I am using a Spring Boot fat jar for serving backend and static files. I need to let it run behind an apache2. But I am getting the malicious string errors for "//" from the firewall:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "//"
at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:369) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:336) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
...
My application properties are:
server:
port: 9001
address: 127.0.0.1
forward-headers-strategy: framework
And my apache2 virtual host is:
<VirtualHost *:80>
ServerName XXX
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPass / http://localhost:9001/
ProxyPassReverse / http://localhost:9001/
RewriteEngine on
RewriteCond %{SERVER_NAME} =XXX
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Where "XXX" is the servername.
What am I missing here? I don't really want to reconfigure the firewall because I think there must be a solution without changing it.
To answer my question: I forgot to change the ssl confgiuration with:
<VirtualHost *:443>
...
</VirtualHost>
So if you have the same problem it may be the missing changes in the right config.
Related
I have done redirection in apache before but in a simple way what I do is that enable rewrite module in apache server and then add the two .conf file in /etc/apache2/sites-available mentioned below
The below file is for redirecting HTTP request received throw domain to a specific port.
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =chat-dev.motivone.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The below file is for redirecting HTTPS request received throw domain to a specific port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
SSLCertificateFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
this process just works fine when I run my server throws HTTP and change proxy to HTTP but when I run my server on https and then try to redirect it. its throw the error like
i am not sure what is wrong ay kind of help is appriciable thanks in advance
I'm trying to configure Apache HTTPD 2.4 to front two different applications being hosted on the same server.
App1 is reachable on port 8080 (Tomcat)
mysingledomain.com:8080
App2 is reachable on port 3030 (Ruby [Dashing])
mysingledomain.com:3030
What I want to do is reach them respectively as mysingledomain.com/App1 and mysingledomain.com/App2
My situation is a lot like how this question start:
Host 2 Sites in HTTPD
These are both SPA applications but I'm getting quite confused on how to set this up when I do not have a DocumentRoot to separate the configuration.
How would I setup HTTPD to front the HTTP requests in this manner?
I was able to configure the ruby application to adhere to a subpath with the following configuration, but this affects the other:
<VirtualHost *:80>
ProxyRequests On # <---- WARNING DO NOT DO THIS
ProxyVia On
ProxyPreserveHost On
RewriteEngine On
ProxyPass "/app2" "http://192.168.0.62:3030/" retry=0
ProxyPassReverse "/app2/" "http://192.168.0.62/"
RewriteRule "^/assets/(.*)" "/app2/assets/$1" [R]
RewriteRule "^/views/(.*)" "/app2/views/$1" [R]
</VirtualHost>
It should be as simple as this:
<VirtualHost *:80>
ServerName mysingledomain.com
ProxyPreserveHost On
ProxyPass /App1/ http://127.0.0.1:8080/
ProxyPassReverse /App1/ http://127.0.0.1:8080/
ProxyPass /App2/ http://127.0.0.1:3030/
ProxyPassReverse /App2/ http://127.0.0.1:3030/
</VirtualHost>
iv'e been looking through and am trying to find a solution to force HTTPS on apache-reverse-proxy behind AWS ELB without success.
my sites-enabled config file looks like this.
<VirtualHost *:80>
ServerAlias *.domain.net
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} http
RewriteRule https:// %{SERVER_NAME}%{REQUEST_URI} [R=301,L]
ProxyPass / http://{10.10.10.21}/
ProxyPassReverse / http://{10.10.10.21}/
</VirtualHost>
however i never get any redirect back to the browser when i hit the server on port 80. the proxypass and reverse are kicking in, but not the redirect.
i see that by enabling rewrite-trace level 8 as follows:
ive been on this for too long now....
any help will be greatly appreciated!
We have a client server hosting our web application using Apache 2.2 & Tomcat 6 in RHEL. I have setup apache re-write rule for http to https redirection and it works fine. We have two DNS names that are used to access the same application. Test1.com and Test2.com. I want all the users trying to access http:// test1.com or https:// test1.com to https:// test2.com. As mentioned, http:// test1.com to https:// test2.com redirection is working fine. I am not able to implement https://test1.com to https://test2.com.
