Ok so the question is, "Can I use in Apache SSI files located on another local server?"
The example is quite simple. Lets say I have an index.shtml on first server and inner.shtml on the second one.
Will this work?
If not, what can work?
Ok, so the answere to this is NO I cannot do it, but there is a way to bypass it.
If I include the call to SSI and using Mod_Proxy I can channel it to a diferent Apache. Like this:
<Location /external>
RequestHeader unset Accept-Encoding
ProxyPass http://SERVER2/api/search-software
</Location>
The apache will work on it, but remember that you have to unset the encoding in order for the GZIP not to work on it.
Related
I am using HAProxy 1.8, I need to make redirection rules, but I do not know the tool well, I have tried but it fails me in some particular cases with different clients.
Client Applications: Adobe Flex 3 (Web) and .Net (Web, WebServices and Desktop).
Necessary redirection example:
Current URL: http://oldsite.com/WS/WSInfo/WSDataClient
URL redirection: http://web1.site.com/WS/WSInfo/WSDataClient
I must perform several redirects (so I have to repeat the rule many times), I can not redirect all "olsite.com" to "web1.site.com", since both balancers will have concurrent calls, not all services, "http://oldsite.com" will stop being used.
The rule of HAProxy:
###----SERV_WSInfo_WSDataClient_test
acl withwsdl_SERV_WSInfo_WSDataClient url /WS/WSInfo/WSDataClient_test?wsdl
acl notwsdl_SERV_WSInfo_WSDataClient path_beg /WS/WSInfo/WSDataClient_test
http-request redirect location http://web1.site.com/WS/WSInfo/WSDataClient?%[query] code 301 if withwsdl_SERV_WSInfo_WSDataClient
http-request redirect location http://web1.site.com/WS/WSInfo/WSDataClient code 301 if notwsdl_SERV_WSInfo_WSDataClient
This works in the Flex applications that consume it, but not in the .Net point, I have been able to detect that:
Flex calls WSDL twice from the service (I suspect that by the redirect of the rule), but it works.
.Net, on the other hand, never asks for the WSDL and the service returns error, blank response.
Someone can recommend how would be the correct way to implement the
rule to achieve the necessary redirection.
To redirect an HTTPS with that same URL, should I add more logic?
They think that I'm not using the necessary tool to do it, they can recommend another one (currently HAProxy is used but if I manage to make it work in another Proxy, I could ask to evaluate).
I thank you for your help since I do not use the tool and I am not from the network area.
Given they are both on different HAProxy servers makes it a bit easier as you dont need to worry about an acl for the new domain. Here is a simple acl that doesnt worry about the querystring at all.
acl is_SERV_TEST url_beg -i /WS/WSInfo/WSDataClient
This acl checks the beginning of the url (case insensitive with the -i) against our url we need to redirec the prefix (host).
http-request redirect code 301 prefix http://web1.site.com if is_SERV_TEST
The redirection simply changes the prefix and maintains the remainder of the URL. For this reason we dont need to worry about the query string etc.
Full Code
acl is_SERV_TEST url_beg -i /WS/WSInfo/WSDataClient
http-request redirect code 301 prefix http://web1.site.com if is_SERV_TEST
SSL Question
For SSL related rewrites this is a double edge sword, and this is against the requirement of the company. For example if you want all request from http://oldsite.com to go to the SSL (HTTPS) url for web1.site.com then you should be doing that in your 301 redirect.
So you would simply change the rewrite prefix to https://web1.site.com.
Finally if you also need to mange the 301 redirect for ssl (ie over port 443) you should create another listener frontend binding to :443 and use the same rules as your port :80 listener.
The trouble is, while PL/SQL procedures do generate HTML, I cannot make image folder work. That is, when I try to insert an IMG tag, it shows that it can't find that file in /xxx/img folder.
I tried to redefine DocumentRoot in httpd.conf - it works only on that folder itself, not recursively.
I tried to change DOCUMENT_ROOT in dads.conf - it doesn't work at all.
So the question is, how can I make images deep inside that root folder show up?
At last I have found an answer and a reason of this behavior.
The reason is Oracle's hand-made handler, pls_handler, used for any DADs, made up as Apache Locations.
Trying to create folders for storing images like $ORACLE_HOME/htdocs/myapp/img, I interfered with that directive:
<Location /myapp>
SetHandler pls_handler
# lots of stuff
</Location>
And thus, anything under $ORACLE_HOME/htdocs/myapp folder was processed as PL/SQL procedures.
This is a plain Apache configuration issue. You simply must define an alias in your Apache configuration file.
