Apache as Reverse Proxy for UWC and Webmail
Hi,
for several reasons i want to use apache 2 as reverse proxy and ssl accelerator for UWC.
internet <-> apache/ssl <-> backend port 80
I configured my apache with mod_proxy and mod_proxy_html.
Here are the concerning config lines:
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
ProxyPass / http://backend.domain.com/
ProxyPassReverse / http://backend.domain.com/
<Location />
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /
ProxyHTMLURLMap http://backend.domain.com:80/ http://webplex.domain.com/
ProxyHTMLExtended On
RequestHeader unset Accept-Encoding
</Location>For Webmail this configuration works most of the time. There are some minor problems in ie with the folder view. But the real problem is: I can't get UWC to work. The problem seems to be that mod_proxy_html can't replace all of the occurences of backend.domain.com in the html pages.
Especially:
onsubmit="handleSubmit()" action="http://webplex.domain.com/amserver/UI/Login?goto=http://backend.domain.com:80/uwc/&gotoOnFail=http://backend.domain.com:80/uwc/?err=1&module=LDAP" method="POST">in the uwc login page.
So my question is:
Is anybody out there who got apache working as reverse proxy for uwc?
Thanks a lot.
PS1:Solaris 10 on V20z, JES2005Q4
PS2: I already configured UWC with the reverse plugin for sun webserver on backend host so that uwc is working through port 80 only. So there should be no problems arise from that.
Hopefully, you'll hear from somebody. I have zero knowledge or experience with Apache.
Similar Messages
-
How To configure Apache As Reverse Proxy for SharePoint Application
Hi,
I recently integrated Apache as ReverseProxy for SharePoint 2010. When accessing the SharePoint application via the reverse proxy url e.g. http://<reverse-proxy-url>/SitePages/Home.aspx the images/css and JavaScript files does not comeup
fine.
I had defined the following mapping in the httpd.conf file.
ProxyPass /SitePages http://<actual-url>/SitePages
<Location /SitePages>
ProxyPassReverse http://<actual-url>/SitePages
SetEnv force-nokeepalive 1
</Location>
Regards,
Bunty RayHi Trevor,
I did not understand your point. Currently i tried the following in the httpd.conf as well, but still did not help
######Mapping SharePoint Server#######
ProxyPass /SitePages http://<actual-url>/SitePages
ProxyPass /WebResource.axd http://<actual-url>/WebResource.axd
ProxyPass /ScriptResource.axd http://<actual-url>/ScriptResource.axd
<Location /SitePages>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/SitePages
ProxyHTMLURLMap /SitePages http://<actual-url>/SitePages ec
ProxyHTMLURLMap http://<actual-url>/SitePages /SitePages ec
SetEnv force-nokeepalive 1
SetEnv force-proxy-request-1.01
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /ScriptResource.axd>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/ScriptResource.axd
ProxyHTMLURLMap /ScriptResource.axd http://<actual-url>/ScriptResource.axd ec
ProxyHTMLURLMap http://<actual-url>/ScriptResource.axd /ScriptResource.axd ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /WebResource.axd>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/WebResource.axd
ProxyHTMLURLMap /WebResource.axd http://<actual-url>/WebResource.axd ec
ProxyHTMLURLMap http://<actual-url>/WebResource.axd /WebResource.axd ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /_layouts>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/_layouts
ProxyHTMLURLMap /_layouts/1033/styles/Themable http://<actual-url>/_layouts/1033/styles/Themable ec
ProxyHTMLURLMap http://<actual-url>/_layouts/1033/styles/Themable /_layouts/1033/styles/Themable ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
Regards,
Bunty Ray -
Reverse proxy for internal and external
Hello,
BM1 is our main BM3.9 Box. I have reverse proxy configured for webaccess and to release emails from our spam filter externally (this works). This BM server also is our external DNS, and our default route for Internet traffic.
Another BM box is our internal DNS.
I need to modify BM1 config to enable client internally to release emails from our spam filtering software. The error issued is 504 Gateway timeout.
Do I just add the internal ip address to the BM1 accelerator entry meaning that the same accel will listen for both internal and external addresses ?
