• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3051
  • Last Modified:

Dynamic proxyName For Tomcat

This is an exrept from my server configuration (Tomcat):

<Connector port="8080"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               redirectPort="8443"
               acceptCount="100"
               connectionTimeout="20000"
               disableUploadTimeout="true"
               address="127.0.0.1"
               scheme="https"
               proxyPort="443"
               proxyName="bla.bla.com"
               secure="true"
               emptySessionPath="true"
               />

When I use links with https://bla.bla.com/index.html  it works fine.
But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.

It only works if I change proxyName=135.20.7.89

Is there a way to make it working for all address schema: i.e.: Ip address, fully qualified name, short name&
0
bachra04
Asked:
bachra04
  • 10
  • 10
1 Solution
 
objectsCommented:
what are u using proxyName?

0
 
bachra04Author Commented:
Sorry I'm not sure I understood your question.
II'm new to web programming
And I'm just changing the behavior of existing application that for some reasons is architectured the way I described earlier.
0
 
objectsCommented:
is tomcat sitting behind apache?
are you using ajp to connect?
if so, whats he apache config?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
objectsCommented:
> But When I use https://135.20.7.89/index.html it does not work while 135.20.7.89 is the real address of bla.bla.com.

how exactlky does it not work?

0
 
bachra04Author Commented:
The above xml config. code refers to the http connector. My understanding is that this connector is used by web  browser to establish connection. The proxyName is a connector attribute used internally in method
ServletRequest.getServerName().
That's my understanding and correct me if I'm wrong.
Apparently the problem happens when there is a dismatch between the address schema entered e.g. Ip addrees/..
and the string that is returned From ServletRequest.getServerName().
Is there a way to Fix this problem ?
0
 
objectsCommented:
the proxyName changes the what getServerName() returns.

Can you answer my q above regards how exactly it is not working. What response do you get from server?

0
 
bachra04Author Commented:
Seems like I can't answer all questions at this stage. Do you guy know how can activated and see the logging info, it may help to understand how things work.

Thanks,

0
 
bachra04Author Commented:
This is a more complete excerpt from server.xml:

<Service name="Catalina">

    <Connector port="8080"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               redirectPort="8443"
               acceptCount="100"
               connectionTimeout="20000"
               disableUploadTimeout="true"
               address="127.0.0.1"
               scheme="https"
               proxyPort="443"
               proxyName="bla.bla.com"
               secure="true"
               emptySessionPath="true"
               />
>
    <!-- Apache JServ Protocol Connector to apache -->
    <Connector port="8009"
               enableLookups="false"
               redirectPort="8443"
               protocol="AJP/1.3"
               tomcatAuthentication="false" />
    <Engine name="Catalina" defaultHost="localhost">
      <Host name="localhost"
            appBase="webapps"
            unpackWARs="false"
            autoDeploy="false"
            xmlValidation="false"
            liveDeploy="false"
            debug="0"
            xmlNamespaceAware="false">

      </Host>
    </Engine>
  </Service>
0
 
objectsCommented:
u still haven't explained the error response you are getting

0
 
bachra04Author Commented:
This is one trace:
https://69.3.2.10/portal/login/redirector

GET /portal/login/redirector HTTP/1.1
Host: 69.3.2.10
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZDdmYzJiYzI4MTE5Y2UwNGE2Y2ZjZTBiN2Q2YWVhMDM0OTk0OWZlZWFkbWluITEyMzQ0NzcwMzg6MTI3LjAuMC4x; JSESSIONID=4BED28916ABD8E793B09C8B9EE28420B

HTTP/1.x 302 Moved Temporarily
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
Location: https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498
Content-Length: 0
Content-Type: text/plain
----------------------------------------------------------
https://host.domainName/portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498

