Appache Reverse Proxy 404 Errors

Posted on 2011-02-22
Last Modified: 2012-05-11
We are trying to get the reverse functionality of an apache proxy working on a windows server.  I can reverese proxy to the actuall apache box w/o issue.  However, we are trying to refer to an internal web server.  What happens is that the request seems to hit the internal server (the address bar in the browser changes adding a directory and file to the back of the URL, as it would if you were inside the network).  However, the page returned is a 404 (browser 404 page).  If we look at the access logs it shows the get requrest and the back part of the URL but not the host/domain name.  When we look at the error log, it shows an error trying to retrieve the the file, showing the place it is trying to get the file is from the root of the proxy not the internal server.  Wondering if someone could help.

Sample from Access Log:
x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /Client/ HTTP/1.1" 304 -
x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /login/page HTTP/1.1" 403 215
x.x.x.x - - [22/Feb/2011:14:26:38 -0700] "GET /login/page HTTP/1.1" 404 211

Sample from Error Log:
[Tue Feb 22 14:26:38 2011] [client x.x.x.x] File does not exist: C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/login

Most Relevant Part of httpd.conf
ProxyRequests off
ProxyPass /Client/ http://ServerInternal/Client/
ProxyPassReverse /Client/ http://ServerInternal/Client/

Thank You.
Question by:jtmoske
  • 4
  • 4
LVL 27

Expert Comment

ID: 34960783
>>x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /login/page HTTP/1.1" 403 215

Comes from the client (browser) and gets lost because it does not start with /Client

The proxypass directive assumes that all URLs starting /client are to be passed forward as /Client to ServerInternal using the http protocol. Whereas

x.x.x.x - - [22/Feb/2011:14:25:09 -0700] "GET /Client/ HTTP/1.1" 304

had the right URL prefix and returned a Not Modified.

Author Comment

ID: 34960933
Thank you BigRat.  Little more help for my understanding.  
When the url is passed to the internal server as is th case in the first line of the sample access log.
The internal server "changes" the page and sends back the /login/page to the origiating browser.  The two get requests in the sample config are not requests that are not typed in the origionating browser by a user they are returned to the browser from the internal server then perhaps requesting again and faling due to the lack of the /client/?

Author Comment

ID: 34960976
Is there a way document root change or some url rewrite would help?
LVL 27

Expert Comment

ID: 34961079
>>The internal server "changes" the page and sends back the /login/page to the origiating browser.  

The proxy Server (in this case Apache) changes the incomming URL and passes it onwards to the other (in this case internal) server. This then replies with some data, which is passed back by Apache to the browser.

The proxy pass reverse directive is there for when the internal server does a redirect. A redirect can lave a location field and this would naturally contain an internal name or address. The reverse changes this to the (in this case Apache) proxy server.

The proxy directive / would pass ALL URLs unchanged to the internal server. This can be dangerous, as all URLs might not be secure. So one uses a portion of the URL, eg: /client. Ideally the external URL should NOT differ from the internal URL. The reason is links in the HTML page can be relative (thats OK) or absolute (that causes problems).

The browser should see no change in the URL, nor should the URL actually change. The proxying should be transparent. The internal server's name and I/P address should be unknown from the outside - that's the point about proxying.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 27

Expert Comment

ID: 34961118
>>Is there a way document root change or some url rewrite would help

It seems to me that the /Client condition is inappropiate. can you explain just exactly what you are doing?

Author Comment

ID: 34961170
We are setting up a reverse proxy to allow access to an internal server running a web based application (a shoretel web client).  The /client is the parameter that they say is required in their documentation for proxypass and proxypassreverse.  I am going to run a test to an internal site that is a static web page to confirm the simplest setup is working.
LVL 27

Accepted Solution

BigRat earned 250 total points
ID: 34961237
>>The /client is the parameter that they say is required in their documentation for proxypass and proxypassreverse

The way you have configured it, all URLs MUST start with /Client. I suspect that all incomming URLs must be EXTENDED with /Client which would mean :-

ProxyPass    /    http://ServerInternal/Client/

Author Comment

ID: 34961247
I will test that and follow up.
Thank you.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Introduction This article is intended for those who are new to PHP error handling (  It addresses one of the most common problems that plague beginning PHP develop…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now