httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Shoemaker <ryan.shoema...@enterprisedb.com>
Subject [users@httpd] Preserving in-bound address through reverse proxy
Date Mon, 25 Jun 2018 16:13:45 GMT
Hi,

We have a reverse proxy configured to route in-bound traffic to one of 
two different applications.  Here's our proxy conf:

ProxyPass /foo !
ProxyPass / http://localhost:8080/

There's an instance of Tomcat running on port 8080.

I'm trying to determine if it is possible to preserve the original 
in-bound address on the requests routed to localhost:8080.  What I'm 
observing is that the servlet sees all in-bound traffic addressed to 
"http://localhost:8080" rather than the real external address of my 
server.  For example, when a client sends a request to 
"https://myserver.com/api/v3/blah", the reverse proxy routes the request 
to "http://localhost:8080/api/v3/blah" and so the servlet sees the 
request addressed to "http://localhost:8080" rather than 
"https://myserver.com".

I read through the docs for mod_proxy and mod_env thinking that I could 
use those to inject the correct information, but can't quite get it 
working.  For example:

PassEnv SERVER_PROTOCOL SERVER_NAME SERVER_PORT
RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" 
"%{SERVER_PROTOCOL}e://%{SERVER_NAME}e:%{SERVER_PORT}e"

I'm pretty sure I'm misusing PassEnv here, but the idea was to rewrite 
the "Location" header as it is passing through the reverse proxy so it 
preserves the original request info.

I can *remove* the wrong server address with this:

RequestHeader edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)(:[0-9]+)" ""

but I can't inject (or preserve) the correct information.

I'm aware that the proxy injects X-Forwarded-For, X-Forwarded-Host, and 
X-Forwarded-Server, but that's not enough information to fully 
reconstruct the original request address (including scheme and port 
number).

I also tried using:

ProxyPreserveHost On

Which mostly seems to work, but loses the correct scheme - when my 
client requests "https://...", the reverse proxy sends that to "http://...".

Is there any way to preserve the original requested address as it passes 
through the proxy?

Thanks,

--Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message