HAProxy Redirect URL - url-rewriting

I am using HAProxy 1.8, I need to make redirection rules, but I do not know the tool well, I have tried but it fails me in some particular cases with different clients.
Client Applications: Adobe Flex 3 (Web) and .Net (Web, WebServices and Desktop).
Necessary redirection example:
Current URL: http://oldsite.com/WS/WSInfo/WSDataClient
URL redirection: http://web1.site.com/WS/WSInfo/WSDataClient
I must perform several redirects (so I have to repeat the rule many times), I can not redirect all "olsite.com" to "web1.site.com", since both balancers will have concurrent calls, not all services, "http://oldsite.com" will stop being used.
The rule of HAProxy:
###----SERV_WSInfo_WSDataClient_test
acl withwsdl_SERV_WSInfo_WSDataClient url /WS/WSInfo/WSDataClient_test?wsdl
acl notwsdl_SERV_WSInfo_WSDataClient path_beg /WS/WSInfo/WSDataClient_test
http-request redirect location http://web1.site.com/WS/WSInfo/WSDataClient?%[query] code 301 if withwsdl_SERV_WSInfo_WSDataClient
http-request redirect location http://web1.site.com/WS/WSInfo/WSDataClient code 301 if notwsdl_SERV_WSInfo_WSDataClient
This works in the Flex applications that consume it, but not in the .Net point, I have been able to detect that:
Flex calls WSDL twice from the service (I suspect that by the redirect of the rule), but it works.
.Net, on the other hand, never asks for the WSDL and the service returns error, blank response.
Someone can recommend how would be the correct way to implement the
rule to achieve the necessary redirection.
To redirect an HTTPS with that same URL, should I add more logic?
They think that I'm not using the necessary tool to do it, they can recommend another one (currently HAProxy is used but if I manage to make it work in another Proxy, I could ask to evaluate).
I thank you for your help since I do not use the tool and I am not from the network area.

Given they are both on different HAProxy servers makes it a bit easier as you dont need to worry about an acl for the new domain. Here is a simple acl that doesnt worry about the querystring at all.
acl is_SERV_TEST url_beg -i /WS/WSInfo/WSDataClient
This acl checks the beginning of the url (case insensitive with the -i) against our url we need to redirec the prefix (host).
http-request redirect code 301 prefix http://web1.site.com if is_SERV_TEST
The redirection simply changes the prefix and maintains the remainder of the URL. For this reason we dont need to worry about the query string etc.
Full Code
acl is_SERV_TEST url_beg -i /WS/WSInfo/WSDataClient
http-request redirect code 301 prefix http://web1.site.com if is_SERV_TEST
SSL Question
For SSL related rewrites this is a double edge sword, and this is against the requirement of the company. For example if you want all request from http://oldsite.com to go to the SSL (HTTPS) url for web1.site.com then you should be doing that in your 301 redirect.
So you would simply change the rewrite prefix to https://web1.site.com.
Finally if you also need to mange the 301 redirect for ssl (ie over port 443) you should create another listener frontend binding to :443 and use the same rules as your port :80 listener.

Related

Url Rewrite in Self-Hosted environment

I have a SignalR-service in two api-versions running in self-hosted Owin processes. I want to route traffic for api.service.com to either api1.service.com or api2.service.com depending on a http-header (api-ver) in a request. Is this possible to do with Owin middleware or in some other way without having to host this in IIS or using a 3rd party reverse proxy or similar? I was hoping it could be done with "Url Rewriting" but I don't know if this is possible in self-hosting?
Have you considered this, I am in the same boat and thinking it will resolve my problem. But to answer your question it does seem possible in self-hosted environments.
Owin.UrlRewrite
EDIT - This library doesn't work (at least I sure can't get it to work). I did experiment with an OWIN middleware of my own and it can be done with redirects but there is a flicker in the URL to essentially the hashtag url (before the client router kicks in (Aurelia in my case) and makes it the non-hash url). Best I can say is this is a limited use case (Self-hosting with need for URL Rewriting) as I cannot find a pre-made solution to do this.

How to add tomcat virtual hosts instances programatically

I was working for the last 2 years on building a social network for companies using Grails.
A new requirement appeared which is creating separate virtual host for each company that will have it's own database of users, timelines, etc (I would like to avoid rewriting all the service layer)
So initially the application was running on http://www.my-social-network.com for example
Now using an admin console that we will have to develop, companies should be able to create their own subdomain like this : http://company1.my-social-network.com and so on.
The web server that we are using is Apache 2.2 + tomcat 6
Is there someone who has an idea about how to do it?
Ideally I want to have one instance of the application that receives requests with different host names so it can behave differently in order to save resources because Grails consumes too much memory.
For example :
subdomain1.my-social-network.com --> apache 2 --> my-social-network.com (+ specific headers) --> tomcat
If such thing was possible, is there a way to select a datasource depending on a request parameter or header?
Any help is appreciated
There are a number of different options you can take, but first you need to make a decision on how you are going to implement this at the lowest level:
You can take the requests to subdomain1.my-social-network.com and redirect the user to my-social-network.com.
Same as above but use HTTP 302, HTTP 303 or HTTP 307 instead.
Simply show the contents of the site, responding with HTTP 200 (probably the best approach as these domains are meant to be permanent). Further text assumes this option.
Next, you need to have a servlet filter which intercepts all HTTP traffic and has a map {virtual_path -> real_site}. This filter can simply set relevant request attribute (hint: servletRequest.setAttribute(String, Object)) when it detects that requested virtual path is recognized.
If a user creates/renames/deletes a domain/virtual path, you would populate the map accordingly.
Finally, your render component should check that parameter and render relevant site. It is really hard to elaborate further without knowing more details on how your application works.