GET /portal/login/j_security_check?j_username=G-50b2a5ea-e821-4a0e-beac-7c57c2f4a498 HTTP/1.1
Host: host.domainName
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=236828317.2067615383.1226944232.1230066680.1232723512.7; __utmz=236828317.1229960534.5.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=teleworker%20; auth_probe=1; auth_tkt=ZmE2OWM3NWViYTIyZjQyMmQ0NmQ2NDk4YmM5YjFhYjI0OTk0OTkwYWFkbWluITEyMzQ0NzUyNzQ6MTI3LjAuMC4x; JSESSIONID=25EB2BD8518EDDD15A6AF041538BB2B7

HTTP/1.x 404 /portal//login/j_security_check
Date: Thu, 12 Feb 2009 22:25:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1043
----------------------------------------------------------
0
 
objectsCommented:
whats the apache config look like?

0
 
bachra04Author Commented:
What file are referring to ?
0
 
objectsCommented:
could be any, its the configuration for that site in your apache config
might be in /etc/apache, depends on the OS

0
 
bachra04Author Commented:
I think the problem comes from how j_security_check works. i.e j_security_check does not allow relative path like aliases.
0
 
objectsCommented:
not sure I follow what you are saying, j_security_check is implemented in tomcat (is it mapped correctly). Is the request getting to tomcat? or is apache not mapping it correctly to tomcat?
0
 
bachra04Author Commented:
I think apache is mapping correctly the fully qualified domain name : fqdn (proxyName field in server.xml) but after that if I use the IP address or the alias instead it does not work.

e.g. https://host.domain.com/login works fine
       https:// host/login or http://60.34.2.1/login fail
0
 
objectsCommented:
I need more details to be able to help. Primarily your apache config and how it is handling request mapping.

0
 
bachra04Author Commented:
# HostnameLookups: Log the names of clients or just their IP numbers
#   e.g.   www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.

HostnameLookups off

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin admin@blabla.domain.com

# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE!  If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.

ServerRoot /etc/httpd

ServerTokens ProductOnly

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  

# User/Group: The name (or #number) of the user/group to run httpd as.
#  On SCO (ODT 3) use User nouser and Group nogroup
#  On HPUX you may not be able to use shared memory as nobody, and the
#  suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group nobody on these systems!

User www
Group www

# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.

ErrorLog /var/log/httpd/error_log

# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.

LogLevel warn

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.


LoadModule env_module modules/mod_env.so
LoadModule log_config_module modules/mod_log_config.so

#LoadModule mime_magic_module  modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule include_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so

#LoadModule speling_module     modules/mod_speling.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule external_auth_module modules/mod_auth_external.so
LoadModule php4_module modules/libphp4.so
# modPerl disabled
LoadModule ssl_module modules/mod_ssl.so

LoadModule ipenv_module modules/mod_ipenv.so
AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth
SetExternalAuthMethod pwauth pipe

Listen 0.0.0.0:80

##########################################################
##  SSL Global Context Configuration
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts
##      (unless overridden by virtual hosts)
##
<IfModule mod_ssl.c>
Listen 0.0.0.0:443

SSLEngine off
SSLCertificateFile /home/e-smith/ssl.crt/host.blabla.domain.com.crt
SSLCertificateKeyFile /home/e-smith/ssl.key/host.blabla.domain.com.key

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:state/ssl_scache

SSLSessionCacheTimeout  300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

SSLMutex  file:state/ssl_mutex

SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin

#SSLLogLevel info

SSLProtocol -ALL +SSLv3 +TLSv1
</IfModule>
#
#      END OF SSL GLOBAL CONTEXT CONFIGURATION
#############################################
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /var/lock/httpd.lock

# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid

# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/httpd.scoreboard

# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.

#CacheNegotiatedDocs

# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name.  With this setting off, Apache will
# use the hostname:port that the client supplied, when possible.  This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName off

# The following directives define some format nicknames for use with
# a CustomLog directive (see below).

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_virtual
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.

# CustomLog logs/access_log common
CustomLog /var/log/httpd/access_log combined_virtual

# If you would like to have an agent and referer logfile uncomment the
# following directives.

#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent

# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.

