Re: [Dspace-tech] Apache redirect and IP based authentication
Are the users inside that IP range then going through EzProxy when accessing that port? If so, EZProxy is forwarding requests to dspace for your client. Thus depending on configuration of your EZ Proxy, the IP of the request is your EZProxy server. Likewise, given configuration there may be a X-Forward-For http header... http://en.wikipedia.org/wiki/X-Forwarded-For This would contain your users IP address, which you could then restrict on. However, if you not doing that, can you post your Proxy info you added to your httpd configuration. You should not even need to have port 8080 running if you use it. Should look like... ProxyPass/ ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ Mark On Tue, Feb 16, 2010 at 11:35 AM, Jason Fowler jfow...@sbts.edu wrote: Mark, Great fix! That worked perfectly for the redirection of port 80 to 8080. However, it didn't fix the problem with IP based authentication. Here's a little more information about our setup. We are trying to use EZProxy in conjunction with IP based authentication to give access to our dissertations. The behavior of a proxied request is basically the same as it was when we omitted the port number before. We can see the item within DSpace, but we can't download the file. Any ideas? Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI 502-897-4573 jfow...@sbts.edu From: mdigg...@gmail.com [mdigg...@gmail.com] On Behalf Of Mark Diggory [mdigg...@atmire.com] Sent: Saturday, February 13, 2010 1:24 PM To: Jason Fowler Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Apache redirect and IP based authentication Jason, I would be using mod_proxy or more specifically mod_proxy_ajp for communicating between Apache and Tomcat via the ajp port/protocol on mod_rewrite/redirect. I suspect that your problem is that the client IP of the request to tomcat is that of the local machine, AJP will properly pass the header information. http://rimuhosting.com/mod_jk2_and_mod_proxy_ajp.jsp Mark On Sat, Feb 13, 2010 at 6:59 AM, Jason Fowler jfow...@sbts.edu wrote: I'm having a bit of a problem. We're running Dspace 1.5.2 on a Fedora machine. We are using Tomcat, but we also have an Apache redirect set up so that the port number doesn't show up for our site. Basically, it redirects traffic on port 80 to port 8080, but the port number doesn't show. For our dissertation collection, we use IP based authentication. The IP authentication works perfectly when one tries to download the file from inside the correct IP range using an address that has the port number. However, if you try to access it with the port number trimmed off, you can't download the file. Can anyone explain why this might be happening and what a fix might be? I'm at a loss. Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI jfow...@sbts.edu -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- Mark R. Diggory Head of U.S. Operations - @mire http://www.atmire.com - Institutional Repository Solutions http://www.togather.eu - Before getting together, get t...@ther -- Mark R. Diggory Head of U.S. Operations - @mire http://www.atmire.com - Institutional Repository Solutions http://www.togather.eu - Before getting together, get t...@ther -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Apache redirect and IP based authentication
Mark, Great fix! That worked perfectly for the redirection of port 80 to 8080. However, it didn't fix the problem with IP based authentication. Here's a little more information about our setup. We are trying to use EZProxy in conjunction with IP based authentication to give access to our dissertations. The behavior of a proxied request is basically the same as it was when we omitted the port number before. We can see the item within DSpace, but we can't download the file. Any ideas? Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI 502-897-4573 jfow...@sbts.edu From: mdigg...@gmail.com [mdigg...@gmail.com] On Behalf Of Mark Diggory [mdigg...@atmire.com] Sent: Saturday, February 13, 2010 1:24 PM To: Jason Fowler Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Apache redirect and IP based authentication Jason, I would be using mod_proxy or more specifically mod_proxy_ajp for communicating between Apache and Tomcat via the ajp port/protocol on mod_rewrite/redirect. I suspect that your problem is that the client IP of the request to tomcat is that of the local machine, AJP will properly pass the header information. http://rimuhosting.com/mod_jk2_and_mod_proxy_ajp.jsp Mark On Sat, Feb 13, 2010 at 6:59 AM, Jason Fowler jfow...@sbts.edu wrote: I'm having a bit of a problem. We're running Dspace 1.5.2 on a Fedora machine. We are using Tomcat, but we also have an Apache redirect set up so that the port number doesn't show up for our site. Basically, it redirects traffic on port 80 to port 8080, but the port number doesn't show. For our dissertation collection, we use IP based authentication. The IP authentication works perfectly when one tries to download the file from inside the correct IP range using an address that has the port number. However, if you try to access it with the port number trimmed off, you can't download the file. Can anyone explain why this might be happening and what a fix might be? I'm at a loss. Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI jfow...@sbts.edu -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- Mark R. Diggory Head of U.S. Operations - @mire http://www.atmire.com - Institutional Repository Solutions http://www.togather.eu - Before getting together, get t...@ther -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] Apache redirect and IP based authentication
I'm having a bit of a problem. We're running Dspace 1.5.2 on a Fedora machine. We are using Tomcat, but we also have an Apache redirect set up so that the port number doesn't show up for our site. Basically, it redirects traffic on port 80 to port 8080, but the port number doesn't show. For our dissertation collection, we use IP based authentication. The IP authentication works perfectly when one tries to download the file from inside the correct IP range using an address that has the port number. However, if you try to access it with the port number trimmed off, you can't download the file. Can anyone explain why this might be happening and what a fix might be? I'm at a loss. Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI jfow...@sbts.edu -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Apache redirect and IP based authentication
Jason, I would be using mod_proxy or more specifically mod_proxy_ajp for communicating between Apache and Tomcat via the ajp port/protocol on mod_rewrite/redirect. I suspect that your problem is that the client IP of the request to tomcat is that of the local machine, AJP will properly pass the header information. http://rimuhosting.com/mod_jk2_and_mod_proxy_ajp.jsp Mark On Sat, Feb 13, 2010 at 6:59 AM, Jason Fowler jfow...@sbts.edu wrote: I'm having a bit of a problem. We're running Dspace 1.5.2 on a Fedora machine. We are using Tomcat, but we also have an Apache redirect set up so that the port number doesn't show up for our site. Basically, it redirects traffic on port 80 to port 8080, but the port number doesn't show. For our dissertation collection, we use IP based authentication. The IP authentication works perfectly when one tries to download the file from inside the correct IP range using an address that has the port number. However, if you try to access it with the port number trimmed off, you can't download the file. Can anyone explain why this might be happening and what a fix might be? I'm at a loss. Jason Fowler, CA, MSLS Archives and Special Collections Librarian The Southern Baptist Theological Seminary Vice President, ALABI jfow...@sbts.edu -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- Mark R. Diggory Head of U.S. Operations - @mire http://www.atmire.com - Institutional Repository Solutions http://www.togather.eu - Before getting together, get t...@ther -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech