logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Alias ability, only for URLs, not Files/Directories
Author
cbas



Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN

PostPosted: Thu 26 May '22 21:00    Post subject: Alias ability, only for URLs, not Files/Directories Reply with quote

I need to be able to route to the same resources using different Locations, and without opening a new port.

I've been looking through Apache documentation. The answer is not jumping out at me.
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 145
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Sat 04 Jun '22 13:16    Post subject: Reply with quote

Maybe mod_rewrite could help you?

It might be easier for others to give some hints if you provide examples.
Back to top
cbas



Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN

PostPosted: Mon 06 Jun '22 21:26    Post subject: Reply with quote

I'm not sure what examples to give.

A little history...
We have a legacy app that we have a new requirement to bolt SAML SSO onto.

First of all, I know the "easy" way is to use a separate port. For us, the hard part is convincing our (government) client that it is necessary to open another port for us on each of their servers.

We do use RewriteCond/RewriteRule already to prevent proxy of certain URLs.

The trouble is, we literally are accessing the same URLs 2 different ways.
1) normal web-app use
2) publishing management use

There is an ancient publishing app called Zope we use. The Zope Manage Interface normally adds a suffix to the URL, so no problem - fixable with a regex. The problem comes in with the "Action" buttons in the ZMI. The form these buttons trigger POST the unaltered URL, and now instead add a payload.
The POSTing of this unaltered URL is the problem. The regex mentioned above cannot match it and as far as I can see, there is no Apache directive to match against a POST payload.
SAML sees the unaltered URL and redirects to its challenge page.

We cannot use REMOTE_HOST as a gate because access is from within the client's network.
Back to top
tangent



Joined: 16 Aug 2020
Posts: 215
Location: UK

PostPosted: Mon 06 Jun '22 22:45    Post subject: Reply with quote

For your ZMI "Action" buttons, could you use a rewrite condition to pick up the unaltered URL along with another condition to check for a POST method, and then modify the request with your required suffix?
Code:
RewriteCond "%{HTTP_HOST}" "xyz.com" [NC]
RewriteCond "%{REQUEST_METHOD}" "POST"

There may be some other request header conditions from ZMI you could include, to validate the redirection of these POST operations.

Beyond that, the only other option I can think of would be to write your own input filter to check for appropriate POST payloads, and modify the request as required. Non-trivial.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7128
Location: Germany, Next to Hamburg

PostPosted: Tue 07 Jun '22 11:36    Post subject: Reply with quote

Another idea might be to run the legacy app on a different port and use a reverse proxy setting to hide the other port.
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 145
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Tue 07 Jun '22 15:08    Post subject: Reply with quote

If you proxy a directory to another server absolute paths in the response are not modified. According to documentation only paths in HTTP-response (i.e. 301- or 302-responses) are modified if you requested to do so with ProxyPassReverse (if I got the documentation correct).

I've put my old Raspberry Pi into the notebook-webserver's /pi/-directory and resolved the problem with the absolute paths using mod_substitue as in the following example:
Code:
<Location "/pi">
    ProxyPass "https://192.168.0.245/"
    ProxyPassReverse "https://192.168.0.245/"
    AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html
    Substitute s|href="/|href="/pi/|
</Location>

Maybe this can be used as a blueprint for your exact problem?
Of course you can add multiple Subsitute-lines as required by your application (maybe another one for the action within your form-tags?).
Back to top
cbas



Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN

PostPosted: Tue 07 Jun '22 15:50    Post subject: Reply with quote

James Blond wrote:
Another idea might be to run the legacy app on a different port and use a reverse proxy setting to hide the other port.

Sorry, I'm not following. How would I "hide the other port"?

Will this expose the port without having to add it to DNS records?
Will I be able to use SERVER_PORT in an <If> later in the conf?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7128
Location: Germany, Next to Hamburg

PostPosted: Thu 09 Jun '22 8:41    Post subject: Reply with quote

Mr Addi only forgot to add the port in the example. You can have that of cause, too.

Code:

<VirtualHost *:80>
    ServerName www.example.com

    DirectoryIndex index.htm


    CustomLog "C:\nul" common

    DocumentRoot "C:\www"
    <Directory "C:\www">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    <Location "/pi">
        ProxyPass "https://192.168.0.245:8080/"
        ProxyPassReverse "https://192.168.0.245:8080/"
        AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html
        Substitute s|href="/|href="/pi/|
    </Location>
</VirtualHost>

[quote][/quote]
Back to top


Reply to topic   Topic: Alias ability, only for URLs, not Files/Directories View previous topic :: View next topic
Post new topic   Forum Index -> Apache