bachra04
asked on
Dynamic proxyName For Tomcat
This is an exrept from my server configuration (Tomcat):
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true "
address="127.0.0.1"
scheme="https"
proxyPort="443"
proxyName="bla.bla.com"
secure="true"
emptySessionPath="true"
/>
When I use links with https://bla.bla.com/index.html it works fine.
But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.
It only works if I change proxyName=135.20.7.89
Is there a way to make it working for all address schema: i.e.: Ip address, fully qualified name, short name&
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true
address="127.0.0.1"
scheme="https"
proxyPort="443"
proxyName="bla.bla.com"
secure="true"
emptySessionPath="true"
/>
When I use links with https://bla.bla.com/index.html it works fine.
But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.
It only works if I change proxyName=135.20.7.89
Is there a way to make it working for all address schema: i.e.: Ip address, fully qualified name, short name&
what are u using proxyName?
ASKER
Sorry I'm not sure I understood your question.
II'm new to web programming
And I'm just changing the behavior of existing application that for some reasons is architectured the way I described earlier.
II'm new to web programming
And I'm just changing the behavior of existing application that for some reasons is architectured the way I described earlier.
is tomcat sitting behind apache?
are you using ajp to connect?
if so, whats he apache config?
are you using ajp to connect?
if so, whats he apache config?
> But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.
how exactlky does it not work?
how exactlky does it not work?
ASKER
The above xml config. code refers to the http connector. My understanding is that this connector is used by web browser to establish connection. The proxyName is a connector attribute used internally in method
ServletRequest.getServerNa me().
That's my understanding and correct me if I'm wrong.
Apparently the problem happens when there is a dismatch between the address schema entered e.g. Ip addrees/..
and the string that is returned From ServletRequest.getServerNa me().
Is there a way to Fix this problem ?
ServletRequest.getServerNa
That's my understanding and correct me if I'm wrong.
Apparently the problem happens when there is a dismatch between the address schema entered e.g. Ip addrees/..
and the string that is returned From ServletRequest.getServerNa
Is there a way to Fix this problem ?
the proxyName changes the what getServerName() returns.
Can you answer my q above regards how exactly it is not working. What response do you get from server?
Can you answer my q above regards how exactly it is not working. What response do you get from server?
ASKER
Seems like I can't answer all questions at this stage. Do you guy know how can activated and see the logging info, it may help to understand how things work.
Thanks,
Thanks,
ASKER
This is a more complete excerpt from server.xml:
<Service name="Catalina">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true "
address="127.0.0.1"
scheme="https"
proxyPort="443"
proxyName="bla.bla.com"
secure="true"
emptySessionPath="true"
/>
>
<!-- Apache JServ Protocol Connector to apache -->
<Connector port="8009"
enableLookups="false"
redirectPort="8443"
protocol="AJP/1.3"
tomcatAuthentication="fals e" />
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost"
appBase="webapps"
unpackWARs="false"
autoDeploy="false"
xmlValidation="false"
liveDeploy="false"
debug="0"
xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
<Service name="Catalina">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true
address="127.0.0.1"
scheme="https"
proxyPort="443"
proxyName="bla.bla.com"
secure="true"
emptySessionPath="true"
/>
>
<!-- Apache JServ Protocol Connector to apache -->
<Connector port="8009"
enableLookups="false"
redirectPort="8443"
protocol="AJP/1.3"
tomcatAuthentication="fals
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost"
appBase="webapps"
unpackWARs="false"
autoDeploy="false"
xmlValidation="false"
liveDeploy="false"
debug="0"
xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
u still haven't explained the error response you are getting
ASKER
This is one trace:
https://69.3.2.10/portal/login/redirector
GET /portal/login/redirector HTTP/1.1
Host: 69.3.2.10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm l+xml,appl ication/xm l;q=0.9,*/ *;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZDdmYzJiYzI4MTE5Y 2UwNGE2Y2Z jZTBiN2Q2Y WVhMDM0OTk 0OWZlZWFkb WluITEyMzQ 0NzcwMzg6M TI3LjAuMC4 x; JSESSIONID=4BED28916ABD8E7 93B09C8B9E E28420B
HTTP/1.x 302 Moved Temporarily
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Location: https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
Content-Length: 0
Content-Type: text/plain
-------------------------- ---------- ---------- ---------- --
https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
GET /portal/login/j_security_c heck?j_use rname=G-50 b2a5ea-e82 1-4a0e-bea c-7c57c2f4 a498 HTTP/1.1
Host: host.domainName
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm l+xml,appl ication/xm l;q=0.9,*/ *;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=236828317.206761538 3.12269442 32.1230066 680.123272 3512.7; __utmz=236828317.122996053 4.5.2.utmc sr=google| utmccn=(or ganic)|utm cmd=organi c|utmctr=t eleworker% 20; auth_probe=1; auth_tkt=ZmE2OWM3NWViYTIyZ jQyMmQ0NmQ 2NDk4YmM5Y jFhYjI0OTk 0OTkwYWFkb WluITEyMzQ 0NzUyNzQ6M TI3LjAuMC4 x; JSESSIONID=25EB2BD8518EDDD 15A6AF0415 38BB2B7
