Example of a successful reverse proxy to APEX using Apache and Oracle HTTP
If this helps anyone, I was able to set up a reverse proxy to APEX with Apache running on the reverse proxy server and Oracle HTTP server and APEX 3.2 on the APEX hosting server. I want to post this due to there is no
documentation on this that I can find. Oracle Metalink could not produce any "How To" document either.
On the reverse proxy server in the httpd.conf file:
ProxyRequests Off
SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
ProxyPassReverse /pls/apex/ http://apex_server:8080/pls/apex/
ProxyPass /pls/apex/ http://apex_server:8080/pls/apex/
ProxyPassReverse /i/ http://apex_server:8080/i/
ProxyPass /i/ http://apex_server:8080/i/
AddType text/xml .xbl
AddType text/x-component .htc
OR
ProxyRequests off
RewriteEngine On
RewriteRule ^/pls/apex/(.*)$ http://apex_server:8080/pls/apex/$1 [P,NE]
ProxyRequests off
ProxyPassReverse /i/ http://apex_server:8080/i/
RewriteEngine On
RewriteRule ^/i/(.*)$ http://apex_server:8080/i/$1 [P,NE]
And in the Oracle HTTP server httpd.conf file of the APEX hosting server:
NameVirtualHost 999.99.99.9:8080
<VirtualHost 999.99.99.9:8080>
ServerAdmin [email protected]
DocumentRoot "/u01/app/ora11g/product/11.1.0/http_1/ohs/htdocs"
ServerName reverse_proxy_server.com
</VirtualHost>
Here is what I saw :
I have one Web Server 7.0 instance with the following obj.conf :
<Object name="default">
<If $uri =~ "/xyz">
NameTrans fn="map" from="/" name="reverse-proxy-/xyz" to="/"
</If>
<ElseIf $uri =~ "/abc">
NameTrans fn="map" from="/" name="reverse-proxy-/abc" to="/"
</ElseIf>
</Object>
<Object ppath="*">
Service fn="proxy-retrieve" method="*"
</Object>
<Object name="reverse-proxy-/abc">
Route fn="set-origin-server" server="http://server1.sun.com:80"
</Object>
<Object name="reverse-proxy-/xyz">
Route fn="set-origin-server" server="http://server2.sun.com:80"
</Object> ...When I send a request to URI :
/abc/test1.html : the request gets served from server1 from docs/abc/test1.html.
/xyz/test2.html : the request gets served from server2 from docs/xyz/test2.html
Where as when you change obj.conf to (note the change in "from" parameter in "map" SAF)
<Object name="default">
<If $uri =~ "/xyz">
NameTrans fn="map" from="/xyz" name="reverse-proxy-/xyz" to="/"
</If>
<ElseIf $uri =~ "/abc">
NameTrans fn="map" from="/abc" name="reverse-proxy-/abc" to="/"
</ElseIf>
</Object>
<Object ppath="*">
Service fn="proxy-retrieve" method="*"
</Object>
<Object name="reverse-proxy-/abc">
Route fn="set-origin-server" server="http://server1:80"
</Object>
<Object name="reverse-proxy-/xyz">
Route fn="set-origin-server" server="http://server2:80"
</Object> ...In this case when I send a request to URI :
/abc/test1.html : the request gets served from server1 from docs/test1.html.
/xyz/test2.html : the request gets served from server2 from docs/test2.html.
Similar Messages
-
Enterprise portal access using reverse proxy using Apache and webdispatcher
Hi Guys,
As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
What we have think of to use Apache and Web dispatcher.
I tried to search documents and found some sdn links also but still i am not comfortable to go about.
Need suggestion and document if anyone has used so far.reverse proxy.
As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
Thanks,
DeepakWe used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
From BASIS stand point it would be primarily Web Dispatcher Configuration.
Also refer the links I specified in another thread. There are several scenarios discussed there -
Re: Post values for userid and passowrd fields in logon page
http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
~ Dhanz -
I set up a reverse proxy server but the DOJO and auto complete dont work
I set up a reverse proxy server but the DOJO and auto completer don't work . Am I missing a configuration on the proxy server ?
Well it would help if you can provide some more details on your configuration/setup.
-
Down Time for Installing APEX 4.2.1 and oracle HTTP server?
Hi, all:
I plan to install APEX 4.2.1 and oracle HTTP server on 10.2.0.4 database.
