We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Dynamic proxyName  For Tomcat

Medium Priority
3,749 Views
Last Modified: 2013-12-02
This is an exrept from my server configuration (Tomcat):

<Connector port="8080"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               redirectPort="8443"
               acceptCount="100"
               connectionTimeout="20000"
               disableUploadTimeout="true"
               address="127.0.0.1"
               scheme="https"
               proxyPort="443"
               proxyName="bla.bla.com"
               secure="true"
               emptySessionPath="true"
               />

When I use links with https://bla.bla.com/index.html  it works fine.
But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.

It only works if I change proxyName=135.20.7.89

Is there a way to make it working for all address schema: i.e.: Ip address, fully qualified name, short name&
Comment
Watch Question

Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
what are u using proxyName?

Author

Commented:
Sorry I'm not sure I understood your question.
II'm new to web programming
And I'm just changing the behavior of existing application that for some reasons is architectured the way I described earlier.
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
is tomcat sitting behind apache?
are you using ajp to connect?
if so, whats he apache config?
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
> But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.

how exactlky does it not work?

Author

Commented:
The above xml config. code refers to the http connector. My understanding is that this connector is used by web  browser to establish connection. The proxyName is a connector attribute used internally in method
ServletRequest.getServerName().
That's my understanding and correct me if I'm wrong.
Apparently the problem happens when there is a dismatch between the address schema entered e.g. Ip addrees/..
and the string that is returned From ServletRequest.getServerName().
Is there a way to Fix this problem ?
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
the proxyName changes the what getServerName() returns.

Can you answer my q above regards how exactly it is not working. What response do you get from server?

Author

Commented:
Seems like I can't answer all questions at this stage. Do you guy know how can activated and see the logging info, it may help to understand how things work.

Thanks,

Author

Commented:
This is a more complete excerpt from server.xml:

<Service name="Catalina">

    <Connector port="8080"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               redirectPort="8443"
               acceptCount="100"
               connectionTimeout="20000"
               disableUploadTimeout="true"
               address="127.0.0.1"
               scheme="https"
               proxyPort="443"
               proxyName="bla.bla.com"
               secure="true"
               emptySessionPath="true"
               />
>
    <!-- Apache JServ Protocol Connector to apache -->
    <Connector port="8009"
               enableLookups="false"
               redirectPort="8443"
               protocol="AJP/1.3"
               tomcatAuthentication="false" />
    <Engine name="Catalina" defaultHost="localhost">
      <Host name="localhost"
            appBase="webapps"
            unpackWARs="false"
            autoDeploy="false"
            xmlValidation="false"
            liveDeploy="false"
            debug="0"
            xmlNamespaceAware="false">

      </Host>
    </Engine>
  </Service>
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
u still haven't explained the error response you are getting

Author

Commented:
This is one trace:
https://69.3.2.10/portal/login/redirector

GET /portal/login/redirector HTTP/1.1
Host: 69.3.2.10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZDdmYzJiYzI4MTE5Y2UwNGE2Y2ZjZTBiN2Q2YWVhMDM0OTk0OWZlZWFkbWluITEyMzQ0NzcwMzg6MTI3LjAuMC4x; JSESSIONID=4BED28916ABD8E793B09C8B9EE28420B

HTTP/1.x 302 Moved Temporarily
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Location: https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
Content-Length: 0
Content-Type: text/plain
----------------------------------------------------------
https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498

GET /portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498 HTTP/1.1
Host: host.domainName
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=236828317.2067615383.1226944232.1230066680.1232723512.7; __utmz=236828317.1229960534.5.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=teleworker%20; auth_probe=1; auth_tkt=ZmE2OWM3NWViYTIyZjQyMmQ0NmQ2NDk4YmM5YjFhYjI0OTk0OTkwYWFkbWluITEyMzQ0NzUyNzQ6MTI3LjAuMC4x; JSESSIONID=25EB2BD8518EDDD15A6AF041538BB2B7

HTTP/1.x 404 /portal//login/j_security_check
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1043
----------------------------------------------------------
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
whats the apache config look like?

