:
LoadModule socache_memcache_module modules/mod_cache.so
LoadModule mod_cache_socache modules/mod_cache_socache.so
LoadModule socache_memcache_module modules/mod_socache_memcache.so
[code]....
where do i configure the path to my memcached instance? The reason for memcached as chaching backend, is that the machine is a windows machine, and from my understanding mod_cache_disk is not as efficient on a NTFS filesystem as it is on EXT3/4.
Another reason is, that later on there should be a possibility to put a second Reverse Proxy machine which shares the cache with the first one by using the same memcached instance (is that possible at all?).
View 2 Replies
View Related
Mar 21, 2014
I need to get working an apache2 in suse 11 as reverse proxy with a vendor's web page and it is not working. This is what happens:
1. I load the page through the reverse proxy and i can see: http://192.168.1.10/cgi-bin/design/html_template/login.html
2. Then i write user and password
3. I press the login button and i should see:
http://192.168.1.10/cgi-bin/design/html_template/login.cgi
http://192.168.1.10/cgi-bin/design/html_template/webviewer.cgi
but instead of that i see:
404 Not Found
The requested URL /error/HTTP_BAD_GATEWAY.html.var was not found on this server.
View 5 Replies
View Related
Mar 10, 2015
I am using an apache reverse proxy :
httpd -version
Server version: Apache/2.2.15 (Unix)
Server built: Oct 16 2014 14:48:21
In front of an internet liferay server, I m forcing https connexion and my reverse proxy is the SSL endpoint, and it is working fine.
But inside the liferay page there are "http" link to other webserver, and browser are refusing to load them because they are http and not https.
Is there a way in the reverse proxy to rewrite "on the fly" "http" link to "https" so that everything would be load on the browser ?
I was thinking mod_proxy_html but it doesn't seams to do what I want.
View 2 Replies
View Related
May 6, 2014
I am trying to do reverse proxy for several web servers in my network.I have successfully configure the reverse proxy.However , when website with multimedia webpages are requested , the multimedia content is not displaying. What is is that I am missing in my config file.
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
#DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
[Code].....
View 15 Replies
View Related
May 25, 2011
I have an Apache reverse proxy set up. I have an IIS server on the backend with a site which must be HTTPS and must require client certificates (x509). It seems like the proxy is working great, but the client certificate is not getting passed along the HTTPS request from proxy to IIS. We keep getting 403.7 (Client certificate required) errors. How I can bridge the client certificate from Apache reverse proxy to IIS?
Our Apache proxy is not set up to require client certs, the IIS website is. What I would expect is that when we make a web request that goes through the proxy to the IIS server, that we would get challenged for a client cert for the IIS website (its set to require client certs like it always has) and that client cert information would be passed along the HTTPS request. We have to be able to programatically access the x509 cert through code on the IIS website, thats why we need to have the cert passed along.
View 8 Replies
View Related
Apr 12, 2013
I've set up a reverse proxy using the Ubuntu Apache2 package (2.2.2, with evidently an old version of mod_proxy_html), and it's about 50% functional, but certain images aren't loading.
I've tried with and without ProxyHTMLExtended on, but even with it on I'm not convinced that any non-inline scripts or CSS files are being properly handled, as they are being directed to my local root directory instead of /app1/, and when it is on, I can no longer log in to the internal webapp.
In the log, the only errors that stand out to me are those referencing things from relative root directories, like /images/* and /ajax/*. The image files are coming from separate CSS files, and it doesn't tell me where exactly the ajax references are originating.
Here is the relevant part of my VH config:
ProxyRequests Off
ProxyPass /app1/ http://example.com/
ProxyHTMLURLMap http://example.com /app1
ProxyHTMLLogVerbose On
LogLevel debug
<Location /app1/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /app1/
ProxyHTMLURLMap /images([^)]*) url(/app1/images$1) Rih
ProxyHTMLURLMap url(http://example.com([^)]*)) url(http://localhost/app1/) Rih
RequestHeader unset Accept-Encoding
</Location>
And here's an example of the errors:
[Thu Apr 11 23:22:50 2013] [error] [client 127.0.0.1] File does not exist: /var/www/images, referer: http://localhost/app1/css/examplefile.css
[Thu Apr 11 23:31:00 2013] [error] [client 127.0.0.1] File does not exist: /var/www/ajax, referer: http://localhost/app1/admin/
Comparing the source to the proxied version, I see that the images are going from "/images/*" to "/var/www/images/*".
View 1 Replies
View Related
Jun 22, 2015
My system consist of Ubuntu 14.04 server running LAMP. I am running Apache 2. On the same machine I am running Shiny server and running my apps through port 4949.
[URL] ....