#CustomLog logs/access_log combined

FileETag MTime Size
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request

KeepAliveTimeout 15

# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...

MaxClients 150

# MaxRequestsPerChild: the number of requests each child process is
#  allowed to process before the child dies.
#  The child will exit so as to avoid problems after prolonged use when
#  Apache (and maybe the libraries it uses) leak.  On most systems, this
#  isn't really needed, but a few (such as Solaris) do have notable leaks
#  in the libraries.

MaxRequestsPerChild 100

# Proxy Server directives. Uncomment the following line to
# enable the proxy server:

#ProxyRequests On

# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.

ServerName www.blabla.domain.com

# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).

# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  These values are probably OK for most sites ---

MinSpareServers 8
MaxSpareServers 20

# Number of servers to start --- should be a reasonable ballpark figure.

StartServers 10

# Timeout: The number of seconds before receives and sends time out

Timeout 300

# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.

DefaultIcon /icons/unknown.gif

# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.

DirectoryIndex index.htm index.html index.shtml index.cgi

DirectoryIndex index.htm index.html index.shtml index.cgi index.php index.php3 index.phtml

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.

DocumentRoot /home/e-smith/files/ibays/Primary/html
IndexOptions FancyIndexing VersionSort NameWidth=*
# AddIcon tells the server which icon to show for different files or filename
# extensions

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

# AccessFileName: The name of the file to look for in each directory
# for access control information.

AccessFileName .htaccess

# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.

DefaultType text/plain

# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.

TypesConfig /etc/mime.types

# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.

AddEncoding x-compress Z
AddEncoding x-gzip gz

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^


<IfModule mod_php4.c>
    AddIcon /icons/php4.gif .php3 .php4 .php .phtml
    AddIcon /icons/phps.gif .phps
</IfModule>


# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.  Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.

LanguagePriority en fr de

# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1

# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# The following is for PHP/FI (PHP2):
#AddType application/x-httpd-php .phtml

# Fix up default type for .exe files.
AddType application/octet-stream .exe
# Add type for Netscape proxy autoconfiguration
AddType application/x-ns-proxy-autoconfig .pac
AddType image/png .png
# Fix up default type for .rpm files.
AddType application/octet-stream .rpm
# To use server-parsed HTML files
AddType text/html .shtml
AddType image/svg+xml       .svg
AddType application/xml .xsl
AddType application/x-pkcs7-crl    .crl

AddType application/x-x509-ca-cert .crt

# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.

BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

SetEnvIP "conf/msl_access_from_local_network" MSL_ACCESS_FROM_LOCAL_NETWORK
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1

# To use CGI scripts:
AddHandler cgi-script .cgi

AddHandler server-parsed .shtml
# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
NameVirtualHost 0.0.0.0:80
NameVirtualHost 0.0.0.0:443
NameVirtualHost 0.0.0.0:34597


<VirtualHost 0.0.0.0:80>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # skipping SSL directives


    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]


    # Skipping NuPoint View SOAP interface URL Rewriting.

    # NuPoint Call Directory URL Rewriting (Port 80)
    RewriteEngine on
    RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/login\.html$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/login\.do$ https://%{HTTP_HOST}/npm-admin/login.do?%{QUERY_STRING} [R]
    RewriteRule ^/npm-admin/(.*)$ https://%{HTTP_HOST}/npm-admin/$1 [R]



    # blabla.domain.com

    # NuPoint Personal Web GUI URL Rewriting (Port 80)
    RewriteEngine on

    RewriteRule ^/index\.html$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/login\.html$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/(.*)\.wav$ http://127.0.0.1:8080/npm-pwg/$1.wav [P]
    RewriteRule ^/npm-pwg/(.*)\.tiff$ http://127.0.0.1:8080/npm-pwg/$1.tiff [P]
    RewriteRule ^/npm-pwg/extendedUmPlayMessage.jsp$ http://127.0.0.1:8080/npm-pwg/extendedUmPlayMessage.jsp [P]
    RewriteRule ^/npm-pwg/(.*)$ https://%{HTTP_HOST}/npm-pwg/$1 [R]