Author

Commented:
What file are referring to ?
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
could be any, its the configuration for that site in your apache config
might be in /etc/apache, depends on the OS

Author

Commented:
I think the problem comes from how j_security_check works. i.e j_security_check does not allow relative path like aliases.
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
not sure I follow what you are saying, j_security_check is implemented in tomcat (is it mapped correctly). Is the request getting to tomcat? or is apache not mapping it correctly to tomcat?

Author

Commented:
I think apache is mapping correctly the fully qualified domain name : fqdn (proxyName field in server.xml) but after that if I use the IP address or the alias instead it does not work.

e.g. https://host.domain.com/login works fine
       https:// host/login or http://60.34.2.1/login fail
Mick BarryJava Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
I need more details to be able to help. Primarily your apache config and how it is handling request mapping.

Author

Commented:
# HostnameLookups: Log the names of clients or just their IP numbers
#   e.g.   www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.

HostnameLookups off

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin admin@blabla.domain.com

# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE!  If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.

ServerRoot /etc/httpd

ServerTokens ProductOnly

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  

# User/Group: The name (or #number) of the user/group to run httpd as.
#  On SCO (ODT 3) use User nouser and Group nogroup
#  On HPUX you may not be able to use shared memory as nobody, and the
#  suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group nobody on these systems!

User www
Group www

# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.

ErrorLog /var/log/httpd/error_log

# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.

LogLevel warn

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.


LoadModule env_module modules/mod_env.so
LoadModule log_config_module modules/mod_log_config.so

#LoadModule mime_magic_module  modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule include_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so

#LoadModule speling_module     modules/mod_speling.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule external_auth_module modules/mod_auth_external.so
LoadModule php4_module modules/libphp4.so
# modPerl disabled
LoadModule ssl_module modules/mod_ssl.so

LoadModule ipenv_module modules/mod_ipenv.so
AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth
SetExternalAuthMethod pwauth pipe

Listen 0.0.0.0:80

##########################################################
##  SSL Global Context Configuration
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts
##      (unless overridden by virtual hosts)
##
<IfModule mod_ssl.c>
Listen 0.0.0.0:443

SSLEngine off
SSLCertificateFile /home/e-smith/ssl.crt/host.blabla.domain.com.crt
SSLCertificateKeyFile /home/e-smith/ssl.key/host.blabla.domain.com.key

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:state/ssl_scache

SSLSessionCacheTimeout  300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

SSLMutex  file:state/ssl_mutex

SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin

#SSLLogLevel info

SSLProtocol -ALL +SSLv3 +TLSv1
</IfModule>
#
#      END OF SSL GLOBAL CONTEXT CONFIGURATION
#############################################
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /var/lock/httpd.lock

# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid

# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/httpd.scoreboard

# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.

#CacheNegotiatedDocs

# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name.  With this setting off, Apache will
# use the hostname:port that the client supplied, when possible.  This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName off

# The following directives define some format nicknames for use with
# a CustomLog directive (see below).

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_virtual
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.

# CustomLog logs/access_log common
CustomLog /var/log/httpd/access_log combined_virtual

# If you would like to have an agent and referer logfile uncomment the
# following directives.

#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent

# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.

#CustomLog logs/access_log combined

FileETag MTime Size
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request

KeepAliveTimeout 15

# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...

MaxClients 150

# MaxRequestsPerChild: the number of requests each child process is
#  allowed to process before the child dies.
#  The child will exit so as to avoid problems after prolonged use when
#  Apache (and maybe the libraries it uses) leak.  On most systems, this
#  isn't really needed, but a few (such as Solaris) do have notable leaks
#  in the libraries.

MaxRequestsPerChild 100

# Proxy Server directives. Uncomment the following line to
# enable the proxy server:

#ProxyRequests On

# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.

ServerName www.blabla.domain.com

# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).

# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  These values are probably OK for most sites ---

MinSpareServers 8
MaxSpareServers 20

# Number of servers to start --- should be a reasonable ballpark figure.

StartServers 10

# Timeout: The number of seconds before receives and sends time out

Timeout 300

# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.

DefaultIcon /icons/unknown.gif

# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.