HTTP/1.x 404 /portal//login/j_security_ check
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1043
-------------------------- ---------- ---------- ---------- --
https://69.3.2.10/portal/login/redirector
GET /portal/login/redirector HTTP/1.1
Host: 69.3.2.10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZDdmYzJiYzI4MTE5Y
HTTP/1.x 302 Moved Temporarily
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Location: https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
Content-Length: 0
Content-Type: text/plain
--------------------------
https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
GET /portal/login/j_security_c
Host: host.domainName
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=236828317.206761538
HTTP/1.x 404 /portal//login/j_security_
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1043
--------------------------
whats the apache config look like?
ASKER
What file are referring to ?
could be any, its the configuration for that site in your apache config
might be in /etc/apache, depends on the OS
might be in /etc/apache, depends on the OS
ASKER
I think the problem comes from how j_security_check works. i.e j_security_check does not allow relative path like aliases.
not sure I follow what you are saying, j_security_check is implemented in tomcat (is it mapped correctly). Is the request getting to tomcat? or is apache not mapping it correctly to tomcat?
ASKER
I think apache is mapping correctly the fully qualified domain name : fqdn (proxyName field in server.xml) but after that if I use the IP address or the alias instead it does not work.
e.g. https://host.domain.com/login works fine
https:// host/login or http://60.34.2.1/login fail
e.g. https://host.domain.com/login works fine
https:// host/login or http://60.34.2.1/login fail
I need more details to be able to help. Primarily your apache config and how it is handling request mapping.
ASKER
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.
HostnameLookups off
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin admin@blabla.domain.com
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /etc/httpd
ServerTokens ProductOnly
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!
User www
Group www
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/httpd/error_log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.
LoadModule env_module modules/mod_env.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule include_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule external_auth_module modules/mod_auth_external. so
LoadModule php4_module modules/libphp4.so
# modPerl disabled
LoadModule ssl_module modules/mod_ssl.so
LoadModule ipenv_module modules/mod_ipenv.so
AddExternalAuth pwauth /usr/lib/httpd/modules/pwa uth
SetExternalAuthMethod pwauth pipe
Listen 0.0.0.0:80
########################## ########## ########## ########## ##
## SSL Global Context Configuration
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts
## (unless overridden by virtual hosts)
##
<IfModule mod_ssl.c>
Listen 0.0.0.0:443
SSLEngine off
SSLCertificateFile /home/e-smith/ssl.crt/host .blabla.do main.com.c rt
SSLCertificateKeyFile /home/e-smith/ssl.key/host .blabla.do main.com.k ey
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LO W:!EXP:RC4 +RSA:+HIGH :+MEDIUM
SSLPassPhraseDialog builtin
SSLSessionCache dbm:state/ssl_scache
SSLSessionCacheTimeout 300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLMutex file:state/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
#SSLLogLevel info
SSLProtocol -ALL +SSLv3 +TLSv1
</IfModule>
#
# END OF SSL GLOBAL CONTEXT CONFIGURATION
########################## ########## #########
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEP T or
# USE_FLOCK_SERIALIZED_ACCEP T. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /var/lock/httpd.lock
# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/httpd.scoreboard
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName off
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_virtual
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
# CustomLog logs/access_log common
CustomLog /var/log/httpd/access_log combined_virtual
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access_log combined
FileETag MTime Size
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
MaxRequestsPerChild 100
# Proxy Server directives. Uncomment the following line to
# enable the proxy server:
#ProxyRequests On
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
ServerName www.blabla.domain.com
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 8
MaxSpareServers 20
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 10
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
DirectoryIndex index.htm index.html index.shtml index.cgi
DirectoryIndex index.htm index.html index.shtml index.cgi index.php index.php3 index.phtml
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /home/e-smith/files/ibays/ Primary/ht ml
IndexOptions FancyIndexing VersionSort NameWidth=*
# AddIcon tells the server which icon to show for different files or filename
# extensions
AddIconByEncoding (CMP,/icons/compressed.gif ) x-compress x-gzip
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.
