Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to rewrite Location response header in a proxy setup with Apache?

I have a primary proxy which sends requests to a secondary proxy on which OpeenSSO is installed.

If the OpenSSO agent determines that the user is not logged in, it raises a 302 redirect to the authentication server and provides the original (encoded) URL that the user requested as a GET parameter in the redirect location header.

However, the URL in the GET variable is that of the internal (secondary) proxy server, not the original proxy server. Therefore, I would like to edit/rewrite the "Location" response header to give the correct URL.

E.g.

  1. http://a.com/hello/ (Original requested URL)
  2. http://a.com/hello2/ (Secondary proxy with OpenSSO agent)
  3. http://auth.a.com/login/?orig_request=http%3A%2F%2Fa.com%2Fhello2%2F (302 redirect to auth server with requested URL of second proxy server encoded in GET variable)
  4. http://auth.a.com/login/?orig_request=http%3A%2F%2Fa.com%2Fhello%2F (Encoded URL is rewritten to that of the original request)

I have tried pretty much all combinations of headers and rewrites without luck so I'm thinking it may not be possible. The closest I got was this, but the mod_headers edit function does not parse environment variables.

# On the primary proxy.
RewriteEngine On
RewriteRule ^/(.*)$ - [E=orig_request:$1,P]
Header edit Location ^(http://auth\.a\.com/login/\?orig_request=).*$ "$1http%3A%2F%2Fa.com%2F%{orig_request}e"
like image 219
xeonman9000 Avatar asked Apr 30 '13 10:04

xeonman9000


People also ask

What is ProxyPass and ProxyPassReverse in Apache?

ProxyPassReverse will intercept those headers, and rewrite them to match the Apache proxy server. ProxyPass will create a reverse proxy. A reverse proxy (or gateway), appears to the client just like an ordinary web server. The client makes ordinary requests for content in the namespace of the reverse proxy.

Can Apache be used as a proxy?

In addition to being a "basic" web server, and providing static and dynamic content to end-users, Apache httpd (as well as most other web servers) can also act as a reverse proxy server, also-known-as a "gateway" server.

What is mod_proxy in Apache?

mod_proxy is an optional module for the Apache HTTP Server. This module implements a proxy, gateway or cache for Apache. It implements proxying capability for AJP13 (Apache JServ Protocol version 1.3), FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and (since Apache 1.3. 23) HTTP/1.1.

What is ProxyPassReverse?

ProxyPassReverse. The directive ProxyPassReverse lets Apache adjust the URL in the Location header on HTTP redirect responses. For instance this is essential when Apache is used as a reverse proxy to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.


1 Answers

ProxyPassReverse

ProxyPassReverse should do this for you:

This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses.

I'm not sure why your reverse proxy isn't behaving this way already, assuming you're using a pair of ProxyPass and ProxyPassReverse directives to define it.

Editing the Location Header

If you want to be able to edit the Location header as you describe, you can do it as of Apache 2.4.7:

For edit there is both a value argument which is a regular expression, and an additional replacement string. As of version 2.4.7 the replacement string may also contain format specifiers.

The "format specifiers" mentioned in the docs include being able to use environment variables, e.g. %{VAR}e.

You might also want to consider modifying your application such that the orig_request URL parameter is relativized, thus potentially eliminating the need for Header edits with environment variables.

Relative Path Location Header

You can also try using a relative path in your Location header, which would eliminate the need to explicitly map one domain to the other. This is officially valid as of RFC 7231 (June 2014), but was was widely supported even before that. You can relativize your Location header using Apache Header edit directives (even prior to version 2.4.7, since it wouldn't require environment variable substitution). That would look something like this:

Header edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:\d+)?/" "/"
like image 199
BrianV Avatar answered Sep 19 '22 13:09

BrianV