DirectoryIndex index.htm index.html index.shtml index.cgi

DirectoryIndex index.htm index.html index.shtml index.cgi index.php index.php3 index.phtml

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.

DocumentRoot /home/e-smith/files/ibays/Primary/html
IndexOptions FancyIndexing VersionSort NameWidth=*
# AddIcon tells the server which icon to show for different files or filename
# extensions

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

# AccessFileName: The name of the file to look for in each directory
# for access control information.

AccessFileName .htaccess

# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.

DefaultType text/plain

# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.

TypesConfig /etc/mime.types

# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.

AddEncoding x-compress Z
AddEncoding x-gzip gz

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^


<IfModule mod_php4.c>
    AddIcon /icons/php4.gif .php3 .php4 .php .phtml
    AddIcon /icons/phps.gif .phps
</IfModule>


# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.  Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.

LanguagePriority en fr de

# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1

# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# The following is for PHP/FI (PHP2):
#AddType application/x-httpd-php .phtml

# Fix up default type for .exe files.
AddType application/octet-stream .exe
# Add type for Netscape proxy autoconfiguration
AddType application/x-ns-proxy-autoconfig .pac
AddType image/png .png
# Fix up default type for .rpm files.
AddType application/octet-stream .rpm
# To use server-parsed HTML files
AddType text/html .shtml
AddType image/svg+xml       .svg
AddType application/xml .xsl
AddType application/x-pkcs7-crl    .crl

AddType application/x-x509-ca-cert .crt

# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.

BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

SetEnvIP "conf/msl_access_from_local_network" MSL_ACCESS_FROM_LOCAL_NETWORK
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1

# To use CGI scripts:
AddHandler cgi-script .cgi

AddHandler server-parsed .shtml
# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
NameVirtualHost 0.0.0.0:80
NameVirtualHost 0.0.0.0:443
NameVirtualHost 0.0.0.0:34597


<VirtualHost 0.0.0.0:80>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # skipping SSL directives


    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]


    # Skipping NuPoint View SOAP interface URL Rewriting.

    # NuPoint Call Directory URL Rewriting (Port 80)
    RewriteEngine on
    RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/login\.html$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/login\.do$ https://%{HTTP_HOST}/npm-admin/login.do?%{QUERY_STRING} [R]
    RewriteRule ^/npm-admin/(.*)$ https://%{HTTP_HOST}/npm-admin/$1 [R]



    # blabla.domain.com

    # NuPoint Personal Web GUI URL Rewriting (Port 80)
    RewriteEngine on

    RewriteRule ^/index\.html$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/login\.html$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/(.*)\.wav$ http://127.0.0.1:8080/npm-pwg/$1.wav [P]
    RewriteRule ^/npm-pwg/(.*)\.tiff$ http://127.0.0.1:8080/npm-pwg/$1.tiff [P]
    RewriteRule ^/npm-pwg/extendedUmPlayMessage.jsp$ http://127.0.0.1:8080/npm-pwg/extendedUmPlayMessage.jsp [P]
    RewriteRule ^/npm-pwg/(.*)$ https://%{HTTP_HOST}/npm-pwg/$1 [R]


    RewriteRule ^/server-manager(/.*|$)    https://%{HTTP_HOST}/server-manager$1 [L,R]
    <Location /server-manager>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    RewriteRule ^/server-common(/.*|$)    https://%{HTTP_HOST}/server-common$1 [L,R]
    <Location /server-common>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    RewriteRule ^/user-password(/.*|$)    https://%{HTTP_HOST}/user-password$1 [L,R]
    <Location /user-password>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>



    RewriteRule ^/wizardproxy(/.*|$)    https://%{HTTP_HOST}/wizardproxy$1 [L,R]
    <Location /wizardproxy>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>


    # alias for Apache icons
    Alias /icons/ /var/www/icons/

    # Alias for server resources
    Alias /server-resources/ /home/e-smith/files/server-resources/

    <Location /axis2/services/ss>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ma>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ap>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location axis2/services/MobileCallControl>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/