DefaultType text/plain
# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
TypesConfig /etc/mime.types
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
AddEncoding x-compress Z
AddEncoding x-gzip gz
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
<IfModule mod_php4.c>
AddIcon /icons/php4.gif .php3 .php4 .php .phtml
AddIcon /icons/phps.gif .phps
</IfModule>
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand. Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.
LanguagePriority en fr de
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1
# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-s ource .phps
# The following is for PHP/FI (PHP2):
#AddType application/x-httpd-php .phtml
# Fix up default type for .exe files.
AddType application/octet-stream .exe
# Add type for Netscape proxy autoconfiguration
AddType application/x-ns-proxy-aut oconfig .pac
AddType image/png .png
# Fix up default type for .rpm files.
AddType application/octet-stream .rpm
# To use server-parsed HTML files
AddType text/html .shtml
AddType image/svg+xml .svg
AddType application/xml .xsl
AddType application/x-pkcs7-crl .crl
AddType application/x-x509-ca-cert .crt
# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
SetEnvIP "conf/msl_access_from_loca l_network" MSL_ACCESS_FROM_LOCAL_NETW ORK
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1
# To use CGI scripts:
AddHandler cgi-script .cgi
AddHandler server-parsed .shtml
# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
NameVirtualHost 0.0.0.0:80
NameVirtualHost 0.0.0.0:443
NameVirtualHost 0.0.0.0:34597
<VirtualHost 0.0.0.0:80>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# skipping SSL directives
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# Skipping NuPoint View SOAP interface URL Rewriting.
# NuPoint Call Directory URL Rewriting (Port 80)
RewriteEngine on
RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/show LoginPage. do [R]
RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/show LoginPage. do [R]
RewriteRule ^/npm-admin/login\.html$ https://%{HTTP_HOST}/npm-admin/show LoginPage. do [R]
RewriteRule ^/npm-admin/login\.do$ https://%{HTTP_HOST}/npm-admin/logi n.do?%{QUE RY_STRING} [R]
RewriteRule ^/npm-admin/(.*)$ https://%{HTTP_HOST}/npm-admin/$1 [R]
# blabla.domain.com
# NuPoint Personal Web GUI URL Rewriting (Port 80)
RewriteEngine on
RewriteRule ^/index\.html$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp [R]
RewriteRule ^/login\.html$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp [R]
RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp [R]
RewriteRule ^/npm-pwg/(.*)\.wav$ http://127.0.0.1:8080/npm-pwg/$1.wav [P]
RewriteRule ^/npm-pwg/(.*)\.tiff$ http://127.0.0.1:8080/npm-pwg/$1.tiff [P]
RewriteRule ^/npm-pwg/extendedUmPlayMe ssage.jsp$ http://127.0.0.1:8080/npm-pwg/extendedUmPlayMessage.jsp [P]
RewriteRule ^/npm-pwg/(.*)$ https://%{HTTP_HOST}/npm-pwg/$1 [R]
RewriteRule ^/server-manager(/.*|$) https://%{HTTP_HOST}/server-manager $1 [L,R]
<Location /server-manager>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/server-common(/.*|$) https://%{HTTP_HOST}/server-common$ 1 [L,R]
<Location /server-common>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/user-password(/.*|$) https://%{HTTP_HOST}/user-password$ 1 [L,R]
<Location /user-password>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/wizardproxy(/.*|$) https://%{HTTP_HOST}/wizardproxy$1 [L,R]
<Location /wizardproxy>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
# alias for Apache icons
Alias /icons/ /var/www/icons/
# Alias for server resources
Alias /server-resources/ /home/e-smith/files/server -resources /
<Location /axis2/services/ss>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ma>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ap>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location axis2/services/MobileCallC ontrol>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/
<Location /mobile>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
RewriteCond %{HTTP_HOST} ^host.*
RewriteRule ^(.*)/mobile/user/(.*)$ https://host.blabla.domain.com/mobile/user/$2
RewriteCond %{HTTP_HOST} ^10.39.180.221$
RewriteRule ^(.*)/mobile/user/(.*)$ https://10.39.180.221/mobile/user/$2
RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/
RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$) https://host.blabla.domain.com/portal$1 [L,R]