Any help is appreciated
Regards
Brianbdavis97,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
I want to access uwc thru "http://hostname.domain" instead of "http://hostname.domain/uwc".
In my server, I have installed web server, access manager, messaging express, portal server and uwc. I have also configured Messaging Express Multiplexor and it's working fine.
Any ideas?This is the web server access logs when i try to login:
192.168.1.115 - - [29/Sep/2006:13:33:49 +0800] "POST /amserver/UI/Login?goto=http://portal.tm.net.my:80/uwc/&gotoOnFail=http://portal.tm.net.my:80/uwc/?err=1&module=LDAP&org=tm.net.my HTTP/1.1" 302 0
192.168.1.115 - - [29/Sep/2006:13:33:49 +0800] "GET /uwc/?err=1 HTTP/1.1" 200 60
192.168.1.115 - - [29/Sep/2006:13:33:49 +0800] "GET /uwc/auth?err=1 HTTP/1.1" 200 7907
Previously it's working well. What it shows on the screen is:
Authentication Failed
Reenter your username and password.
I'm very sure that this user can log in previously and nothing has been changed for htis user. -
Is it possible IIS reverse Proxy for WAS ( BSP) ?????
Hi
I am able to setup IIS reverse proxy for Portal and other some internal website and it works well from outside the firewall. But for WAS (for BSP application), it repeatly prompt login screen even after gave correct user ID and password when call through proxy. But it work inside firewall.
So really wonder is it possible to use IIS reverse proxy for WAS?
Thanks
RaibinHi Raja
Thanks for your message. But I already read this same and many other BLOGs. Everything talk about manything. And nothing helped me to find the solution. But friday I found the solution myself and happy to share with you and all others.
The problem was related to the extra string getting added with in url to replace /bsp/ to /bsp(xxxxxxxxxxxxx)/ and finally when I put the entry as below in my IISProxy.xml file, everything became OK.
And I saw so many question related to EP 7.0 for outside access. There is one extra entry we have to put for webdynpro to make EP 7.0 working outside specially for admin screens.
In the below example 'sapep' is Portal and 'sapecc' is ECC 5.0 server.
<ISAPI-config version="1.6">
<filter name="IisProxy filter" />
<extension name="IisProxy extension" />
<mapping name="PORTAL">
<source>
<protocol>http</protocol>
<prefix>/irj</prefix>
<new-prefix>/irj/</new-prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/logon/</prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/webdynpro/</prefix>
</source>
<target>
<protocol>http</protocol>
<host>sapep.domain.com</host>
<port>50000</port>
</target>
</mapping>
<mapping name="BSP">
<source>
<protocol>http</protocol>
<prefix>/sap/</prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/sap(bD1lbiZjPTA5NiZkPW1pbg==)/</prefix>
</source>
<target>
<protocol>http</protocol>
<host>sapecc.domain.com</host>
<port>1080</port>
</target>
<compress-types>text/html, text/plain</compress-types>
</mapping>
</ISAPI-config>
I hope this will many to solve their problems.
Thanks
Raibin -
Apache as a reverse proxy for E-recruiting
We are trying to use apache as a reverse procy for e-recruting. The call to the web proxy is being forwareded correctly but whereas if the page is opened directly on the e-recruiting box it opens a page with a bsp generated logon screen, when using the portal it generates a window dialog for logon and i the get the following message :
BSP Exception: Das Objekt sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do in der URL /sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do?sap-client=100&sap-language=EN&BspClient=100&BspLanguage=EN&rcfSpId=0003&rcfContext=LMUGEN ist nicht gültig.
Has anyone done apache as a proxy for e-recruting who can share an example or offer any advice?
ThanksHi Richard,
you can take this link as a starting point: /people/sap.user72/blog/2006/04/18/the-reverse-proxy-series--part-32-apache-as-a-complex-reverse-proxy
In your case it seems to me that "/sap/bc/bsp/sap/hrrcf_start_int" gets concatenated 2 more times in your URL than it should.
That looks like a loop resp. an apache directive which gets executed too often.
regards, Norbert -
Setting apache reverse proxy for EP6SP2
Hi friends,
I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
The following changes has been dont to httpd.conf:
NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ProxyRequests Off
ServerName ep6.xyz.com
ProxyPreserveHost On
proxyPass / http://ep6.xyz.com:50000/
proxyPassReverse / http://ep6.xyz.com:50000/
ErrorLog logs/base.80.error.log
CustomLog logs/base.80.custom.log common
</VirtualHost>
Help needed.
