Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Alias ability, only for URLs, not Files/Directories |
|
| Author |
|
cbas
Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN
|
 Posted: Thu 26 May '22 21:00 Post subject: Alias ability, only for URLs, not Files/Directories |
 |
|
I need to be able to route to the same resources using different Locations, and without opening a new port.
I've been looking through Apache documentation. The answer is not jumping out at me. |
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
| Posted: Sat 04 Jun '22 13:16 Post subject: |
|
|
Maybe mod_rewrite could help you?
It might be easier for others to give some hints if you provide examples. |
|
| Back to top |
|
cbas
Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN
|
| Posted: Mon 06 Jun '22 21:26 Post subject: |
|
|
I'm not sure what examples to give.
A little history...
We have a legacy app that we have a new requirement to bolt SAML SSO onto.
First of all, I know the "easy" way is to use a separate port. For us, the hard part is convincing our (government) client that it is necessary to open another port for us on each of their servers.
We do use RewriteCond/RewriteRule already to prevent proxy of certain URLs.
The trouble is, we literally are accessing the same URLs 2 different ways.
1) normal web-app use
2) publishing management use
There is an ancient publishing app called Zope we use. The Zope Manage Interface normally adds a suffix to the URL, so no problem - fixable with a regex. The problem comes in with the "Action" buttons in the ZMI. The form these buttons trigger POST the unaltered URL, and now instead add a payload.
The POSTing of this unaltered URL is the problem. The regex mentioned above cannot match it and as far as I can see, there is no Apache directive to match against a POST payload.
SAML sees the unaltered URL and redirects to its challenge page.
We cannot use REMOTE_HOST as a gate because access is from within the client's network. |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 348
Location: UK
|
| Posted: Mon 06 Jun '22 22:45 Post subject: |
|
|
For your ZMI "Action" buttons, could you use a rewrite condition to pick up the unaltered URL along with another condition to check for a POST method, and then modify the request with your required suffix?
| Code: | RewriteCond "%{HTTP_HOST}" "xyz.com" [NC]
RewriteCond "%{REQUEST_METHOD}" "POST" |
There may be some other request header conditions from ZMI you could include, to validate the redirection of these POST operations.
Beyond that, the only other option I can think of would be to write your own input filter to check for appropriate POST payloads, and modify the request as required. Non-trivial. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Tue 07 Jun '22 11:36 Post subject: |
|
|
| Another idea might be to run the legacy app on a different port and use a reverse proxy setting to hide the other port. |
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
| Posted: Tue 07 Jun '22 15:08 Post subject: |
|
|
If you proxy a directory to another server absolute paths in the response are not modified. According to documentation only paths in HTTP-response (i.e. 301- or 302-responses) are modified if you requested to do so with ProxyPassReverse (if I got the documentation correct).
I've put my old Raspberry Pi into the notebook-webserver's /pi/-directory and resolved the problem with the absolute paths using mod_substitue as in the following example:
| Code: | <Location "/pi">
ProxyPass "https://192.168.0.245/"
ProxyPassReverse "https://192.168.0.245/"
AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html
Substitute s|href="/|href="/pi/|
</Location> |
Maybe this can be used as a blueprint for your exact problem?
Of course you can add multiple Subsitute-lines as required by your application (maybe another one for the action within your form-tags?). |
|
| Back to top |
|
cbas
Joined: 12 Jan 2022
Posts: 11
Location: Bloomington, MN
|
| Posted: Tue 07 Jun '22 15:50 Post subject: |
|
|
| James Blond wrote: | | Another idea might be to run the legacy app on a different port and use a reverse proxy setting to hide the other port. |
Sorry, I'm not following. How would I "hide the other port"?
Will this expose the port without having to add it to DNS records?
Will I be able to use SERVER_PORT in an <If> later in the conf? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Thu 09 Jun '22 8:41 Post subject: |
|
|
Mr Addi only forgot to add the port in the example. You can have that of cause, too.
| Code: |
<VirtualHost *:80>
ServerName www.example.com
DirectoryIndex index.htm
CustomLog "C:\nul" common
DocumentRoot "C:\www"
<Directory "C:\www">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location "/pi">
ProxyPass "https://192.168.0.245:8080/"
ProxyPassReverse "https://192.168.0.245:8080/"
AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html
Substitute s|href="/|href="/pi/|
</Location>
</VirtualHost>
[quote][/quote] |
|
|
| Back to top |
|
|
|
|
|
|