<Location /portal>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
#Redirect http access to /usp to https
RewriteRule ^/usp(/.*|$) https://%{HTTP_HOST}/usp$1 [L,R]
#Access restrictions to /usp are the same as /server-manager
<Location /usp>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
</VirtualHost>
<VirtualHost 0.0.0.0:443>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# SSL Directives
SSLEngine on
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# NuPoint View SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
# NuPoint Call Directory URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/show LoginPage. do [R]
RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/show LoginPage. do [R]
RewriteRule ^/npm-admin/showLoginPage\ .do(.*)$ http://127.0.0.1:8080/npm-admin/showLoginPage.do$1?clientAddress=%{REMOTE_ADDR} [P]
RewriteRule ^/npm-admin/forceRedirectL ogin\.do$ https://host.blabla.domain.com/npm-admin/login.do?doubleEncoded=true&%{QUERY_STRING} [R]
RewriteRule ^/npm-admin/login\.do$ http://127.0.0.1:8080/npm-admin/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI NG} [P]
RewriteRule ^/npm-admin/(.*) http://127.0.0.1:8080/npm-admin/$1 [P]
# NuPoint Personal Web GUI URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/index\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp$1 [R]
RewriteRule ^/login\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp$1 [R]
RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp [R]
RewriteRule ^/npm-pwg/$ https://%{HTTP_HOST}/npm-pwg/loginF orm.jsp [R]
RewriteRule ^/npm-pwg/loginForm\.jsp(. *)$ http://127.0.0.1:8080/npm-pwg/loginForm.jsp$1?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI NG} [P]
RewriteRule ^/npm-pwg/login.do(.*)$ http://127.0.0.1:8080/npm-pwg/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI NG} [P]
RewriteRule ^/npm-pwg/cmmm.ajax(.*)$ http://127.0.0.1:8080/npm-pwg/cmmm.ajax?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI NG} [P]
RewriteRule ^/npm-pwg/(.*)$ http://127.0.0.1:8080/npm-pwg/$1 [P]
ProxyPass /server-manager http://127.0.0.1:980/server-manager
ProxyPassReverse /server-manager http://127.0.0.1:980/server-manager
<Location /server-manager>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
ProxyPass /server-common http://127.0.0.1:980/server-common
ProxyPassReverse /server-common http://127.0.0.1:980/server-common
<Location /server-common>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
ProxyPass /user-password http://127.0.0.1:980/user-password
ProxyPassReverse /user-password http://127.0.0.1:980/user-password
<Location /user-password>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
<Location /npm-admin>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
<Location /npm-pwg>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
ProxyPass /wizardproxy http://127.0.0.1:980/wizardproxy
<Location /wizardproxy>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
# alias for Apache icons
Alias /icons/ /var/www/icons/
# Alias for server resources
Alias /server-resources/ /home/e-smith/files/server -resources /
<Location /axis2/services/ss>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ma>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ap>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location axis2/services/MobileCallC ontrol>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/
<Location /mobile>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/
RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$) https://host.blabla.domain.com/portal$1 [L,R]
<Location /portal>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
#Redirect https access to /usp to httpd-admin server
ProxyPass /usp http://127.0.0.1:980/usp
ProxyPassReverse /usp http://127.0.0.1:980/usp
#Access restrictions to /usp are the same as /server-manager
<Location /usp>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
</VirtualHost>
# No remote administration hosts specified
Listen 0.0.0.0:34597
<VirtualHost 0.0.0.0:34597>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# SSL Directives
SSLEngine on
KeepAliveTimeout 180
# NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/soapserver$ http://127.0.0.1:34598/cgi-bin/soapserver.cgi [P]
<Location /soapserver>
order allow,deny
allow from all
deny from none
</Location>
# NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
RewriteRule ^/np-view http://127.0.0.1:34599/np-view/ [P]