Regards,
NilzHi,
I have a problem with my proxy:
ssl.conf.in like
ProxyPass /irj http://debmsu06.server.###.de:50300/irj
ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
RewriteRule ^/$ /irj/portal [R]
If I use URL:
https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
but if I use
https://bebuyer.###.de/irj/
I get the info:
https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
What is happened? How I can redirect to /irj/portal?
Of course I can use
http://debmsu06.server.###.de:50300/irj/
Could you please give me some tips?
Best Thanks!
Heren Zhou -
Reverse Proxy for SharePoint 2013
Hi,
I need to setup SharePoint 2013 environment which needs to be accessible from mobile devices e.g. iPAD/Android, for reverse proxy, I am looking at apache or IIS ARR since UAG is going to be deprecated. So far any one setup apache (on
RHEL 6.x)
or IIS ARR(on W2K8R2) successfully as reverse proxy for SharePoint 2013 access? Is there any issue? and which SharePoint authentication method should be configured?
Must is be Form based authentication? As I read some articles it seems ARR supports Windows authentication. Thanks in advance.IIS ARR doesn't authenticate users, it is a pass-through (unlike UAG which can do auth or anon). Both IIS AAR and the new Web Proxy Role in Server 2012 R2 do not work with SharePoint 2013 Apps.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Apache as reverse proxy - 400 Bad request
Hi all,
I'm configured apache as reverse proxy according to this blog:
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
When I try to navigate http://testcomp/irj I get "400 - Bad request"
See exception;
<i>Message : User Guest, IP address
Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
GET /irj HTTP/1.1
Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Severity : Error
Category :
Location : com.sap.engine.services.httpserver
Application :
Thread : SAPEngine_Application_Thread[impl:3]_32
Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
Source Name : com.sap.engine.services.httpserver
Argument Objs :
Arguments :
Dsr Component :
Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
Dsr User :
Indent : 0
Level : 0
Message Code :
Message Type : 0
Relatives :
Resource Bundlename :
Session : 2
Source : com.sap.engine.services.httpserver
ThreadObject : SAPEngine_Application_Thread[impl:3]_32
Transaction :
User : Guest</i>
The lines I added to http.conf
<i>#Enable reverse-proxying
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://testcomp/logon</i>
I tried with apache version 2.2.3 & 2.0.59 with no success.
My J2EE/Portal version is 6.17.
Since this is a testing environment the two computers are under the same workgroup (no domain).
If I naviagte directly to the portal (without the reverse proxy) everything is working.
How can I solve it?
Regards,
OmriHi Jakub,
Thanks for the answer.
It's not working for me...
I'm attaching my httpd.conf file.
Also, what apache version do you use?
Can you send me your post your httpd.conf file?
Thanks,
Omri
httpd.conf
This is the main Apache HTTP server configuration file. It contains the
configuration directives that give the server its instructions.
See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
In particular, see
<URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
for a discussion of each configuration directive.
Do NOT simply read the instructions in here without understanding
what they do. They're here only as hints or reminders. If you are unsure
consult the online docs. You have been warned.
Configuration and logfile names: If the filenames you specify for many
of the server's control files begin with "/" (or "drive:/" for Win32), the
server will use that explicit path. If the filenames do not begin
with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
with ServerRoot set to "c:/apache" will be interpreted by the
server as "c:/apache/logs/foo.log".
NOTE: Where filenames are specified, you must use forward slashes
instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
If a drive letter is omitted, the drive on which Apache.exe is located
will be used by default. It is recommended that you always supply
an explicit drive letter in absolute paths, however, to avoid
confusion.
ThreadsPerChild: constant number of worker threads in the server process
MaxRequestsPerChild: maximum number of requests a server process serves
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot: The top of the directory tree under which the server's
configuration, error, and log files are kept.
Do not add a slash at the end of the directory path. If you point
ServerRoot at a non-local disk, be sure to point the LockFile directive
at a local disk. If you wish to share the same ServerRoot for multiple
httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "c:/apache"
Listen: Allows you to bind Apache to specific IP addresses and/or
ports, instead of the default. See also the <VirtualHost>
directive.