I have tried Virtual Hosts, ServerAlias, NameVirtualHost, but nothing works. Any suggestions if we can handles this via re-write would help. Any other pointers that might lead to the resolution of this issue will be appreciated.
Thanks
I solved this issue with redirect, but I had to setup virtual host for https redirect with all necessary ssl settings.
<VirtualHost *:80>
ServerName test1.com
Redirect "/" "https://test2.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName test1.com
Redirect "/" "https://test2.com/"
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site.crt
SSLCertificateKeyFile /path/site.key
SSLCertificateChainFile /path/DigiCertCA.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
<VirtualHost *:443>
ServerName test2.com
...
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site.crt
SSLCertificateKeyFile /path/site.key
SSLCertificateChainFile /path/DigiCertCA.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
Try the following:
RewriteEngine On
RewriteCond %{HTTP_HOST} test1.com$
RewriteRule ^(.*)$ https://test2.com$1 [L,NC,R=301]
If you have a <VirualHost> for both :80 and :443, this redirect should go in both configurations.
I had site1 with https (certificate) and site2 with http (without certificate), both on the same IP (virtual hosts.
Then I noteiced that site2 was getting incorrectly indexed by Google for https, using site1's content.
Whilst for RewriteCond listening
for port 80, the redirect needs to
sit in the .htaccess for site2,
for port 443, the redirect needs to
sit in the .htaccess for site1.
But then the discrimination no longer goes by port but by HTTP_HOST (the DNS name).
For me, site1 = shop.smartgart.com, site2 = one0.com.
I put this into site1's .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^shop.smartgart.com$
RewriteRule ^(.*)$ https://shop.smartgart.com/$1 [R=301,L]
That is: If the HTTP_HOST being handled is not site1, then redirect to site1, using the supplied suffix ($1).
Works for me!
I solved this issue with MULTIPLE redirects, not the same as #A Kunin 's answer.
Because I use different certificates for both site, and it will report certificate error if I just redirect from httpS://test1.com to httpS://test2.com.
My solution is: httpS://test1.com --> http://test1.com --> httpS://test2.com
<VirtualHost *:80>
ServerName test1.com
Redirect "/" "https://test2.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName test1.com
#### The Tricky ####
Redirect "/" "http://test2.com/"
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site1.crt
SSLCertificateKeyFile /path/site1.key
SSLCertificateChainFile /path/DigiCertCA1.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
<VirtualHost *:443>
ServerName test2.com
...
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site2.crt
SSLCertificateKeyFile /path/site2.key
SSLCertificateChainFile /path/DigiCertCA2.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
What I am trying to achieve is the following:
I want to have numerous subdomains such as abc.domain.com redirect to a url such as www.domain.com/something?subdomain=abc
Since I am redirecting to a fully qualified domain, I needed to use a reverse proxy to avoid the change of the URL in the browser. (using the [P] Flag and turning on the mod_proxy module and some other modules)
This is my DNS setup
*.domain.com. 14400 A 111.111.11.1
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:80>
ServerName www.domain.com
ServerAlias *.lionite.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs
UseCanonicalName off
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTP_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) http://www.domain.com/something?subdomain=$1 [P,L]
This setup is working fine (Let me know if you think you can improve it of course).
My main problem is when I am trying to setup https://
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:443>
ServerName www.domain.com:443
ServerAlias *.domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf.d/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/cert/server.key
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTPS_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTPS_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) https://www.domain.com/something?subdomain=$1 [P,L]
</VirtualHost>
Whenever I call https://abc.domain.com - the response I am getting is the homepage but no matter what I am appending to the end of the subdomain, I will get the same response. It's like the rewrite isn't responding well.
Any help would be appreciated, or if you could share how you'd setup reverse proxy, rewrite, wildcard subdomain and SSL all together
Thanks,
I have had this same problem as well. The only way I solved it was to put different domains that need secure connection on different Listen ports because I was limited with IP addresses.
From my understanding, the problem is that in the https protocol the HOST is not included in the request. So when the request reaches the server, apache just uses the first match on the IP and port the connection was received on because it does not know the domain it was requested from.
The only work around for this is to have a different IP for each domain, or a different port.
Unfortunately you are out of luck using https with a wildcard domain setup, I don't believe there is anyway to get it to work.