Assume that your image resources are in a directory /middleware/project/img. Then just add the following line to your httpd.conf or (that's where I configure it) dads.conf:
Alias /i/ "/middleware/project/img/"
If you now have a file alert.png in your /middleware/project/img directory you can access it with an /i/alert.png url.
I use privoxy action file for proxy some domain, it works well
{{alias}}
proxy = +forward-override{forward-socks5 localhost:55501 .}
{proxy}
.demo1.com
.demo2.com
now I want exclude some sub-domain, for example:
noproxy.demo1.com
What should I write in the action file ?
Try to put this code behind:
{-forward-override}
noproxy.demo1.com
- to disable.
And From the manual:
For multi-valued actions, the actions are applied in the order they are specified.
Got the same issue. The answer above is almost correct.
Documentation on https://www.privoxy.org/user-manual/actions-file.html#FORWARD-OVERRIDE says
"forward ." to use a direct connection without any additional proxies.
So, correcting the previous answer:
{+forward-override{forward .}}
yourdomain.com
Will do bypass the proxies for yourdomain.com
I was wondering how to create and debug this kind of script that can become a bit of headache if you are not used to write them (like me).
Do you use tool to create them?
Any tips to debug what's going on instead of just create a local structure and see what's happening in the browser?
Note to readers: the old answer doesn't work anymore.
As of version 2.4, Apache no longer allows the RewriteLogLevel and RewriteLog directives. Now they're all bundled with the single LogLevel directive (see Log Files documentation), which supports module-specific log levels with prefixes and trace[1-8] constants. To set the highest level of logging specifically for the rewrite module, you now use the following:
LogLevel warn rewrite:trace8
You can use any regex testing tool to help you testing your patterns against URLs (I'm using "The Regex Coach" -- Windows app). This will only help you with pattern -- you should already know the general logic / flow of how rewrite works.
To DEBUG you must be able to edit Apache config file -- use RewriteLogLevel 9 and RewriteLog /path/to/rewrite.log to see exact details on what is going on during URL rewriting (because it's a server config you will have to restart Apache to have new server config applied).
You need level 9 if you want to debug problematic rule. Level 3 or any other pretty low value will only show you overview on what is going on without going into details.
Do not use level 9 on busy/production server as it may generate huge log within few seconds.
If you need to do 301 (permanent) redirects -- do 302 instead during a testing period (until you are happy with the rule and results -- then change to 301) as modern browsers do cache 301 redirects .. so you may end up in frustrating situation when you have completely changed the rule (or even deleted it) but browser still does the redirects. The only cure in such cases: -- clear the browser cache and reload the page.
You can set RewriteLog directive in your virtualhost configuration
It will write necessary info to the file specified by you.
RewriteLog "/usr/local/var/apache/logs/rewrite.log"
Further, use RewriteLogLevel directive to control the amount of logging
RewriteLogLevel 3
read through
I am trying to create a secure download web app with the following scenario. Anybody know how this can be achieved:
1) The user is given a one-time URL
a) This one-time URL is stored in an Oracle DB mapped to the actual URL
2) When the user visits the one-time URL:
a) Apache module connects to the DB to see if the one-time URL exists
b) if it exists, apache does an internal rewrite to the actual URL
c) if not, then 404 or any sort of error (404 or something else) is good enough
2.a and 2.b are the what I am looking answers on. I am not sure how to do this and make sure the rewrites happen internally.
Thanks
This should be possible using the new dbd-type RewriteMap functionality available in the trunk version of Apache. Obviously with this being the current development branch of the server you'll need to be careful about config-breaking changes over time.
RewriteEngine On
RewriteMap urlmapper "dbd:SELECT redirect_url from my_table WHERE some_key = %s"
RewriteRule /one_time/(.+) ${urlmapper:$1|/404.html}
Of course you will need some additional logic for handling cases where no results are returned.
http://httpd.apache.org/docs/trunk/rewrite/rewritemap.html#dbd
AFAIK this is not possible just by apache. What you must want to do is:
Configure apache to redirect that unique links to a server script which will make the "magic" happen
the server script checks if the unique provided url is still valid and acts in accordance:
serves the file and invalidate (delete or mark as served) the unique-url row in database
replies with status 404 or redirects to a 404 page in other cases
The exact details on how to make things happen depends on the scripting engines available to you on the server, and your preferences. It can be done in a variety of engines, from php to cgi to .NET to asp and many others.
Figured this out... You can achieve this using XSEND (https://tn123.org/mod_xsendfile/)... Setup a php script to handle any URI's with file download and denied all access to the actual file directory so the only way to get the file it to force it through XSEND.