RE: [users@httpd] Reverse Proxy with internal redirects

Mon, 24 Jul 2006 09:23:20 -0700


Let me see if I can explain what's happening.

User requests http://external-apps
Apache processes Virtual host external-apps
        ProxyPass / http://internal-apps/
The Internal apps server denies access and requires authentication.
Internal app server redirects the user to http://internal-sso and not http://external-sso
        (at this point the external user does not know where internal-sso is located and errors out)
Since the user is still being processed in external-apps virtual host the ProxyPassReverse will not work
       
I cannot put in the following config, since the redirction still needs to go to http://external-sso
        ProxyPass / http://internal-sso/    # Can't be included in external-apps virtual host
                                        # This will redirect to http://external-apps


********** Stripped Down Virtual Hosts ************
<VirtualHost 192.168.1.200:80>
    ServerName external-apps
    ProxyRequests Off
    RewriteEngine On
    ProxyPreserveHost  On
    ProxyPass / http://internal-apps/
    ProxyPassReverse / http://internal-apps/
</VirtualHost>


<VirtualHost 192.168.1.201:80>
    ServerName external-sso
    ProxyRequests Off
    RewriteEngine On
    ProxyPreserveHost  On
    ProxyPass / http://internal-sso/
    ProxyPassReverse / http://internal-sso/
</VirtualHost>
********** *********************************************







>I have a 2 node internal environment. http://internal-apps and
>http://internal-sso.  The reverse proxy has two virtual hosts configured
>as http://external-apps and http://external-sso.  All reverse proxy
>configs work except when the application server needs to authenticate to
>the sso server.  The app server redirects the client to the internal name
>of the sso server and not to the external name.  There is no way to change
>the redirection problem on the app server.

>My question is, can the location header variable be rewritten before the
>external client receives it and makes the request to the internal server
>name?

Despite of the fact that i don't know your real configuration,
i would say, you miss
   ProxyPassReverse ...
 or
   ProxyPreserveHost On

More is only possible when you show a real config

Bye

Oliver
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Attachment: winmail.dat
Description: Binary data

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to