Is there any down time required during installation?
I mean during installation, do I need to block users from accessing the database?
Can they do their normal data entry / inquiry?
thanks,
John
ps. There will be server backup before installation.Hi,
Documentation says
>
3.1 Recommended Pre-installation Tasks
Before installing Oracle Application Express, Oracle recommends that you complete the following steps:
Review and satisfy all Oracle Application Express installation requirements. See "Oracle Application Express Installation Requirements".
Shut down with normal or immediate priority the Oracle Database instances where you plan to install Oracle Application Express. On Oracle Real Application Clusters (Oracle RAC) systems, shut down all instances on each node.
An alternative to shutting down the database is to prevent all users from accessing Oracle Application Express when upgrading your installation from a previous release of Oracle Application Express. Oracle only recommends this option in high availability production environments where planned outages are not available. For all other scenarios, the database should be shut down.
To disable access to Oracle Application Express when the existing installation is using the Application Express Listener, shut down the appropriate application server where the Application Express listener is deployed.
To disable user access to Oracle Application Express when the existing installation is using the Oracle HTTP Server with mod_plsql, you should either shut down the Web server or disable the Application Express Database Access Descriptor of the Web server.
For an existing installation using the embedded PL/SQL gateway, you should disable the Oracle XML DB Protocol Server by setting the HTTP port to 0. This can be accomplished by starting SQL*Plus, connecting as SYS to the database where Oracle Application Express is installed, and running:
EXEC DBMS_XDB.SETHTTPPORT(0);
Once you have prevented access from Oracle Application Express users, you should log into SQL*Plus as SYS, connecting to the database where Oracle Application Express is installed, and query V$SESSION to ensure there are no long running sessions which would interfere with the upgrade process.
Back up the Oracle Database installation.
Oracle recommends that you create a backup of the current Oracle Database installation before you install Oracle Application Express. You can use Oracle Database Recovery Manager, which is included in the Oracle Database installation, to perform the backup.
See Also:
Oracle Database Backup and Recovery User's Guide
Start the Oracle Database instance that contains the target database.
After backing up the system, you must start the Oracle instance that contains the target Oracle database. Do not start other processes such as a Web Listener. However, if you are performing a remote installation, make sure the database listener for the remote database has started.
>
Regards,
Jari
My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
Twitter: http://www.twitter.com/jariolai -
Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui
Dear Experts,
I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank youhi,
pls check the below links for reference:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
.2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
Note:please reward points if solution found helpfull
Regards
Chandrakanth.k -
Scenario
We are considering using APEX with Oracle 10g. However, we don't have Oracle application server.At the same time we do not want to use the Oracle HTTP server(OHS) on the database server. The propsed application intend to use by approx. 5000 users
Questions
As APEX requires just OHS and mod_plsql plugin,
1. Can we install just Oracle HTTP server and mod_plsql on standalone server? Which CD need to be used?
2. Can OHS can be licensed separately as Oracle Internet application server(Enterprise Edition) based on processor licensing is expensive and not affordable.However, there are other options like Standard Edition and Standard Edition One as well but do not require any other options except OHS and mod_plsql plugin.Hence, what is the cost effective option to have OHS and mod_plsql as a middle tier component to deploy APEX applications
Thanks in advanceAll,
I'm by no means a security expert, but I don't think this is a best practice. I think the best practice is to use two HTTP servers: one in the DMZ and one on the DB server. The one in the DMZ can be a standard Apache install - it acts as a proxy server and does not need mod_plsql. The second should be OHS. This configuration allows you to block ports that are usually used to communicate with the DB from the server in the DMZ.
Did I get that right or am I way off?
Regards,
Dan
http://danielmcghan.us
http://sourceforge.net/projects/tapigen
http://sourceforge.net/projects/plrecur
You can reward this reply by marking it as either Helpful or Correct ;-) -
Hello
When APEX 4.0 is finally released, will it be possible to install into an Oracle XE database as previous versions?
I am interested in providing a Client demo of some of the Web2.0 features using their own network.
Regards
AdeI didnot realise Oracle XE 10g database was more advanced than the standard editions
It is not, and I'm not sure where how you arrived at that conclusion. Oracle XE has much LESS functionality than Oracle SE One, SE or EE. It has not been revised in some time now, and while an ideal demonstration and even development platform, it is quite limited when it comes to using it for production-class applications.