Change this to Listen on specific IP addresses as shown below to
prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#Listen 12.34.56.78:80
Listen 80
Dynamic Shared Object (DSO) Support
To be able to use the functionality of a module which was built as a DSO you
have to place corresponding `LoadModule' lines at this location so the
directives contained in it are actually available before they are used.
Statically compiled modules (those listed by `httpd -l') do not need
to be loaded here.
Example:
LoadModule foo_module modules/mod_foo.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
<b>LoadModule proxy_module modules/mod_proxy.so</b>
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
<b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so
'Main' server configuration
The directives in this section set up the values used by the 'main'
server, which responds to any requests that aren't handled by a
<VirtualHost> definition. These values also provide defaults for
any <VirtualHost> containers you may define later in the file.
All of these directives may appear inside <VirtualHost> containers,
in which case these default settings will be overridden for the
virtual host being defined.
ServerAdmin: Your address, where problems with the server should be
e-mailed. This address appears on some server-generated pages, such
as error documents. e.g. [email protected]
ServerAdmin @@ServerAdmin@@
ServerName gives the name and port that the server uses to identify itself.
This can often be determined automatically, but we recommend you specify
it explicitly to prevent problems during startup.
If your host doesn't have a registered DNS name, enter its IP address here.
ServerName localhost:80
DocumentRoot: The directory out of which you will serve your
documents. By default, all requests are taken from this directory, but
symbolic links and aliases may be used to point to other locations.
DocumentRoot "c:/apache/htdocs"
Each directory to which Apache has access can be configured with respect
to which services and features are allowed and/or disabled in that
directory (and its subdirectories).
First, we configure the "default" to be a very restrictive set of
features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
</Directory>
Note that from this point forward you must specifically allow
particular features to be enabled - so if something's not working as
you might expect, make sure that you have specifically enabled it
below.
This should be changed to whatever you set DocumentRoot to.
<Directory "c:/apache/htdocs">
Possible values for the Options directive are "None", "All",
or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Note that "MultiViews" must be named explicitly --- "Options All"
doesn't give it to you.
The Options directive is both complicated and important. Please see
http://httpd.apache.org/docs/2.2/mod/core.html#options
for more information.
Options Indexes FollowSymLinks
AllowOverride controls what directives may be placed in .htaccess files.
It can be "All", "None", or any combination of the keywords:
Options FileInfo AuthConfig Limit
AllowOverride None
Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
DirectoryIndex: sets the file that Apache will serve if a directory
is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
The following lines prevent .htaccess and .htpasswd files from being
viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
ErrorLog: The location of the error log file.
If you do not specify an ErrorLog directive within a <VirtualHost>
container, error messages relating to that virtual host will be
logged here. If you do define an error logfile for a <VirtualHost>
container, that host's errors will be logged there and not here.
ErrorLog logs/error.log
LogLevel: Control the number of messages logged to the error_log.
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
<IfModule log_config_module>
The following directives define some format nicknames for use with
a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
The location and format of the access logfile (Common Logfile Format).
If you do not define any access logfiles within a <VirtualHost>
container, they will be logged here. Contrariwise, if you do
define per-<VirtualHost> access logfiles, transactions will be
logged therein and not in this file.
CustomLog logs/access.log common
If you prefer a logfile with access, agent, and referer information
(Combined Logfile Format) you can use the following directive.
#CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
Redirect: Allows you to tell clients about documents that used to
exist in your server's namespace, but do not anymore. The client
will make a new request for the document at its new location.
Example:
Redirect permanent /foo http://www.example.com/bar
Alias: Maps web paths into filesystem paths and is used to
access content that does not live under the DocumentRoot.
Example:
Alias /webpath /full/filesystem/path
If you include a trailing / on /webpath then the server will
require it to be present in the URL. You will also likely
need to provide a <Directory> section to allow access to
the filesystem path.
ScriptAlias: This controls which directories contain server scripts.
ScriptAliases are essentially the same as Aliases, except that
documents in the target directory are treated as applications and
run by the server when requested rather than as documents sent to the
client. The same rules about trailing "/" apply to ScriptAlias
directives as to Alias.
ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
</IfModule>
"c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
CGI directory exists, if you have that configured.
<Directory "c:/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Apache parses all CGI scripts for the shebang line by default.
This comment line, the first line of the script, consists of the symbols
pound (#) and exclamation followed by the path of the program that
can execute this specific script. For a perl script, with perl.exe in
the C:\Program Files\Perl directory, the shebang line should be:
#!c:/program files/perl/perl
Note you mustnot_ indent the actual shebang line, and it must be the
first line of the file. Of course, CGI processing must be enabled by
the appropriate ScriptAlias or Options ExecCGI directives for the files
or directory in question.
However, Apache on Windows allows either the Unix behavior above, or can
use the Registry to match files by extention. The command to execute
a file of this type is retrieved from the registry by the same method as
the Windows Explorer would use to handle double-clicking on a file.
These script actions can be configured from the Windows Explorer View menu,
'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
button allows you to modify the Actions, of which Apache 1.3 attempts to
perform the 'Open' Action, and failing that it will try the shebang line.
This behavior is subject to change in Apache release 2.0.
Each mechanism has it's own specific security weaknesses, from the means
to run a program you didn't intend the website owner to invoke, and the
best method is a matter of great debate.
To enable the this Windows specific behavior (and therefore -disable- the
equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
The directive above can be placed in individual <Directory> blocks or the
.htaccess file, with either the 'registry' (Windows behavior) or 'script'
(Unix behavior) option, and will override this server default option.
DefaultType: the default MIME type the server will use for a document
if it cannot otherwise determine one, such as from filename extensions.
If your server contains mostly text or HTML documents, "text/plain" is
a good value. If most of your content is binary, such as applications
or images, you may want to use "application/octet-stream" instead to
keep browsers from trying to display binary files as though they are
text.
DefaultType text/plain
<IfModule mime_module>
TypesConfig points to the file containing the list of mappings from
filename extension to MIME-type.
TypesConfig conf/mime.types
AddType allows you to add to or override the MIME configuration
file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
AddEncoding allows you to have certain browsers uncompress
information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
If the AddEncoding directives above are commented-out, then you
probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler allows you to map certain file extensions to "handlers":
actions unrelated to filetype. These can be either built into the server
or added with the Action directive (see below)
To use CGI scripts outside of ScriptAliased directories:
(You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
For type maps (negotiated resources):
#AddHandler type-map var
Filters allow you to process content before it is sent to the client.
To parse .shtml files for server-side includes (SSI):
(You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
The mod_mime_magic module allows the server to use various hints from the
contents of the file itself to determine its type. The MIMEMagicFile
directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
Customizable error responses come in three flavors:
1) plain text 2) local redirects 3) external redirects
Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
EnableMMAP and EnableSendfile: On systems that support it,
memory-mapping or the sendfile syscall is used to deliver
files. This usually improves server performance, but must
be turned off when serving from networked-mounted
filesystems or if support for these functions is otherwise
broken on your system.
#EnableMMAP off
#EnableSendfile off
Supplemental configuration
The configuration files in the conf/extra/ directory can be
included to add extra features or to modify the default configuration of
the server, or you may simply copy their contents here and change as
necessary.
Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
Language settings
#Include conf/extra/httpd-languages.conf
User home directories
#Include conf/extra/httpd-userdir.conf
Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
Virtual hosts
#Include conf/extra/httpd-vhosts.conf
Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
Various default settings
#Include conf/extra/httpd-default.conf
Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Note: The following must must be present to support
starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<b>ProxyPreserveHost On
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://sapportal:50000/irj
#ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://sapportal:50000/logon
#ProxyPassReverse /logon http://testcomp/logon</b> -
Question on Apache as reverse proxy
Hi, all.
We are currently using Apache 2.2.10 as the reverse proxy for the EP 7.3.1. All of the apps are webdynpro for Abap based in ECC.
In 2 of the WDA apps, we get intermittent blue circle of death. The user action can be totally random in the apps when they hit the problem. So far, we are not able to reproduce it. When the spinning circle happens, SM04 and SM50 in ECC show no activity from that user. There is nothing from SM21, ST05(abap and sql trace) or the dev_* trace files. I don't think SAP is running anything for that user when that happens. Ultimately, the user will get a "bad request" or HTTP 400 from the Apache server.
