?
Solved

Appache Reverse Proxy 404 Errors

Posted on 2011-02-22
8
Medium Priority
?
713 Views
Last Modified: 2012-05-11
We are trying to get the reverse functionality of an apache proxy working on a windows server.  I can reverese proxy to the actuall apache box w/o issue.  However, we are trying to refer to an internal web server.  What happens is that the request seems to hit the internal server (the address bar in the browser changes adding a directory and file to the back of the URL, as it would if you were inside the network).  However, the page returned is a 404 (browser 404 page).  If we look at the access logs it shows the get requrest and the back part of the URL but not the host/domain name.  When we look at the error log, it shows an error trying to retrieve the the file, showing the place it is trying to get the file is from the root of the proxy not the internal server.  Wondering if someone could help.

Sample from Access Log:
x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /Client/ HTTP/1.1" 304 -
x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /login/page HTTP/1.1" 403 215
x.x.x.x - - [22/Feb/2011:14:26:38 -0700] "GET /login/page HTTP/1.1" 404 211

Sample from Error Log:
[Tue Feb 22 14:26:38 2011] [client x.x.x.x] File does not exist: C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/login

Most Relevant Part of httpd.conf
ProxyRequests off
ProxyPass /Client/ http://ServerInternal/Client/
ProxyPassReverse /Client/ http://ServerInternal/Client/

Thank You.
0
Comment
Question by:jtmoske
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:BigRat
ID: 34960783
>>x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /login/page HTTP/1.1" 403 215

Comes from the client (browser) and gets lost because it does not start with /Client

The proxypass directive assumes that all URLs starting /client are to be passed forward as /Client to ServerInternal using the http protocol. Whereas

x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /Client/ HTTP/1.1" 304

had the right URL prefix and returned a Not Modified.
0
 

Author Comment

by:jtmoske
ID: 34960933
Thank you BigRat.  Little more help for my understanding.  
When the url is passed to the internal server as is th case in the first line of the sample access log.
The internal server "changes" the page and sends back the /login/page to the origiating browser.  The two get requests in the sample config are not requests that are not typed in the origionating browser by a user they are returned to the browser from the internal server then perhaps requesting again and faling due to the lack of the /client/?
Thanks.
0
 

Author Comment

by:jtmoske
ID: 34960976
Also,
Is there a way document root change or some url rewrite would help?
Thanks.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 27

Expert Comment

by:BigRat
ID: 34961079
>>The internal server "changes" the page and sends back the /login/page to the origiating browser.  

The proxy Server (in this case Apache) changes the incomming URL and passes it onwards to the other (in this case internal) server. This then replies with some data, which is passed back by Apache to the browser.

The proxy pass reverse directive is there for when the internal server does a redirect. A redirect can lave a location field and this would naturally contain an internal name or address. The reverse changes this to the (in this case Apache) proxy server.

The proxy directive / would pass ALL URLs unchanged to the internal server. This can be dangerous, as all URLs might not be secure. So one uses a portion of the URL, eg: /client. Ideally the external URL should NOT differ from the internal URL. The reason is links in the HTML page can be relative (thats OK) or absolute (that causes problems).

The browser should see no change in the URL, nor should the URL actually change. The proxying should be transparent. The internal server's name and I/P address should be unknown from the outside - that's the point about proxying.
0
 
LVL 27

Expert Comment

by:BigRat
ID: 34961118
>>Is there a way document root change or some url rewrite would help

It seems to me that the /Client condition is inappropiate. can you explain just exactly what you are doing?
0
 

Author Comment

by:jtmoske
ID: 34961170
Sure,
We are setting up a reverse proxy to allow access to an internal server running a web based application (a shoretel web client).  The /client is the parameter that they say is required in their documentation for proxypass and proxypassreverse.  I am going to run a test to an internal site that is a static web page to confirm the simplest setup is working.
Thanks.
0
 
LVL 27

Accepted Solution

by:
BigRat earned 1000 total points
ID: 34961237
>>The /client is the parameter that they say is required in their documentation for proxypass and proxypassreverse

The way you have configured it, all URLs MUST start with /Client. I suspect that all incomming URLs must be EXTENDED with /Client which would mean :-

ProxyPass    /    http://ServerInternal/Client/
0
 

Author Comment

by:jtmoske
ID: 34961247
I will test that and follow up.
Thank you.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question