    RewriteRule ^/server-manager(/.*|$)    https://%{HTTP_HOST}/server-manager$1 [L,R]
    <Location /server-manager>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    RewriteRule ^/server-common(/.*|$)    https://%{HTTP_HOST}/server-common$1 [L,R]
    <Location /server-common>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    RewriteRule ^/user-password(/.*|$)    https://%{HTTP_HOST}/user-password$1 [L,R]
    <Location /user-password>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>



    RewriteRule ^/wizardproxy(/.*|$)    https://%{HTTP_HOST}/wizardproxy$1 [L,R]
    <Location /wizardproxy>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>


    # alias for Apache icons
    Alias /icons/ /var/www/icons/

    # Alias for server resources
    Alias /server-resources/ /home/e-smith/files/server-resources/

    <Location /axis2/services/ss>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ma>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ap>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location axis2/services/MobileCallControl>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/

    <Location /mobile>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]
           
RewriteCond %{HTTP_HOST} ^host.*
RewriteRule ^(.*)/mobile/user/(.*)$ https://host.blabla.domain.com/mobile/user/$2

RewriteCond %{HTTP_HOST} ^10.39.180.221$
RewriteRule ^(.*)/mobile/user/(.*)$ https://10.39.180.221/mobile/user/$2

RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/

RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$)    https://host.blabla.domain.com/portal$1 [L,R]

    <Location /portal>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on

RewriteCond %{HTTP_HOST}   !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]



    #Redirect http access to /usp to https
    RewriteRule ^/usp(/.*|$)    https://%{HTTP_HOST}/usp$1 [L,R]
    #Access restrictions to /usp are the same as /server-manager
    <Location /usp>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

</VirtualHost>


<VirtualHost 0.0.0.0:443>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # SSL Directives
    SSLEngine on


    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]



    # NuPoint View SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]



    # NuPoint Call Directory URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/npm-admin$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/$ https://%{HTTP_HOST}/npm-admin/showLoginPage.do [R]
    RewriteRule ^/npm-admin/showLoginPage\.do(.*)$ http://127.0.0.1:8080/npm-admin/showLoginPage.do$1?clientAddress=%{REMOTE_ADDR} [P]
    RewriteRule ^/npm-admin/forceRedirectLogin\.do$ https://host.blabla.domain.com/npm-admin/login.do?doubleEncoded=true&%{QUERY_STRING} [R]
    RewriteRule ^/npm-admin/login\.do$ http://127.0.0.1:8080/npm-admin/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-admin/(.*) http://127.0.0.1:8080/npm-admin/$1 [P]



    # NuPoint Personal Web GUI URL Rewriting (Port 443)
    RewriteEngine on

    RewriteRule ^/index\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp$1 [R]
    RewriteRule ^/login\.html(.*)$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp$1 [R]
    RewriteRule ^/npm-pwg$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/$ https://%{HTTP_HOST}/npm-pwg/loginForm.jsp [R]
    RewriteRule ^/npm-pwg/loginForm\.jsp(.*)$ http://127.0.0.1:8080/npm-pwg/loginForm.jsp$1?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/login.do(.*)$ http://127.0.0.1:8080/npm-pwg/login.do?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/cmmm.ajax(.*)$ http://127.0.0.1:8080/npm-pwg/cmmm.ajax?clientAddress=%{REMOTE_ADDR}&%{QUERY_STRING} [P]
    RewriteRule ^/npm-pwg/(.*)$ http://127.0.0.1:8080/npm-pwg/$1 [P]


    ProxyPass /server-manager http://127.0.0.1:980/server-manager
    ProxyPassReverse /server-manager http://127.0.0.1:980/server-manager
    <Location /server-manager>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    ProxyPass /server-common http://127.0.0.1:980/server-common
    ProxyPassReverse /server-common http://127.0.0.1:980/server-common
    <Location /server-common>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>
    ProxyPass /user-password http://127.0.0.1:980/user-password
    ProxyPassReverse /user-password http://127.0.0.1:980/user-password
    <Location /user-password>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