Thanks,
- Scott -
http://spendolini.blogspot.com
http://www.sumneva.com -
Dynamic table owner in apex 3.0 and Oracle 10g
I have an application that requires bulk deletes for all rows in a particular department. The application edits incoming data and then moves final approved data to the 'production' db. End users modify their data via bulk load until they are happy with validity checks. At certain times of the year this could be as many as a million rows in a single table with referential integrity deletes in up to 5 additional tables. This generates unnecessary redo and archive logs so I thought we might just create separate schemas for each department (11) and do DROP/CREATE table instead.
The problem is that I see no way to dynamically change the table owner in ApEx. Is there any way to do this short of export/import to a 11 different parsing schemas?...I thought we might just create separate
schemas for each department (11) and do DROP/CREATE
table instead.Instead of doing drop/create on your tables just do a truncate on the table.
>
The problem is that I see no way to dynamically
change the table owner in ApEx. Is there any way to
do this short of export/import to a 11 different
parsing schemas?You may try creating your tables as follows
CREATE TABLE dept1.table_a AS SELECT * FROM old_table WHERE dept=1;
CREATE TABLE dept2.table_a AS SELECT * FROM old_table WHERE dept=2;
Then investigate using UNION logic and possibly a flag to show/hide departments...
SELECT * FROM dept1.table_a WHERE dept=1 AND :P1_FLAG=???;
UNION
SELECT * FROM dept2.table_a WHERE dept=2 AND :P1_FLAG=???;
The above union logic may work for reporting needs but would likely not work for your maintenance pages where you need to insert/update/delete...
Message was edited by:
tfa -
hi,
Among of couples of web sites, oracle EM is recently behind Apache reverse proxy, i'm using mod_proxy and mod_proxy_http, the problem is that the images don't appear due to URL resolution. I know about apache_proxy_html but i'm asking if there is another alternative of this one.
thanks.8081 is the application server port.
even this fails
NameTrans fn="map" from="/uwc" to="http://192.168.1.34/uwc"
NameTrans fn="reverse-map" from="http://192.168.1.34/uwc" to="http://192.168.1.34:8082/uwc" rewrite-location="true" rewrite-content-location="true"
it directs me to
http://192.168.1.34/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0 after login which means the source webserver
but if i specify the port within the above url it works
http://192.168.1.34:8082/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0
which means that the proxy is getting the contents but it redirects to the source url and doesn't rewrite it with the proxy url
how can i solve it? -
Apache as reverse proxy - 400 Bad request
Hi all,
I'm configured apache as reverse proxy according to this blog:
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
When I try to navigate http://testcomp/irj I get "400 - Bad request"
See exception;
<i>Message : User Guest, IP address
Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
GET /irj HTTP/1.1
Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Severity : Error
Category :
Location : com.sap.engine.services.httpserver
Application :
Thread : SAPEngine_Application_Thread[impl:3]_32
Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
Source Name : com.sap.engine.services.httpserver
Argument Objs :
Arguments :
Dsr Component :
Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
Dsr User :
Indent : 0
Level : 0
Message Code :
Message Type : 0
Relatives :
Resource Bundlename :
Session : 2
Source : com.sap.engine.services.httpserver
ThreadObject : SAPEngine_Application_Thread[impl:3]_32
Transaction :
User : Guest</i>
The lines I added to http.conf
<i>#Enable reverse-proxying
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://testcomp/logon</i>
I tried with apache version 2.2.3 & 2.0.59 with no success.
My J2EE/Portal version is 6.17.
Since this is a testing environment the two computers are under the same workgroup (no domain).
If I naviagte directly to the portal (without the reverse proxy) everything is working.
How can I solve it?
Regards,
OmriHi Jakub,
Thanks for the answer.
It's not working for me...
I'm attaching my httpd.conf file.
Also, what apache version do you use?
Can you send me your post your httpd.conf file?
Thanks,
Omri
httpd.conf
This is the main Apache HTTP server configuration file. It contains the
configuration directives that give the server its instructions.
See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
In particular, see
<URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
for a discussion of each configuration directive.
Do NOT simply read the instructions in here without understanding
what they do. They're here only as hints or reminders. If you are unsure
consult the online docs. You have been warned.
Configuration and logfile names: If the filenames you specify for many
of the server's control files begin with "/" (or "drive:/" for Win32), the
server will use that explicit path. If the filenames do not begin
with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
with ServerRoot set to "c:/apache" will be interpreted by the
server as "c:/apache/logs/foo.log".
