0

I have apache load balancing reverse proxy with mod_proxy_ajp running and redirecting to the backend tomcat servers. I have also created a separate virtual host for HTTPS(SSL) along with HTTP virtual hosting. Both the below http://my.domain.net/ and https://my.domain.net/ virtual hosts are accessible and working fine individually.

http ##:

<VirtualHost *:80>
ServerName my.domain.net

ProxyRequests On
ProxyVia On
ProxyPreserveHost On
ProxyErrorOverride On
ProxyStatus On

<Proxy balancer://ClusterDomain>
    Order deny,allow
    Allow from all

BalancerMember ajp://192.168.1.22:8009 route=web1 redirect=web2 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.23:8009 route=web2 redirect=web1 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.21:8009 route=balancer1 status=+H disablereuse=on


  ProxySet lbmethod=byrequests
  ProxySet stickysession=JSESSIONID|jsessionid
</Proxy>

ProxyPass /errors !
ProxyPass /balancer-manager !
ProxyPass / balancer://ClusterDomain/ nofailover=off
ProxyPassReverse / balancer://ClusterDomain/


# Balancer-manager for ajp proxy nodes management
<Location /balancer-manager>
        SetHandler balancer-manager
        Order deny,allow
        Allow from all
</Location>

#Recording virtual host logs
LogLevel Debug
CustomLog /var/log/apache2/my.domain.com-access.log combined
ErrorLog  /var/log/apache2/my.domain.com-error.log

</VirtualHost>

https ## :

NameVirtualHost 123.123.123.123:443
<VirtualHost 123.123.123.123:443>
ServerName my.domain.net

SSLEngine on
SSLProxyEngine On
SSLCertificateFile    /etc/ssl/myapp/server.crt
SSLCertificateKeyFile /etc/ssl/myapp/server.pem

ProxyRequests On
ProxyVia On
ProxyPreserveHost On
ProxyErrorOverride On
ProxyStatus On

<Proxy balancer://ClusterDomain>
    Order deny,allow
    Allow from all

BalancerMember ajp://192.168.1.22:8009 route=web1 redirect=web2 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.23:8009 route=web2 redirect=web1 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.21:8009 route=balancer1 status=+H disablereuse=on


  ProxySet lbmethod=byrequests
  ProxySet stickysession=JSESSIONID|jsessionid
</Proxy>

ProxyPass /errors !
ProxyPass / balancer://ClusterDomain/ nofailover=off
ProxyPassReverse / balancer://ClusterDomain/


 BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

I searched in SF if anybody already asked this question but didn't find. Most of them asked how to redirect completely from http to https but in my case it's a bit different as I want only specific page(s) to be redirected to secured page but it should NOT redirect to https completely when tried with http.

How do I redirect a specific http page(let http://my.domain.net/register) to secured https(https://my.domain.net/register) page in my case based on the above virtual hosting?. Is it possible to do with ajp proxy?. I need both http and https accessible when accessed individually but only specific page should be forcibly redirected to secured page. Could I do this?

Update 1

I am really very bad at understand apache rewrite rules!!!.

As suggested by KM01 I tried rewrite rules.

It's simple ignoring the rules just by redirecting to http page when accessed http://my.domain.net/register even after appending the following rules in the virtual hosting for https redirection.

rewrite rule,

RewriteRule ^/register/$ https://my.domain.net/register [R=301]

(or)

I also tried with Redirect

RedirectMatch ^/register/$ https://my.domain.net/register

Update 2

After trying for a while got some basic thoughts!

I got both rewrite and redirect working!. The key thing was EXCLUDING the page(/register) from proxy redirection which should be redirected to secured https page!.

First Redirect worked this way,

ProxyPass /register !
RedirectMatch /register https://my.domain.net/register
#(or) RedirectMatch permanent /register https://my.domain.net/register

And Rewrite,

Even after excluding /register from proxy didn't work for me. I had to use RewriteEngine on though having rewrite module enabled.

Appending the following worked,

ProxyPass /register !
RewriteEngine on
RewriteRule ^/register/$ https://my.domain.net/register [R=301]

I don't know if this is the right way to do but got it working on KV01's help

Thanks to KV01!!!

user53864
  • 1,653
  • 8
  • 36
  • 66

1 Answers1

1

You can achieve what you are trying to do with a rewrite/redirect. Something like this in your vhost config ought to work (please test in a test server first before rolling to production):

#requires mod_rewrite
RewriteRule ^/register$ https://my.domain.com/register [R=301]

This rules says that redirect only that which starts(^) and ends ($) and in between contains /register. This will not redirect any other path, just this one.

HTH

KM.
  • 1,746
  • 2
  • 18
  • 31
  • I'll try this `rewrite` rule also tell me how to do with `redirect` which I already tried but had no affect. – user53864 Mar 06 '12 at 00:16
  • Replace `RewriteRule` w/ `RedirectMatch` in the above line. For the redirect, you need `mod_alias` installed. – KM. Mar 06 '12 at 00:51
  • I have updated my question!. Please need further help! – user53864 Mar 06 '12 at 09:54
  • Thanks a lot!!!. Look at `Update 2` where I got it working. What do yo u think, which is best to use either `Rewrite` or `Rdirect`? – user53864 Mar 06 '12 at 10:58
  • It is you're pick, really. You're gonna have to maintain it (-; In my setup, we never really got `mod_alias` working like we wanted it to, but `mod_rewrite` worked well for us, so we've stuck with it. So ... your call really. Good luck! – KM. Mar 06 '12 at 16:11