The setup I have is as follows:
I have one Apache server acting as a URL rewriting engine (SERVER1).
I have a second server (Apache too) which runs a web application (SERVER2). First tries to authenticate users. Part of the authentication protocol involves a lot of redirection between that application server and the authentication server.
My problem is that once the authencation is successfull, the authentication server needs to redirect the user back to the application server, which is only visible from SERVER1. Effectively, SERVER2 needs to be able to reconstruct a URL based on SERVER1's parameters.
Most of the environement variable are helpful i.e. I know the host name, script name, page called etcc but I can 't figure out wether the call was made through HTTP or HTTPS: that information is wiped in the rewrite process by SERVER1...
Anybody knows if/how I can get that information through environement variables? I am limited in that I can't use query string parameters...
Thanks all !
This may sound strange, but I have found part of the answer to my question.
The rewrite engine (at least in Apache 2, I haven't looked anywhere else) allows for writting extra request header.
The rule should look something like that.
RewriteRule .* -
[E=INFO_PATH_INFO:%{PATH_INFO},NE]
Put simple, it creates a new header called INFO_PATH_INFO and sets the value to PATH_INFO.
( For more info check out http://www.askapache.com/htaccess/crazy-advanced-mod_rewrite-tutorial.html )
Then it can be retrieved in any languages.
For info I am using Oracle's OWA which adds an extra layer of complication due to the fact that the default environment variables are limited to a few and additional variables need to be specified in thr dads.conf
Hope this will help anyone !
Related
I'm trying to set up a reverse proxy for single sign on to an application. the URL to reach my app and the defined authentication method is "http://servername.domain/app/main?authsource=sso_rp"
My current config just sends me to the application login prompt. I've tested my authentication source and confirmed its working. My question is, does my URL rewrite config look like it should? there are no conditions or variables defined. i know I'm missing something simple but this isn't documented on the vendor end so seeking your help.
I have a SignalR-service in two api-versions running in self-hosted Owin processes. I want to route traffic for api.service.com to either api1.service.com or api2.service.com depending on a http-header (api-ver) in a request. Is this possible to do with Owin middleware or in some other way without having to host this in IIS or using a 3rd party reverse proxy or similar? I was hoping it could be done with "Url Rewriting" but I don't know if this is possible in self-hosting?
Have you considered this, I am in the same boat and thinking it will resolve my problem. But to answer your question it does seem possible in self-hosted environments.
Owin.UrlRewrite
EDIT - This library doesn't work (at least I sure can't get it to work). I did experiment with an OWIN middleware of my own and it can be done with redirects but there is a flicker in the URL to essentially the hashtag url (before the client router kicks in (Aurelia in my case) and makes it the non-hash url). Best I can say is this is a limited use case (Self-hosting with need for URL Rewriting) as I cannot find a pre-made solution to do this.
I was working for the last 2 years on building a social network for companies using Grails.
A new requirement appeared which is creating separate virtual host for each company that will have it's own database of users, timelines, etc (I would like to avoid rewriting all the service layer)
So initially the application was running on http://www.my-social-network.com for example
Now using an admin console that we will have to develop, companies should be able to create their own subdomain like this : http://company1.my-social-network.com and so on.
The web server that we are using is Apache 2.2 + tomcat 6
Is there someone who has an idea about how to do it?
Ideally I want to have one instance of the application that receives requests with different host names so it can behave differently in order to save resources because Grails consumes too much memory.
For example :
subdomain1.my-social-network.com --> apache 2 --> my-social-network.com (+ specific headers) --> tomcat
If such thing was possible, is there a way to select a datasource depending on a request parameter or header?
Any help is appreciated
There are a number of different options you can take, but first you need to make a decision on how you are going to implement this at the lowest level:
You can take the requests to subdomain1.my-social-network.com and redirect the user to my-social-network.com.
Same as above but use HTTP 302, HTTP 303 or HTTP 307 instead.
Simply show the contents of the site, responding with HTTP 200 (probably the best approach as these domains are meant to be permanent). Further text assumes this option.
Next, you need to have a servlet filter which intercepts all HTTP traffic and has a map {virtual_path -> real_site}. This filter can simply set relevant request attribute (hint: servletRequest.setAttribute(String, Object)) when it detects that requested virtual path is recognized.
If a user creates/renames/deletes a domain/virtual path, you would populate the map accordingly.
Finally, your render component should check that parameter and render relevant site. It is really hard to elaborate further without knowing more details on how your application works.
I am trying to create a secure download web app with the following scenario. Anybody know how this can be achieved:
1) The user is given a one-time URL
a) This one-time URL is stored in an Oracle DB mapped to the actual URL
2) When the user visits the one-time URL:
a) Apache module connects to the DB to see if the one-time URL exists
b) if it exists, apache does an internal rewrite to the actual URL
c) if not, then 404 or any sort of error (404 or something else) is good enough
2.a and 2.b are the what I am looking answers on. I am not sure how to do this and make sure the rewrites happen internally.
Thanks
This should be possible using the new dbd-type RewriteMap functionality available in the trunk version of Apache. Obviously with this being the current development branch of the server you'll need to be careful about config-breaking changes over time.
RewriteEngine On
RewriteMap urlmapper "dbd:SELECT redirect_url from my_table WHERE some_key = %s"
RewriteRule /one_time/(.+) ${urlmapper:$1|/404.html}
Of course you will need some additional logic for handling cases where no results are returned.
http://httpd.apache.org/docs/trunk/rewrite/rewritemap.html#dbd
AFAIK this is not possible just by apache. What you must want to do is:
Configure apache to redirect that unique links to a server script which will make the "magic" happen
the server script checks if the unique provided url is still valid and acts in accordance:
serves the file and invalidate (delete or mark as served) the unique-url row in database
replies with status 404 or redirects to a 404 page in other cases
The exact details on how to make things happen depends on the scripting engines available to you on the server, and your preferences. It can be done in a variety of engines, from php to cgi to .NET to asp and many others.
Figured this out... You can achieve this using XSEND (https://tn123.org/mod_xsendfile/)... Setup a php script to handle any URI's with file download and denied all access to the actual file directory so the only way to get the file it to force it through XSEND.
Can anyone guide me for setting up suffix proxy server , so that user can access some specific sites cached in our campus server without doing any configuration in their browsers.
by suffix proxy i mean that if user wants to open http: //en.wikipedia.org/wiki/Proxy_server page then he should enter link:
http ://en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server (where campusproxy.net is our proxy server) and this requested page can be retrived from our proxy server in place of wikipedia.org
It's a redirect really - your server needs to have a url check that will catch the prefix portion of the url and for this you obviously need unlimited prefix's available from the registered domain URI then it just reforms the uri of the prefix makes the request for the page and then presents it as content to the user - normally you'll also inject a banner at the top of the page also.
so it goes
User - http-get en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server
your server takes this and creates "en.wikipedia.org/wiki/Proxy_server" via a script or what have you.
CAMPUSPROXY.NET http-get en.wikipedia.org/wiki/Proxy_server
inject the banner code into the webpage via a script or what have you.
probably also modify the html tags and headers to include your prefix proxy info
some knowledge of python - perl or whatever is all you need together with apache or similar server, their are of course scripts out there already but if you do that you'll learn nothing.