NOTE: Where filenames are specified, you must use forward slashes
instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
If a drive letter is omitted, the drive on which Apache.exe is located
will be used by default. It is recommended that you always supply
an explicit drive letter in absolute paths, however, to avoid
confusion.
ThreadsPerChild: constant number of worker threads in the server process
MaxRequestsPerChild: maximum number of requests a server process serves
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot: The top of the directory tree under which the server's
configuration, error, and log files are kept.
Do not add a slash at the end of the directory path. If you point
ServerRoot at a non-local disk, be sure to point the LockFile directive
at a local disk. If you wish to share the same ServerRoot for multiple
httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "c:/apache"
Listen: Allows you to bind Apache to specific IP addresses and/or
ports, instead of the default. See also the <VirtualHost>
directive.
Change this to Listen on specific IP addresses as shown below to
prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#Listen 12.34.56.78:80
Listen 80
Dynamic Shared Object (DSO) Support
To be able to use the functionality of a module which was built as a DSO you
have to place corresponding `LoadModule' lines at this location so the
directives contained in it are actually available before they are used.
Statically compiled modules (those listed by `httpd -l') do not need
to be loaded here.
Example:
LoadModule foo_module modules/mod_foo.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
<b>LoadModule proxy_module modules/mod_proxy.so</b>
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
<b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so
'Main' server configuration
The directives in this section set up the values used by the 'main'
server, which responds to any requests that aren't handled by a
<VirtualHost> definition. These values also provide defaults for
any <VirtualHost> containers you may define later in the file.
All of these directives may appear inside <VirtualHost> containers,
in which case these default settings will be overridden for the
virtual host being defined.
ServerAdmin: Your address, where problems with the server should be
e-mailed. This address appears on some server-generated pages, such
as error documents. e.g. [email protected]
ServerAdmin @@ServerAdmin@@
ServerName gives the name and port that the server uses to identify itself.
This can often be determined automatically, but we recommend you specify
it explicitly to prevent problems during startup.
If your host doesn't have a registered DNS name, enter its IP address here.
ServerName localhost:80
DocumentRoot: The directory out of which you will serve your
documents. By default, all requests are taken from this directory, but
symbolic links and aliases may be used to point to other locations.
DocumentRoot "c:/apache/htdocs"
Each directory to which Apache has access can be configured with respect
to which services and features are allowed and/or disabled in that
directory (and its subdirectories).
First, we configure the "default" to be a very restrictive set of
features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
</Directory>
Note that from this point forward you must specifically allow
particular features to be enabled - so if something's not working as
you might expect, make sure that you have specifically enabled it
below.
This should be changed to whatever you set DocumentRoot to.
<Directory "c:/apache/htdocs">
Possible values for the Options directive are "None", "All",
or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Note that "MultiViews" must be named explicitly --- "Options All"
doesn't give it to you.
The Options directive is both complicated and important. Please see
http://httpd.apache.org/docs/2.2/mod/core.html#options
for more information.
Options Indexes FollowSymLinks
AllowOverride controls what directives may be placed in .htaccess files.
It can be "All", "None", or any combination of the keywords:
Options FileInfo AuthConfig Limit
AllowOverride None
Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
DirectoryIndex: sets the file that Apache will serve if a directory
is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
The following lines prevent .htaccess and .htpasswd files from being
viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
ErrorLog: The location of the error log file.
If you do not specify an ErrorLog directive within a <VirtualHost>
container, error messages relating to that virtual host will be
logged here. If you do define an error logfile for a <VirtualHost>
container, that host's errors will be logged there and not here.
ErrorLog logs/error.log
LogLevel: Control the number of messages logged to the error_log.
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
<IfModule log_config_module>
The following directives define some format nicknames for use with
a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
The location and format of the access logfile (Common Logfile Format).
If you do not define any access logfiles within a <VirtualHost>
container, they will be logged here. Contrariwise, if you do
define per-<VirtualHost> access logfiles, transactions will be
logged therein and not in this file.
CustomLog logs/access.log common
If you prefer a logfile with access, agent, and referer information
(Combined Logfile Format) you can use the following directive.
#CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
Redirect: Allows you to tell clients about documents that used to
exist in your server's namespace, but do not anymore. The client
will make a new request for the document at its new location.