<Location /np-view>
order allow,deny
allow from all
deny from none
</Location>
</VirtualHost>
# First, we configure the "default" to be a very restrictive set of
# permissions.
<Directory />
Options None
AllowOverride None
order deny,allow
deny from all
allow from none
</Directory>
# Server resources access configuration
<Directory /home/e-smith/files/server -resources >
Options +Indexes
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Directory>
<Directory /home/e-smith/files/ibays/ Primary/ht ml>
order allow,deny
allow from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#------------------------- ---------- ---------- ---------- -----
# icons directory
#------------------------- ---------- ---------- ---------- -----
<Directory /var/www/icons>
Options Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
</Directory>
ScriptAlias /certmanagement /etc/e-smith/web/unpriv/ce rts/certma nagement
<Location /certmanagement>
order deny,allow
allow from all
</Location>
<Directory "/etc/e-smith/web/unpriv/c erts">
Options ExecCGI
AllowOverride None
order deny,allow
allow from all
</Directory>
<Directory "/etc/e-smith/web/unpriv/c erts/*">
order deny,allow
deny from all
</Directory>
<Directory /home/e-smith/files/ibays/ Primary/ht ml>
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-so urce .phps
php_admin_value open_basedir /home/e-smith/files/ibays/ Primary/
</Directory>
Alias /wpad.dat /etc/httpd/conf/proxy/prox y.pac
<Location /wpad.dat>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
Alias /proxy.pac /etc/httpd/conf/proxy/prox y.pac
<Location /proxy.pac>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
ProxyPassReverse /npm-admin/ http://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ http://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-pwg/ http://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ http://127.0.0.1:8080/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1:8080/npm-pwg/
# Create link to the directory that holds the webpage and perl script
# files that support the NuPoint Tab in Microsoft Office Communicator 2005
ScriptAlias /npm-commtab/tab.xml /usr/local/vm/web/npmcommt ab/buildta bxml.cgi
ScriptAlias /npm-commtab/Setcommtab.re g /usr/local/vm/web/npmcommt ab/buildTa bsRegFile. cgi
Alias /npm-commtab/ /usr/local/vm/web/npmcommt ab/
Alias /npm-commtab /usr/local/vm/web/npmcommt ab
<Directory /usr/local/vm/web/npmcommt ab>
# Options Indexes
# AllowOverride None
order deny,allow
deny from none
allow from all
</Directory>
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.
HostnameLookups off
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin admin@blabla.domain.com
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /etc/httpd
ServerTokens ProductOnly
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!
User www
Group www
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/httpd/error_log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.
LoadModule env_module modules/mod_env.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule include_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule external_auth_module modules/mod_auth_external.