Here is what I see from the apache access log and error log:
[31/Jul/2014:23:50:26 -0400] TLSv1 AES128-SHA "POST /sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=VcFRQjFOvu8TJYp9gDoeAA--4x1GQAg0MPPjCUEQif5iWQ--?sap-contextid=SID%3aANON%3asapprd_PR3_03%3aezUnW-FXtaYVyXREaAD7rxW0k8o5pk_n9RfjPfcB-NEW HTTP/1.1" 400 3004 "https://xxxxx/sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=VcFRQjFOvu8TJYp9gDoeAA--4x1GQAg0MPPjCUEQif5iWQ--" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" 706345611
[Fri Aug 01 14:19:07 2014] [error] [client 10.4.53.198] (70014)End of file found: proxy: error reading status line from remote server xxxxxx, referer: https://xxxxx/sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=RaH2yjQlV6o7wVaj6wv6zA--LXTMFzjjKvcuwT*DXWoBmA--
Have you seen this error before? If you are using apache as the reverse proxy, would you mind to share the parameters you have?
Thanks,
Jonathan.Hi, Lawrence.
The reason I am posting is because we couldn't isolate the source of the problem. I know that the Apache server is 7 years old. But the apache team is only thinking of updating it to 2.2.27 until later this year, nevermind the version 2.4. Chances are there will be delays as the apache is shared by a lot of other non-sap apps.
Would you be able to share your troubleshooting experience? How do you pinpoint that this is an Apache issue? Right now the Apache team is saying that this is an SAP issue. But since we cannot reproduce the problem and we are not allowed to take Apache out temporarily or selectively(as per Corporate policy), everything is possible.
Thanks,
Jonathan. -
Issues using IIS 8.5 with ARR 3.0 as Reverse Proxy for Lync 2013
Dear reader, after searching for a day without finding a solution to my problem I end up here ;-)
Working Lync 2013 environment (gradually adding functionality) consisting of 2 FE servers, Persistent Chat Server, Web Apps server, Edge Server, Reverse Proxy Server (IIS 8.5/ARR 3.0), SQL Server.
Set up a fresh Windows 2012 R2 with IIS 8.5, installed ARR 3.0 and followed along this
TechNet article.
So far so good, external clients (incl. mobile phone apps) can all connect.
Now trying to add Web Apps to the reverse proxy, which is slightly different from the others by not forwarding 80/8080 and 443/4443, but just 80 and 443 to internal Web Apps server.
After creating the server farm/URL rewrite, browsing to the webapps.FQDN/hosting/discovery ends up with a 404 error (instead of XML, which is shown when try from the LAN).
After moving this rewrite rule to the top, it started working, but now my lyncdiscover.FQDN stops working.
Ofcourse moving the webapps rule down restores the lyncdiscover.
Any ideas? (everything setup as described in above mentioned TechNet article, so using wildcards. Tried fiddling around with webext.* and lyncdiscover.* and so, but no luck. (I'm completely new to ARR)
Thanks,
BarryCan you confirm that for each URL Rewrite Rule, you have an {http_host} record that matches something like webext.* as you referenced above and as seen in step 15 here:
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
It might help if you posted a screenshot of your URL rewrite rules.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Iview capable of performing reverse proxy for application integration.
Is there a iview in EP capable of reverse proxying a web application. We are attempting to setup
our production landscape. We can of course use apache to reverse proxy applications hidden behind our dmz by punching a bunch of holes through our firewall. This is not something we wish wish to do as it totally circumvents the safety imposed by our firewalls and dmz. Not having this capability causes all sorts of difficulties with application integration, cross domain scripting issues as well as administrative burden by having to maintain, secure and expose these internally hosted applications.
If this functionality does not exist in out of the box EP, does anyone know a third
party that offers this?
Thanks
Cliff BaesemanCliff,
I am not sure I understood your question correctly.
EP is an application running on NetWeaver Application Server. This AS has a component called as Web dispatcher which works like a reverse proxy but isn't meant to proxy applications running on a different server other than NetWeaver AS.
