Help with ProxyPassReserve

Topics: User Forum
May 14, 2010 at 10:21 AM

Hi all,

I have IIRF installed on box 172.16.20.39 at port 81 and have iirf.ini like this:

ProxyPass          ^/(.*)$   http://172.16.10.15:8080/$1

ProxyPassReverse    /        http://172.16.10.15:8080/

The purpose is letting users access application in tomcat at difference network segment (box 172.16.10.15 port 8080). Do a test:

wget http://172.16.20.39:81

--17:49:37--  http://172.16.20.39:81/

Connecting to 172.16.20.39:81... connected.

HTTP request sent, awaiting response... 302 302 Moved Temporarily

Location: http://172.16.10.15/login.htm;jsessionid=949F8C89962F43A32343447DFE0C49FAContent-Type: text/html;charset=UTF-8 [following]

--17:49:37--  http://172.16.10.15/login.htm;jsessionid=949F8C89962F43A32343447DFE0C49FAContent-Type:%20text/html;charset=UTF-8

Connecting to 172.16.10.15:80... connected.

HTTP request sent, awaiting response... 302 Found

Location: https://172.16.10.15/login.htm%3bjsessionid=949F8C89962F43A32343447DFE0C49FAContent-Type:%20text/html%3bcharset=UTF-8 [following]

--17:49:37--  https://172.16.10.15/login.htm%3bjsessionid=949F8C89962F43A32343447DFE0C49FAContent-Type:%20text/html%3bcharset=UTF-8

Connecting to 172.16.10.15:443... connected.

ERROR: certificate common name `test1.local' doesn't match requested host name `172.16.10.15'.

To connect to 172.16.10.15 insecurely, use `--no-check-certificate'.

Unable to establish SSL connection.

 

It seems that IIRF does not transform the Location header. I assume that my ProxyPassReserve string is incorrect. Anyone with this experience, please help!

Thank you very much,

Son

Coordinator
May 14, 2010 at 1:56 PM

I don't know exactly what I'm seeing there.

IIRF does transform the Location header in 30x responses to proxied requests.

IIRF transforms the header according to the ProxyPassReverse rule in your ini file.  Your rule says "transform the location header if it begins with http ://172.16.10.15:8080/ . The actual location header received does not begin with that string, as far as I can tell. Specifically, the port is different. Therefore IIRF does not transform it.

You might need a ProxyPassReverse rule that specifies http ://172.16.10.15/ . I can't be certain, though, that would be enough. It depends on the transaction flow required for the login.

May 15, 2010 at 3:32 AM

Thank you for guidance. Now, I understand how ProxyPassReverse works.

 

Thank you very much,

Son