LoadModule php4_module modules/libphp4.so
# modPerl disabled
LoadModule ssl_module modules/mod_ssl.so
LoadModule ipenv_module modules/mod_ipenv.so
AddExternalAuth pwauth /usr/lib/httpd/modules/pwa
SetExternalAuthMethod pwauth pipe
Listen 0.0.0.0:80
##########################
## SSL Global Context Configuration
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts
## (unless overridden by virtual hosts)
##
<IfModule mod_ssl.c>
Listen 0.0.0.0:443
SSLEngine off
SSLCertificateFile /home/e-smith/ssl.crt/host
SSLCertificateKeyFile /home/e-smith/ssl.key/host
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LO
SSLPassPhraseDialog builtin
SSLSessionCache dbm:state/ssl_scache
SSLSessionCacheTimeout 300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLMutex file:state/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
#SSLLogLevel info
SSLProtocol -ALL +SSLv3 +TLSv1
</IfModule>
#
# END OF SSL GLOBAL CONTEXT CONFIGURATION
##########################
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEP
# USE_FLOCK_SERIALIZED_ACCEP
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /var/lock/httpd.lock
# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/httpd.scoreboard
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName off
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_virtual
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
# CustomLog logs/access_log common
CustomLog /var/log/httpd/access_log combined_virtual
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access_log combined
FileETag MTime Size
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
MaxRequestsPerChild 100
# Proxy Server directives. Uncomment the following line to
# enable the proxy server:
#ProxyRequests On
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
ServerName www.blabla.domain.com
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 8
MaxSpareServers 20
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 10
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
DirectoryIndex index.htm index.html index.shtml index.cgi
DirectoryIndex index.htm index.html index.shtml index.cgi index.php index.php3 index.phtml
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /home/e-smith/files/ibays/
IndexOptions FancyIndexing VersionSort NameWidth=*
# AddIcon tells the server which icon to show for different files or filename
# extensions
AddIconByEncoding (CMP,/icons/compressed.gif
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.
DefaultType text/plain
# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
TypesConfig /etc/mime.types
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
AddEncoding x-compress Z
AddEncoding x-gzip gz
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
<IfModule mod_php4.c>
AddIcon /icons/php4.gif .php3 .php4 .php .phtml
AddIcon /icons/phps.gif .phps
</IfModule>
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand. Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.
LanguagePriority en fr de
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1
# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-s
# The following is for PHP/FI (PHP2):
#AddType application/x-httpd-php .phtml
# Fix up default type for .exe files.
AddType application/octet-stream .exe
# Add type for Netscape proxy autoconfiguration
AddType application/x-ns-proxy-aut
AddType image/png .png
# Fix up default type for .rpm files.
AddType application/octet-stream .rpm
# To use server-parsed HTML files
AddType text/html .shtml
AddType image/svg+xml .svg
AddType application/xml .xsl
AddType application/x-pkcs7-crl .crl
AddType application/x-x509-ca-cert
# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
SetEnvIP "conf/msl_access_from_loca
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1
# To use CGI scripts:
AddHandler cgi-script .cgi
AddHandler server-parsed .shtml
# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
NameVirtualHost 0.0.0.0:80
NameVirtualHost 0.0.0.0:443
NameVirtualHost 0.0.0.0:34597
<VirtualHost 0.0.0.0:80>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# skipping SSL directives
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# Skipping NuPoint View SOAP interface URL Rewriting.