Where is your web application deployed?
More info needed.
Regards,
Kiran -
Reverse Proxy for OIF on iPlanet
hi,
I am trying to implement reverse proxy for OIF r3 Identity Provider on iPlanet.
I configured the obj.conf of iPlanet accordingly.
<Object name="passthrough1">
Service fn="service-passthrough" servers="http://backendIDP.com:80"
Error reason="Bad Gateway" fn="send-error" uri="C:/Sun/WebServer6.1/docs/badgateway.html"
</Object>
<Object Default>
NameTrans fn="assign-name" from="/fed/" name="passthrough1"
NameTrans fn="assign-name" from="/fed/*" name="passthrough2"
</Object>
when i tried the IDP initiated proxy url in a browser like (http://proxy.com/fed/idp/initiatesso?providerid=XXXXXXXX&returnurl=YYYY)
immediately its being forwaded to backend Identity Provider for authentication like(http://backendIDP.com/sso/jsp/salogin.jsp?doneURL=/user/loginsso&refID=id-ysJ-7-1PR9k-QI2bg9zZkPdyHPw-)
I was expecting that it is redirected to Proxy URL like (http://proxy.com/sso/jsp/salogin.jsp?doneURL=/user/loginsso&refID=id-ysJ-7-1PR9k-QI2bg9zZkPdyHPw-)
At the end it is giving me null pointer exception instead of return URL "YYYYY"
Does any one know how to fix the error.web or weblogic.xml files on your RPS needs to define for each case like if inbound port is 7011 then send it to PIA:7011 and http and the same for 7012 then send it to PIA:7012 and https. in the webprofile configuration for your RPS profile, set both https and http relative URLS. I believe you could start using this info and I am sure you could figure out the rest.
-
Reverse Proxy plug in and Load Balancer Plug in
Hi,
Can anyone please provide me with an example obj.conf file showing how to combine the reverse proxy plug-in and Load Balancer plug-in.
I would like to use the reverse proxy plug in to detect when static content is requested and provide this from the web server. Requests for dynamic content would then be forwarded to an Application server via the Load balancer plug-in. I have found plenty of documentation on how to configure these plug-in separately but nothing on how to combine the two.smiking
reverse proxy plugin - its job is to forward the requests to another server for a specific task. you can use the webserver 7 . it does forward and limited load balancing (using round robin ) based on the number of servers you provide in the configuration. i would say this is a poor man's setup.
load balancer plugin - some app servers like sun java system app server or web logic provide this plugin so that you can effectively use the back end app server
with both these setup, you can <if> constructs to determine which requests need to be forwarded to the back end server.
I wonder, why do you need both - if both of them is designed to do the same thing. -
Why do we use reverse proxy for Oracle RAC Cluster setup
Hello All,
I got this question lately.. "why do we use reverse proxy for Oracle RAC Cluster setup". I know we use the reverse proxy at Middleware level for multiple security reasons.
Thanks.."why do we use reverse proxy for Oracle RAC Cluster setup".
I wouldn't. I wouldn't use a proxy of any sort for the Cluster Interconnect for sure.
Cheers,
Brian
Maybe you are looking for
-
Service products for Maintenance Plan
Hi All, Is it possible to Create maintenance plan from a a Service product - Contract Line item(VA41)? I have come across the Tcode OISF but do not know how to make use of it? Would appreciate if you could throw some light on this? Pranav
-
How to Build a Report that display values Current + 11 consuctive Months
Hi Experts, Could you please update me on how can achieve...this I want to develop a forecast report that can be analysed either by WEEKLY,MONTHLY and QUARTERLY. for the current+ 11 respective time chars In the first screen the user selects how h
-
The APP Store shows I have 2 updates. When I enter my ID it says that it has been disabled. Yet, I can log into my apple acct. with no problem.
-
HT1338 How do I get AdobeFlash on my iPad 5.1.1?
How do I get AdobeFlash on my iPad 5.1.1?
-
Can i upgrade my 2006 macbook pro's graphics card?
I have a late 2006 MacBook Pro (MacBook Pro 2,1) and i would like to know whether or not i can upgrade the graphics card? If it is possible what are the restrictions? Thanks.