I also am running an additional Shiny server copy on a virtual box through port 3838. All is running very good. I have an html web page running on Apache 2. I can view it and all my apps running on both Shiny servers from any place on the web.
My concern, however is security. I have port 3838, 4949, and 80 open. How can I set up Apache to run as a reverse proxy for my both of my Shiny servers (ports 4949, and 3838) and also continue to host my web page securely.
I have also attempted to set up a self-signed certificate using the following procedure but it is not working. I used the following instructions and followed them verbatim.
[URL] ....
How to set up a reverse proxy for my Shiny servers?
View 3 Replies
View Related
Dec 3, 2008
I'm not sure if this is the right forum, or if anyone can suggest a message board where I might get support on this.
This is what I have. I have Apache and IIS both running on Windows 2k3.
Apache is running in reverse Proxy mode sending multiple domains/virtual hosts to IIS.
Code:
ProxyRequests Off
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://localhost:8080
ProxyPassReverse / [url]
ServerName mydomain.com
</VirtualHost>
Now, if I type in [url]everything works great and IIS (listening on 127.0.0.1:8080) serves the page. However, I am doing custom error trapping, so when I type in [url](and /mydirectory doesn't exist on IIS) I need to fire ASP code (via custom error messages/handling) on the IIS server and then present a data driven page.
However, Apache is returning A 502 error:
Code:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /mydirectory.
Reason: DNS lookup failure for: localhost:8080mydirectory
Is there a way for me to setup Apache to pass all error checking to IIS while using it as a reverse proxy?
View 0 Replies
View Related
May 11, 2009
I'd appreciate if you can point out some links, or if anyone is willing to help me for a fee, we can talk about it.
I have a web application called MyApp
- Each MyApp user has 5gb hosting, and a web interface to manage their files.
- Therefore MyApp user gets a user account on linux machine and has access to only one directory /repo/usr/<user_id> and nowhere else. (suexec?)
- If that MyApp user creates a subdomain from any folder inside his home folder (he can do that using web interface), that folder is readable by www-data user not writable.
- That myapp user is able to mount/unmount his own ftp drives using curlftpfs.
- In short, users can only mess with their own files and they have no access nor rights to any other file that is outside of their home dir.
In short, this is a kind of hosting company server setup. Right now, we will have to manage all this from -only- one powerful server.
View 2 Replies
View Related
Jun 10, 2013
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
View 3 Replies
View Related
Oct 1, 2014
Is it possible to verify client certificate based on username?If possible, How can we implement it in our httpd-ssl.conf file.
View 1 Replies
View Related
May 12, 2009
way to centrally login our FTP clients. We currently run ftp1/2/3/4.[url]and would like to have simply [url]which would authenticate the user and push the user to the relevant server.
This would hopefully work in the same way as a Radius Proxy.
Is this possible on either windows or linux?
View 0 Replies
View Related
May 26, 2009
if my main site hosted in usa and reverse proxy server located in UK or Canada. will my site load still quickly or be slow dramtically? both use linux and apache. or canada user will quickly load my site or still slow? how about usa customers?
View 5 Replies
View Related
Jun 7, 2009
Is possible to config a reverse proxy to connect with the website(hosting at bluehost) in VPS?
View 3 Replies
View Related
Apr 30, 2007
I researched a few options and have come to this conclusion use Ultramonkey (LVS + HA Proxy) -> apache2 mod_php/ mod_python (serve php / python)
-> lighttpd (serve static files)
-> mongrel (ruby server)
View 1 Replies
View Related
Oct 3, 2009
a simple reverse proxy server but with good re-write rules engine.
View 5 Replies
View Related
Jun 30, 2009
Does deploying a reverse proxy in front of the web/db server reduce the threat of SQL injection?
Emphasis on 'reduce' the threat - or does it provide no help at all?
View 3 Replies
View Related
Apr 26, 2009
I have a mobile email application (for Zimbra) that is not compatible with HTTPS, only with HTTP.
Is it possible to configure a Reverse Proxy so I can bypass the SSL? Something like this:
[url]<-> REVERSE PROXY <-> [url]
I was able to configure a Reverse Proxy but when it comes to https, something does wrong! here is my vhost config:
Quote:
NameVirtualHost mail.domain.com:*
<VirtualHost *>
ServerName mail
ServerAlias mail.domain.com
ProxyPreserveHost On
ProxyVia full
SSLProxyEngine On
ProxyRequests On
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / https://mail.domain.com/
ProxyPassReverse / https://mail.domain.com/
</VirtualHost>
I have all mod_proxy modules (and its sub-mods) load. If this is possible to achieve, I think it's only a manner of configuration lamess.
Have someone configured anything like this before?
View 2 Replies
View Related