# NuPoint Call Directory URL Rewriting (Port 80)
RewriteEngine on
RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/show
RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/show
RewriteRule ^/npm-admin/login\.html$ https://%{HTTP_HOST}/npm-admin/show
RewriteRule ^/npm-admin/login\.do$ https://%{HTTP_HOST}/npm-admin/logi
RewriteRule ^/npm-admin/(.*)$ https://%{HTTP_HOST}/npm-admin/$1 [R]
# blabla.domain.com
# NuPoint Personal Web GUI URL Rewriting (Port 80)
RewriteEngine on
RewriteRule ^/index\.html$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/login\.html$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/npm-pwg/(.*)\.wav$ http://127.0.0.1:8080/npm-pwg/$1.wav [P]
RewriteRule ^/npm-pwg/(.*)\.tiff$ http://127.0.0.1:8080/npm-pwg/$1.tiff [P]
RewriteRule ^/npm-pwg/extendedUmPlayMe
RewriteRule ^/npm-pwg/(.*)$ https://%{HTTP_HOST}/npm-pwg/$1 [R]
RewriteRule ^/server-manager(/.*|$) https://%{HTTP_HOST}/server-manager
<Location /server-manager>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/server-common(/.*|$) https://%{HTTP_HOST}/server-common$
<Location /server-common>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/user-password(/.*|$) https://%{HTTP_HOST}/user-password$
<Location /user-password>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
RewriteRule ^/wizardproxy(/.*|$) https://%{HTTP_HOST}/wizardproxy$1 [L,R]
<Location /wizardproxy>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
# alias for Apache icons
Alias /icons/ /var/www/icons/
# Alias for server resources
Alias /server-resources/ /home/e-smith/files/server
<Location /axis2/services/ss>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ma>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ap>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location axis2/services/MobileCallC
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/
<Location /mobile>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
RewriteCond %{HTTP_HOST} ^host.*
RewriteRule ^(.*)/mobile/user/(.*)$ https://host.blabla.domain.com/mobile/user/$2
RewriteCond %{HTTP_HOST} ^10.39.180.221$
RewriteRule ^(.*)/mobile/user/(.*)$ https://10.39.180.221/mobile/user/$2
RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/
RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$) https://host.blabla.domain.com/portal$1 [L,R]
<Location /portal>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
#Redirect http access to /usp to https
RewriteRule ^/usp(/.*|$) https://%{HTTP_HOST}/usp$1 [L,R]
#Access restrictions to /usp are the same as /server-manager
<Location /usp>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
</VirtualHost>
<VirtualHost 0.0.0.0:443>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# SSL Directives
SSLEngine on
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# NuPoint View SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
# NuPoint Call Directory URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/show
RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/show
RewriteRule ^/npm-admin/showLoginPage\
RewriteRule ^/npm-admin/forceRedirectL
RewriteRule ^/npm-admin/login\.do$ http://127.0.0.1:8080/npm-admin/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI
RewriteRule ^/npm-admin/(.*) http://127.0.0.1:8080/npm-admin/$1 [P]
# NuPoint Personal Web GUI URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/index\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/login\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/npm-pwg/$ https://%{HTTP_HOST}/npm-pwg/loginF
RewriteRule ^/npm-pwg/loginForm\.jsp(.
RewriteRule ^/npm-pwg/login.do(.*)$ http://127.0.0.1:8080/npm-pwg/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI
RewriteRule ^/npm-pwg/cmmm.ajax(.*)$ http://127.0.0.1:8080/npm-pwg/cmmm.ajax?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRI
RewriteRule ^/npm-pwg/(.*)$ http://127.0.0.1:8080/npm-pwg/$1 [P]
ProxyPass /server-manager http://127.0.0.1:980/server-manager
ProxyPassReverse /server-manager http://127.0.0.1:980/server-manager
<Location /server-manager>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
ProxyPass /server-common http://127.0.0.1:980/server-common
ProxyPassReverse /server-common http://127.0.0.1:980/server-common
<Location /server-common>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
ProxyPass /user-password http://127.0.0.1:980/user-password
ProxyPassReverse /user-password http://127.0.0.1:980/user-password
<Location /user-password>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
<Location /npm-admin>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
<Location /npm-pwg>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
ProxyPass /wizardproxy http://127.0.0.1:980/wizardproxy
<Location /wizardproxy>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
# alias for Apache icons
Alias /icons/ /var/www/icons/
# Alias for server resources
Alias /server-resources/ /home/e-smith/files/server
<Location /axis2/services/ss>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ma>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location /axis2/services/ap>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
<Location axis2/services/MobileCallC
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/
<Location /mobile>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/
RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$) https://host.blabla.domain.com/portal$1 [L,R]
<Location /portal>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
#Redirect https access to /usp to httpd-admin server
ProxyPass /usp http://127.0.0.1:980/usp
ProxyPassReverse /usp http://127.0.0.1:980/usp
#Access restrictions to /usp are the same as /server-manager
<Location /usp>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Location>
</VirtualHost>
# No remote administration hosts specified
Listen 0.0.0.0:34597
<VirtualHost 0.0.0.0:34597>
ServerName blabla.domain.com
ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com
# SSL Directives
SSLEngine on
KeepAliveTimeout 180
# NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/soapserver$ http://127.0.0.1:34598/cgi-bin/soapserver.cgi [P]
<Location /soapserver>
order allow,deny
allow from all
deny from none
</Location>
# NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
RewriteEngine on
RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
RewriteRule ^/np-view http://127.0.0.1:34599/np-view/ [P]