    <Location /npm-admin>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

    <Location /npm-pwg>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

    ProxyPass /wizardproxy http://127.0.0.1:980/wizardproxy
    <Location /wizardproxy>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>


    # alias for Apache icons
    Alias /icons/ /var/www/icons/

    # Alias for server resources
    Alias /server-resources/ /home/e-smith/files/server-resources/

    <Location /axis2/services/ss>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ma>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location /axis2/services/ap>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
    <Location axis2/services/MobileCallControl>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>
RewriteRule ^/axis2/(.*)\$ http://%{HTTP_HOST}/axis2/\$1 [R]
ProxyPass /axis2/ http://localhost:8080/axis2/
ProxyPassReverse /axis2/ http://localhost:8080/axis2/

    <Location /mobile>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on
# Rewrite incomplete urls from the user
RewriteRule ^(.*)/mobile(/)?$ $1/mobile/user/ [R]
RewriteRule ^(.*)/mobile(/user)?$ $1/mobile/user/ [R]

RewriteRule ^/mobile/(.*)$ http://localhost:8080/mobile/$1 [P,L]
# ProxyPass /mobile/ http://localhost:8080/mobile/

RewriteCond %{HTTPS} ^off
#Redirect http access to /portal to https
RewriteRule ^/portal(/.*|$)    https://host.blabla.domain.com/portal$1 [L,R]

    <Location /portal>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
    </Location>

RewriteEngine on

RewriteCond %{HTTP_HOST}   !^host.blabla.domain.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^.*portal/*(.*)$ https://host.blabla.domain.com/portal/$1 [R]
RewriteRule ^.*portal.*(Help.*)$ http://127.0.0.1:8080/portal/$1 [P,L]
RewriteRule ^.*Portlet.*$ http://127.0.0.1:8080/$0 [P,L]
RewriteRule ^/*portal(.*)$ http://127.0.0.1:8080/portal/$1 [P,L]



    #Redirect https access to /usp to httpd-admin server
    ProxyPass /usp http://127.0.0.1:980/usp
    ProxyPassReverse /usp http://127.0.0.1:980/usp
    #Access restrictions to /usp are the same as /server-manager
    <Location /usp>
        order deny,allow
        deny from all
        allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
    </Location>

</VirtualHost>


# No remote administration hosts specified



Listen 0.0.0.0:34597

<VirtualHost 0.0.0.0:34597>

    ServerName blabla.domain.com
    ServerAlias ftp.blabla.domain.com mail.blabla.domain.com proxy.blabla.domain.com wpad.blabla.domain.com www.blabla.domain.com host.blabla.domain.com

    # SSL Directives
    SSLEngine on

    KeepAliveTimeout 180

    # NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/soapserver$ http://127.0.0.1:34598/cgi-bin/soapserver.cgi [P]

    <Location /soapserver>
        order allow,deny
        allow from all
        deny from none
    </Location>
    # NuPoint OneNet API SOAP interface URL Rewriting (Port 443)
    RewriteEngine on
    RewriteRule ^/np-view/$ http://127.0.0.1:34599/np-view/ [P]
    RewriteRule ^/np-view http://127.0.0.1:34599/np-view/ [P]

    <Location /np-view>
        order allow,deny
        allow from all
        deny from none
    </Location>
</VirtualHost>



# First, we configure the "default" to be a very restrictive set of
# permissions.  

<Directory />
    Options None
    AllowOverride None
    order deny,allow
    deny from all
    allow from none
</Directory>

# Server resources access configuration

<Directory /home/e-smith/files/server-resources>
    Options +Indexes
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0 0.0.0.0/0.0.0.0
</Directory>


<Directory /home/e-smith/files/ibays/Primary/html>
    order allow,deny
    allow from all
</Directory>

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.