Example:
Redirect permanent /foo http://www.example.com/bar
Alias: Maps web paths into filesystem paths and is used to
access content that does not live under the DocumentRoot.
Example:
Alias /webpath /full/filesystem/path
If you include a trailing / on /webpath then the server will
require it to be present in the URL. You will also likely
need to provide a <Directory> section to allow access to
the filesystem path.
ScriptAlias: This controls which directories contain server scripts.
ScriptAliases are essentially the same as Aliases, except that
documents in the target directory are treated as applications and
run by the server when requested rather than as documents sent to the
client. The same rules about trailing "/" apply to ScriptAlias
directives as to Alias.
ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
</IfModule>
"c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
CGI directory exists, if you have that configured.
<Directory "c:/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Apache parses all CGI scripts for the shebang line by default.
This comment line, the first line of the script, consists of the symbols
pound (#) and exclamation followed by the path of the program that
can execute this specific script. For a perl script, with perl.exe in
the C:\Program Files\Perl directory, the shebang line should be:
#!c:/program files/perl/perl
Note you mustnot_ indent the actual shebang line, and it must be the
first line of the file. Of course, CGI processing must be enabled by
the appropriate ScriptAlias or Options ExecCGI directives for the files
or directory in question.
However, Apache on Windows allows either the Unix behavior above, or can
use the Registry to match files by extention. The command to execute
a file of this type is retrieved from the registry by the same method as
the Windows Explorer would use to handle double-clicking on a file.
These script actions can be configured from the Windows Explorer View menu,
'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
button allows you to modify the Actions, of which Apache 1.3 attempts to
perform the 'Open' Action, and failing that it will try the shebang line.
This behavior is subject to change in Apache release 2.0.
Each mechanism has it's own specific security weaknesses, from the means
to run a program you didn't intend the website owner to invoke, and the
best method is a matter of great debate.
To enable the this Windows specific behavior (and therefore -disable- the
equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
The directive above can be placed in individual <Directory> blocks or the
.htaccess file, with either the 'registry' (Windows behavior) or 'script'
(Unix behavior) option, and will override this server default option.
DefaultType: the default MIME type the server will use for a document
if it cannot otherwise determine one, such as from filename extensions.
If your server contains mostly text or HTML documents, "text/plain" is
a good value. If most of your content is binary, such as applications
or images, you may want to use "application/octet-stream" instead to
keep browsers from trying to display binary files as though they are
text.
DefaultType text/plain
<IfModule mime_module>
TypesConfig points to the file containing the list of mappings from
filename extension to MIME-type.
TypesConfig conf/mime.types
AddType allows you to add to or override the MIME configuration
file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
AddEncoding allows you to have certain browsers uncompress
information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
If the AddEncoding directives above are commented-out, then you
probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler allows you to map certain file extensions to "handlers":
actions unrelated to filetype. These can be either built into the server
or added with the Action directive (see below)
To use CGI scripts outside of ScriptAliased directories:
(You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
For type maps (negotiated resources):
#AddHandler type-map var
Filters allow you to process content before it is sent to the client.
To parse .shtml files for server-side includes (SSI):
(You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
The mod_mime_magic module allows the server to use various hints from the
contents of the file itself to determine its type. The MIMEMagicFile
directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
Customizable error responses come in three flavors:
1) plain text 2) local redirects 3) external redirects
Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
EnableMMAP and EnableSendfile: On systems that support it,
memory-mapping or the sendfile syscall is used to deliver
files. This usually improves server performance, but must
be turned off when serving from networked-mounted
filesystems or if support for these functions is otherwise
broken on your system.
#EnableMMAP off
#EnableSendfile off
Supplemental configuration
The configuration files in the conf/extra/ directory can be
included to add extra features or to modify the default configuration of
the server, or you may simply copy their contents here and change as
necessary.
Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
Language settings
#Include conf/extra/httpd-languages.conf
User home directories
#Include conf/extra/httpd-userdir.conf
Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
Virtual hosts
#Include conf/extra/httpd-vhosts.conf
Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
Various default settings
#Include conf/extra/httpd-default.conf
Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Note: The following must must be present to support
starting without SSL on platforms with no /dev/random equivalent
but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<b>ProxyPreserveHost On
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://sapportal:50000/irj
#ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://sapportal:50000/logon
#ProxyPassReverse /logon http://testcomp/logon</b> -
Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single
I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?