<Location /np-view>
order allow,deny
allow from all
deny from none
</Location>
</VirtualHost>
# First, we configure the "default" to be a very restrictive set of
# permissions.
<Directory />
Options None
AllowOverride None
order deny,allow
deny from all
allow from none
</Directory>
# Server resources access configuration
<Directory /home/e-smith/files/server
Options +Indexes
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Directory>
<Directory /home/e-smith/files/ibays/
order allow,deny
allow from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#-------------------------
# icons directory
#-------------------------
<Directory /var/www/icons>
Options Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
</Directory>
ScriptAlias /certmanagement /etc/e-smith/web/unpriv/ce
<Location /certmanagement>
order deny,allow
allow from all
</Location>
<Directory "/etc/e-smith/web/unpriv/c
Options ExecCGI
AllowOverride None
order deny,allow
allow from all
</Directory>
<Directory "/etc/e-smith/web/unpriv/c
order deny,allow
deny from all
</Directory>
<Directory /home/e-smith/files/ibays/
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-so
php_admin_value open_basedir /home/e-smith/files/ibays/
</Directory>
Alias /wpad.dat /etc/httpd/conf/proxy/prox
<Location /wpad.dat>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
Alias /proxy.pac /etc/httpd/conf/proxy/prox
<Location /proxy.pac>
order deny,allow
deny from all
allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
ProxyPassReverse /npm-admin/ http://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ http://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-pwg/ http://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ http://127.0.0.1:8080/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1:8080/npm-pwg/
# Create link to the directory that holds the webpage and perl script
# files that support the NuPoint Tab in Microsoft Office Communicator 2005
ScriptAlias /npm-commtab/tab.xml /usr/local/vm/web/npmcommt
ScriptAlias /npm-commtab/Setcommtab.re
Alias /npm-commtab/ /usr/local/vm/web/npmcommt
Alias /npm-commtab /usr/local/vm/web/npmcommt
<Directory /usr/local/vm/web/npmcommt
# Options Indexes
# AllowOverride None
order deny,allow
deny from none
allow from all
</Directory>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is an extract from the trace using FQDN then using IP address:
It creates another session Id
ttps://host.blabla.domain. com/portal /portal/ch angePasswo rd.psml
GET /portal/portal/changePassw ord.psml HTTP/1.1
Host: zev.maslab.mitel.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm l+xml,appl ication/xm l;q=0.9,*/ *;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://zev.maslab.mitel.com/portal/login/redirector
Cookie: __utma=236828317.206761538 3.12269442 32.1230066 680.123272 3512.7; __utmz=236828317.122996053 4.5.2.utmc sr=google| utmccn=(or ganic)|utm cmd=organi c|utmctr=t eleworker% 20; auth_probe=1; JSESSIONID=3CB4F200E63A661 4659E53333 0776624
########################## #########
https://66.39.180.11/portal/portal/changePassword.psml
GET /portal/portal/changePassw ord.psml HTTP/1.1
Host: 10.39.180.221
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm l+xml,appl ication/xm l;q=0.9,*/ *;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZGY3OGI3MDhhZWJkZ jkzNjAyZmF jMDdiYjliM TJlMzk0OTl jMmVkM2Fkb WluISExMjM 0OTY4MTI5O jEyNy4wLjA uMQ==; JSESSIONID=4C1774A3E3E2BC9 6B26862762 0ADDCF2
It creates another session Id
ttps://host.blabla.domain.
GET /portal/portal/changePassw
Host: zev.maslab.mitel.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Referer: https://zev.maslab.mitel.com/portal/login/redirector
Cookie: __utma=236828317.206761538
##########################
https://66.39.180.11/portal/portal/changePassword.psml
GET /portal/portal/changePassw
Host: 10.39.180.221
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtm
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZGY3OGI3MDhhZWJkZ