#------------------------------------------------------------
# icons directory
#------------------------------------------------------------

<Directory /var/www/icons>
    Options Indexes
    AllowOverride None
    order deny,allow
    deny from all
    allow from all
</Directory>


ScriptAlias /certmanagement /etc/e-smith/web/unpriv/certs/certmanagement
<Location /certmanagement>
    order deny,allow
    allow from all
</Location>

<Directory "/etc/e-smith/web/unpriv/certs">
    Options ExecCGI
    AllowOverride None
    order deny,allow
    allow from all
</Directory>

<Directory "/etc/e-smith/web/unpriv/certs/*">
    order deny,allow
    deny from all
</Directory>



<Directory /home/e-smith/files/ibays/Primary/html>
    AddType application/x-httpd-php .php .php3 .phtml
    AddType application/x-httpd-php-source .phps
    php_admin_value open_basedir /home/e-smith/files/ibays/Primary/
</Directory>


Alias /wpad.dat /etc/httpd/conf/proxy/proxy.pac
<Location /wpad.dat>
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>
Alias /proxy.pac /etc/httpd/conf/proxy/proxy.pac
<Location /proxy.pac>
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.0.0/255.0.0.0 10.39.180.0/255.255.255.0
</Location>

ProxyPassReverse /npm-admin/ http://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ http://127.0.0.1:8080/npm-admin/

ProxyPassReverse /npm-admin/ https://127.0.0.1/npm-admin/
ProxyPassReverse /npm-admin/ https://127.0.0.1:8080/npm-admin/
ProxyPassReverse /npm-pwg/ http://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ http://127.0.0.1:8080/npm-pwg/

ProxyPassReverse /npm-pwg/ https://127.0.0.1/npm-pwg/
ProxyPassReverse /npm-pwg/ https://127.0.0.1:8080/npm-pwg/

# Create link to the directory that holds the webpage and perl script
# files that support the NuPoint Tab in Microsoft Office Communicator 2005
ScriptAlias /npm-commtab/tab.xml        /usr/local/vm/web/npmcommtab/buildtabxml.cgi
ScriptAlias /npm-commtab/Setcommtab.reg /usr/local/vm/web/npmcommtab/buildTabsRegFile.cgi
Alias /npm-commtab/ /usr/local/vm/web/npmcommtab/
Alias /npm-commtab /usr/local/vm/web/npmcommtab
<Directory /usr/local/vm/web/npmcommtab>
#   Options Indexes
#   AllowOverride None
    order deny,allow
    deny from none
    allow from all
</Directory>

0
 
objectsCommented:
bit of a needle in a hatstack.

try enabling rewrite logging to get a better idea whats going on

seems related to tomcats j_security_check, with the following not mapping correctly
https://host.domainName/portal/login/j_security_check?j_username=.....

Found the following discussion
http://osdir.com/ml/java.roller.user/2003-04/msg00038.html

May be you need another virtual host definition in tomcat

sorry not much more I can help you without playing with the box

0
 
bachra04Author Commented:
This is an extract from the trace using FQDN then using IP address:
It creates another session Id
ttps://host.blabla.domain.com/portal/portal/changePassword.psml

GET /portal/portal/changePassword.psml HTTP/1.1
Host: zev.maslab.mitel.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://zev.maslab.mitel.com/portal/login/redirector
Cookie: __utma=236828317.2067615383.1226944232.1230066680.1232723512.7; __utmz=236828317.1229960534.5.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=teleworker%20; auth_probe=1; JSESSIONID=3CB4F200E63A6614659E533330776624






###################################


https://66.39.180.11/portal/portal/changePassword.psml

GET /portal/portal/changePassword.psml HTTP/1.1
Host: 10.39.180.221
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: auth_probe=1; auth_tkt=ZGY3OGI3MDhhZWJkZjkzNjAyZmFjMDdiYjliMTJlMzk0OTljMmVkM2FkbWluISExMjM0OTY4MTI5OjEyNy4wLjAuMQ==; JSESSIONID=4C1774A3E3E2BC96B268627620ADDCF2
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 10
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now