Apache internal rewrite module for unique URLs?

I am trying to create a secure download web app with the following scenario. Anybody know how this can be achieved:
1) The user is given a one-time URL
a) This one-time URL is stored in an Oracle DB mapped to the actual URL
2) When the user visits the one-time URL:
a) Apache module connects to the DB to see if the one-time URL exists
b) if it exists, apache does an internal rewrite to the actual URL
c) if not, then 404 or any sort of error (404 or something else) is good enough
2.a and 2.b are the what I am looking answers on. I am not sure how to do this and make sure the rewrites happen internally.
Thanks
This should be possible using the new dbd-type RewriteMap functionality available in the trunk version of Apache. Obviously with this being the current development branch of the server you'll need to be careful about config-breaking changes over time.
RewriteEngine On
RewriteMap urlmapper "dbd:SELECT redirect_url from my_table WHERE some_key = %s"
RewriteRule /one_time/(.+) ${urlmapper:$1|/404.html}
Of course you will need some additional logic for handling cases where no results are returned.
http://httpd.apache.org/docs/trunk/rewrite/rewritemap.html#dbd
AFAIK this is not possible just by apache. What you must want to do is:
Configure apache to redirect that unique links to a server script which will make the "magic" happen
the server script checks if the unique provided url is still valid and acts in accordance:
serves the file and invalidate (delete or mark as served) the unique-url row in database
replies with status 404 or redirects to a 404 page in other cases
The exact details on how to make things happen depends on the scripting engines available to you on the server, and your preferences. It can be done in a variety of engines, from php to cgi to .NET to asp and many others.
Figured this out... You can achieve this using XSEND (https://tn123.org/mod_xsendfile/)... Setup a php script to handle any URI's with file download and denied all access to the actual file directory so the only way to get the file it to force it through XSEND.

mod_rewrite and server environment variables

The setup I have is as follows:
I have one Apache server acting as a URL rewriting engine (SERVER1).
I have a second server (Apache too) which runs a web application (SERVER2). First tries to authenticate users. Part of the authentication protocol involves a lot of redirection between that application server and the authentication server.
My problem is that once the authencation is successfull, the authentication server needs to redirect the user back to the application server, which is only visible from SERVER1. Effectively, SERVER2 needs to be able to reconstruct a URL based on SERVER1's parameters.
Most of the environement variable are helpful i.e. I know the host name, script name, page called etcc but I can 't figure out wether the call was made through HTTP or HTTPS: that information is wiped in the rewrite process by SERVER1...
Anybody knows if/how I can get that information through environement variables? I am limited in that I can't use query string parameters...
Thanks all !
This may sound strange, but I have found part of the answer to my question.
The rewrite engine (at least in Apache 2, I haven't looked anywhere else) allows for writting extra request header.
The rule should look something like that.
RewriteRule .* -
[E=INFO_PATH_INFO:%{PATH_INFO},NE]
Put simple, it creates a new header called INFO_PATH_INFO and sets the value to PATH_INFO.
( For more info check out http://www.askapache.com/htaccess/crazy-advanced-mod_rewrite-tutorial.html )
Then it can be retrieved in any languages.
For info I am using Oracle's OWA which adds an extra layer of complication due to the fact that the default environment variables are limited to a few and additional variables need to be specified in thr dads.conf
Hope this will help anyone !

How to setup suffix proxy server

Can anyone guide me for setting up suffix proxy server , so that user can access some specific sites cached in our campus server without doing any configuration in their browsers.
by suffix proxy i mean that if user wants to open http: //en.wikipedia.org/wiki/Proxy_server page then he should enter link:
http ://en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server (where campusproxy.net is our proxy server) and this requested page can be retrived from our proxy server in place of wikipedia.org
It's a redirect really - your server needs to have a url check that will catch the prefix portion of the url and for this you obviously need unlimited prefix's available from the registered domain URI then it just reforms the uri of the prefix makes the request for the page and then presents it as content to the user - normally you'll also inject a banner at the top of the page also.
so it goes
User - http-get en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server
your server takes this and creates "en.wikipedia.org/wiki/Proxy_server" via a script or what have you.
CAMPUSPROXY.NET http-get en.wikipedia.org/wiki/Proxy_server
inject the banner code into the webpage via a script or what have you.
probably also modify the html tags and headers to include your prefix proxy info
some knowledge of python - perl or whatever is all you need together with apache or similar server, their are of course scripts out there already but if you do that you'll learn nothing.

Resources