    <Location /mobile>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
           
RewriteCond %{HTTP_HOST} ^host.*
RewriteRule ^(.*)/mobile/user/(.*)$ https://host.blabla.domain.com/mobile/user/$2

RewriteCond %{HTTP_HOST} ^10.39.180.221$
RewriteRule ^(.*)/mobile/user/(.*)$ https://10.39.180.221/mobile/user/$2

RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/

RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$)    https://host.blabla.domain.com/portal$1 [L,R]

    <Location /portal>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on

RewriteCond %{HTTP_HOST}   !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]



    #Redirect http access to /usp to https
    RewriteRule ^/usp(/.*|$)    https://%{HTTP_HOST}/usp$1 [L,R]
    #Access restrictions to /usp are the same as /server-manager
    <Location /usp>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

</VirtualHost>


<VirtualHost 0.0.0.0:443>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # SSL Directives
    SSLEngine on


    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]



    # NuPoint View SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]



    # NuPoint Call Directory URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/showLoginPage\.do(.*)$ http://127.0.0.1:8080/npm-admin/showLoginPage.do$1?clientAddress=%{REMOTE_ADDR} [P]
    RewriteRule ^/npm-admin/forceRedirectLogin\.do$ https://host.blabla.domain.com/npm-admin/login.do?doubleEncoded=true&%{QUERY_STRING} [R]
    RewriteRule ^/npm-admin/login\.do$ http://127.0.0.1:8080/npm-admin/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-admin/(.*) http://127.0.0.1:8080/npm-admin/$1 [P]



    # NuPoint Personal Web GUI URL Rewriting (Port 443)
    RewriteEngine on

    RewriteRule ^/index\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp$1 [R]
    RewriteRule ^/login\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp$1 [R]
    RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/loginForm\.jsp(.*)$ http://127.0.0.1:8080/npm-pwg/loginForm.jsp$1?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/login.do(.*)$ http://127.0.0.1:8080/npm-pwg/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/cmmm.ajax(.*)$ http://127.0.0.1:8080/npm-pwg/cmmm.ajax?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/(.*)$ http://127.0.0.1:8080/npm-pwg/$1 [P]


    ProxyPass /server-manager http://127.0.0.1:980/server-manager
    ProxyPassReverse /server-manager http://127.0.0.1:980/server-manager
    <Location /server-manager>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    ProxyPass /server-common http://127.0.0.1:980/server-common
    ProxyPassReverse /server-common http://127.0.0.1:980/server-common
    <Location /server-common>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    ProxyPass /user-password http://127.0.0.1:980/user-password
    ProxyPassReverse /user-password http://127.0.0.1:980/user-password
    <Location /user-password>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

    <Location /npm-admin>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

    <Location /npm-pwg>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

    ProxyPass /wizardproxy http://127.0.0.1:980/wizardproxy
    <Location /wizardproxy>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>


    # alias for Apache icons
    Alias /icons/ /var/www/icons/

    # Alias for server resources
    Alias /server-resources/ /home/e-smith/files/server-resources/

    <Location /axis2/services/ss>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ma>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ap>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location axis2/services/MobileCallControl>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/

    <Location /mobile>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]

RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/

RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$)    https://host.blabla.domain.com/portal$1 [L,R]

    <Location /portal>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on

RewriteCond %{HTTP_HOST}   !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]



    #Redirect https access to /usp to httpd-admin server
    ProxyPass /usp http://127.0.0.1:980/usp
    ProxyPassReverse /usp http://127.0.0.1:980/usp
    #Access restrictions to /usp are the same as /server-manager
    <Location /usp>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

</VirtualHost>


# No remote administration hosts specified



Listen 0.0.0.0:34597

<VirtualHost 0.0.0.0:34597>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # SSL Directives
    SSLEngine on

    KeepAliveTimeout 180

    # NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/soapserver$ http://127.0.0.1:34598/cgi-bin/soapserver.cgi [P]

    <Location /soapserver>
        order allow,deny
        allow from all
        deny from none
    </Location>
    # NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
    RewriteRule ^/np-view http://127.0.0.1:34599/np-view/ [P]

    <Location /np-view>
        order allow,deny
        allow from all
        deny from none
    </Location>
</VirtualHost>



# First, we configure the "default" to be a very restrictive set of
# permissions.  

<Directory />
    Options None
    AllowOverride None
    order deny,allow
    deny from all
    allow from none
</Directory>

# Server resources access configuration

<Directory /home/e-smith/files/server-resources>
    Options +Indexes
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Directory>


<Directory /home/e-smith/files/ibays/Primary/html>
    order allow,deny
    allow from all
</Directory>

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.