First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
APACHE REVERSE PROXY (Apache 2.2)
http:/proxy.mycompany.com:80
ProxyRequests off
ProxyPassInterpolateEnv On
ProxyPass / http:/portal.tech.everett.it:7777/
ProxyPassReverse / http:/portal.tech.everett.it:7777/
ProxyPreserveHost On
ORACLE SSO
http:/portal.mycompany.com:7777
Here are the steps i already do:
1- CONFIG OID
create an ldif file called setdasurl.ldif and insert as follow:
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
changetype: modify
replace: orcldasurlbase
orcldasurlbase: http:/proxy.mycompany.com/
then do ldapmodify as follow:
ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
2- CONFIG ORA SSO (as gentjan user)
export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
2.1-config Apache config of ORA SSO
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
change from:
ServerName portal.mycompany.com
Port 7777
KeepAlive On
to:
ServerName proxy.mycompany.com
Port 80
KeepAlive Off
and add at the end of httpd.conf
RewriteEngine On
RewriteOptions inherit
2.2- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
*$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
2.4- Updating the targets.xml File
Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
vi $ORACLE_HOME/sysman/emd/targets.xml
Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
Property NAME="HTTPPort" VALUE="80"
Property NAME="HTTPProtocol" VALUE="http"
Save and close the file.
Reload the Application Server Control Console by issuing this command (as gentjan):
*$ORACLE_HOME/bin/emctl reload*
2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
some needed permissions
chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
Re-register mod_osso (as gentjan)
*$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
2.6- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
After this modifications my reverse proxy is ok.
I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
The problem that i find is when i click to Login page for Oracle SSO.
I have the following error:
Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
Gentjan -
Retain Orginal URL after Reverse Proxying
I am trying to do a reverse proxy using Apache config file (Apache 2.2)
I am able to successfully reverse proxy a user from https://www4.dev.sonet.se/chatview/ to http://pkma-usis.kaddi.sonet.fe/chatview
But when i try to retain the host domain name after reverse proxy using "Header edit Location" directive, it fails.
i.e, After redirection to http://pkma-usis.kaddi.sonet.fe:80/chatview the user must see the URL as https://www4.dev.sonet.se/chatview.
I wanted to know if what I am trying to do is feasible in the first place and if this is a good practice. Following is my config file.
Can anyone please help me in this? - if I am using a correct approach? any alternate options available? debugging options to find out where my config goes wrong ?
<Macro SingleNode %h1 %lp %rp>
<Location /%lp/>
Header add Set-Cookie "%Chat_SID=h.%{BALANCER_WORKER_ROUTE}e;\
path=/%lp/;" env=BALANCER_ROUTE_CHANGED
Header edit Location "^(.*pkma-usis.kaddi.sonet.fe.*/%lp/)(.*)$" "/%lp/$2"
</Location>
<Proxy balancer://%lpCluster>
BalancerMember http://%h1 min=1 smax=3 max=10 ttl=10 route=%h1
</Proxy>
ProxyPassReverse /%lp/ http://%h1/%rp/
RewriteRule ^/%lp/(.*) balancer://%lpCluster/%rp/$1 [proxy]
ProxySet balancer://%lpCluster stickysession=%Chat_SID
</Macro>
<IfDefine DEV>
Use SingleNode jemma-uusi.stadi.sonera.fi:80 chatview chatview
</IfDefine>
<LocationMatch "/chatview/">
AuthType Basic
Require valid-user
AuthName CT
</LocationMatch>
###################################Hi,
I am not sure I 100% understand you setup but it is possible to retain the URL after a proxy :-)
Here is a edited example from one of our customers:
1. httpd.conf
<VirtualHost 172.30.123.10:80>
ServerName theheat.dk
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://theheat.dk$1
</VirtualHost>2. ssl.conf
<VirtualHost 172.30.123.10:443>
ServerName theheat.dk
RewriteEngine On
RewriteRule ^/$ /example/faces/Home [R=301]
RequestHeader set WL-Proxy-SSL true
ProxyPass /example/ http://wintermute:8001/example/
ProxyPassReverse /example/ http://wintermute:8001/example/3. Admin Console
In the Admin Console navigate to the Managed Server running on port 8001 and find Configuration => General => Advanced.
Put a check mark in "WebLogic Plug-In Enabled" even though your are not using the mod_wl plug-in.
Now select the Protocols tab and then HTTP. Set "Frontend Host" to theheat.dk and for "Frontend HTTPS Port" input 443.
Hope it helps.
Regards Peter -
BizTalk published WCF service throwing HTTP 404 error using ISA reverse proxy settings
I have published my schemas as a WCF service from BizTalk 2010 "Publish WCF Service" wizard. I used Wcf-basicHTTP adapter in receive port. I am able to run the service successfully on localhost IIS and I tested my biztalk solution by sending request using SOAP UI and got response successfully.... Now: Actually, I need to give this service endpoint to my vendor who will send request from outside my company's network i.e. internet. In my infrastrucrue BizTalk is behind the firewall so, we setup a REVERSE proxy server at DMZ layer and it is configured properly. I have tested a simple WCF service by replacing the localhost with Proxy server configured address <DNSName> and it worked absolutely fine. But when I change localhost in my BizTalk schema based published WCF service it is not working and I am getting following error. Really strugling to get it resolved. I wasted a whole 3 days....very upset. Please help me out by giving the detailed step solution. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /BizTalkServiceInstance/MyService.svc I am surprized why other c# code based WCF services are working fine with reverse proxy settings. Server Error in '/' Application. The resource cannot be found.Is there any special things to consider Biztalk exposed wcf servcie over ssl in IIS cluster with ISA
Hi Singam :)
First I would start by browsing any other files (files other than the one from WCF) just to ensure that the reverse-proxy’s redirection rules are set correctly. If you get the same 404 error when you try to access other service/files “through reverse-proxy”,
then it’s an issue in the redirection rule(s) in reverse-proxy.
If others are fine i.e. no issue in reverse-proxy setup as such, then try the following for WCF service's web.config file. I have seen this issue in WCF service (not just BizTalk’s artifacts exposed as service in reverse-proxy). Add serviceHostingEnvironment
config as show with in serviceModel section.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Regards,
M.R.Ashwin Prabhu
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply. -
O-Portal behind reverse proxy, aliasing of o-portal url to generic url.
I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
Thanks,
RainerI also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected] -
Apache as a reverse proxy for E-recruiting
We are trying to use apache as a reverse procy for e-recruting. The call to the web proxy is being forwareded correctly but whereas if the page is opened directly on the e-recruiting box it opens a page with a bsp generated logon screen, when using the portal it generates a window dialog for logon and i the get the following message :
BSP Exception: Das Objekt sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do in der URL /sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do?sap-client=100&sap-language=EN&BspClient=100&BspLanguage=EN&rcfSpId=0003&rcfContext=LMUGEN ist nicht gültig.
Has anyone done apache as a proxy for e-recruting who can share an example or offer any advice?
ThanksHi Richard,
you can take this link as a starting point: /people/sap.user72/blog/2006/04/18/the-reverse-proxy-series--part-32-apache-as-a-complex-reverse-proxy
In your case it seems to me that "/sap/bc/bsp/sap/hrrcf_start_int" gets concatenated 2 more times in your URL than it should.
That looks like a loop resp. an apache directive which gets executed too often.
regards, Norbert
Maybe you are looking for
-
How can I make an iphone app with xcode that worrks like a newspaper? So that I can post articles on the app while it is on appstore. Can I directly connect the app with my mac or do I have to connect it to a database? Thanks
-
I am investigating the potential to set and read XMP metadata on TIFF, PDF, and EPS files for a workflow. I am a Perl/Java person, and upon investigating solutions found the Java XMP Parser. As I read, it appears that I need to create a RDF file. It
-
Impossible conversion PDF into DOC, Adobe Reader 10.2 available
I tried converting a PDF file into DOC, but I got the following message, If this message is not eventually replaced by the proper contents of the document, your PDF viewer may not be able to display this type of document. Then I downloaded the latest
-
"SAVEANDBACK" Button In Folloup Activity from Service order
Hi, Give me solution... Here Created folloup activity from service order in web ui.....In folloup activity after click the SAVEANDBACK then opend the serviceorder.....but i added the data in folloup activity... that data not refresh in serviceorder
-
Elements imports Cineform .avi at wrong duration
After importing 21 Cineform .avi files to Prem Elements11, 4 of them showed up in the Project Assets at the wrong duration. For example, a 9'33'' length clip appeared as 2'24''. In each case, roughly the first quarter of the clip is there, but the re