#------------------------------------------------------------
# icons directory
#------------------------------------------------------------

<Directory /var/www/icons>
    Options Indexes
    AllowOverride None
    order deny,allow
    deny from all
    allow from all
</Directory>


ScriptAlias /certmanagement /etc/e-smith/web/unpriv/certs/certmanagement
<Location /certmanagement>
    order deny,allow
    allow from all
</Location>

<Directory "/etc/e-smith/web/unpriv/certs">
    Options ExecCGI
    AllowOverride None
    order deny,allow
    allow from all
</Directory>

<Directory "/etc/e-smith/web/unpriv/certs/*">
    order deny,allow
    deny from all
</Directory>



<Directory /home/e-smith/files/ibays/Primary/html>
    AddType application/x-httpd-php .php .php3 .phtml
    AddType application/x-httpd-php-source .phps
    php_admin_value open_basedir /home/e-smith/files/ibays/Primary/
</Directory>


Alias /wpad.dat /etc/httpd/conf/proxy/proxy.pac
<Location /wpad.dat>
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
Alias /proxy.pac /etc/httpd/conf/proxy/proxy.pac
<Location /proxy.pac>
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>

ProxyPassReverse /npm-admin/ http://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ http://127.0.0.1:8080/npm-admin/

ProxyPassReverse /npm-admin/ https://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-pwg/ http://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ http://127.0.0.1:8080/npm-pwg/

ProxyPassReverse /npm-pwg/ https://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1:8080/npm-pwg/

# Create link to the directory that holds the webpage and perl script
# files that support the NuPoint Tab in Microsoft Office Communicator 2005
ScriptAlias /npm-commtab/tab.xml        /usr/local/vm/web/npmcommtab/buildtabxml.cgi
ScriptAlias /npm-commtab/Setcommtab.reg /usr/local/vm/web/npmcommtab/buildTabsRegFile.cgi
Alias /npm-commtab/ /usr/local/vm/web/npmcommtab/
Alias /npm-commtab /usr/local/vm/web/npmcommtab
<Directory /usr/local/vm/web/npmcommtab>
#   Options Indexes
#   AllowOverride None
    order deny,allow
    deny from none
    allow from all
</Directory>

Java Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
bit of a needle in a hatstack.

try enabling rewrite logging to get a better idea whats going on

seems related to tomcats j_security_check, with the following not mapping correctly
https://host.domainName/portal/login/j_security_check?j_username=.....

Found the following discussion
http://osdir.com/ml/java.roller.user/2003-04/msg00038.html

May be you need another virtual host definition in tomcat

sorry not much more I can help you without playing with the box

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
This is an extract from the trace using FQDN then using IP address:
It creates another session Id
ttps://host.blabla.domain.com/portal/portal/changePassword.psml

GET /portal/portal/changePassword.psml HTTP/1.1
Host: zev.maslab.mitel.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://zev.maslab.mitel.com/portal/login/redirector
Cookie: __utma=236828317.2067615383.1226944232.1230066680.1232723512.7; __utmz=236828317.1229960534.5.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=teleworker%20; auth_probe=1; JSESSIONID=3CB4F200E63A6614659E533330776624






###################################


https://66.39.180.11/portal/portal/changePassword.psml

GET /portal/portal/changePassword.psml HTTP/1.1
Host: 10.39.180.221
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZGY3OGI3MDhhZWJkZjkzNjAyZmFjMDdiYjliMTJlMzk0OTljMmVkM2FkbWluISExMjM0OTY4MTI5OjEyNy4wLjAuMQ==; JSESSIONID=4C1774A3E3E2BC96B268627620ADDCF2
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.