Reverse proxy for wildcard domains - apache linux

Question

I am trying to setup reverse proxy for wildcard domain, but my configuration don't simply work after I login to the application.

This server is running Apache aka httpd service with port 80, 443 on this server.

frafahadooappd5.de.cd.com

Domain is mapped to some other IP address like below,

 [dladmin@frasasdlappd2 ~]$ nslookup *.dev.cdsw.abc.intranet.cd.com --> wildcard webdomain
Server:         10.255.252.1
Address:        10.255.252.1#53

Non-authoritative answer:
*.dev.cdsw.abc.intranet.cd.com  canonical name = sdl-cdsw-dev.de.cd.com.
sdl-cdsw-dev.de.db.com  canonical name = frasasdlappd2.de.cd.com.
Name:   frasasdlappd2.de.cd.com
Address: 10.198.2.52

[dladmin@frasasdlappd2 ~]$ nslookup sdl-cdsw-dev.de.cd.com --> working like a variable as wildcard cant be directly mapped to normal
Server:         10.255.252.1
Address:        10.255.252.1#53

Non-authoritative answer:
sdl-cdsw-dev.de.cd.com  canonical name = frasasdlappd2.de.cd.com.
Name:   frasasdlappd2.de.cd.com
Address: 10.198.2.52

And, my configuration goes here like this,

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName frafahadooappd5.de.cd.com:443
                ServerAlias *.dev.cdsw.intranet.cd.com


        AllowEncodedSlashes on
        #Options +Indexes +SymLinksIfOwnerMatch +FollowSymLinks
        #DirectoryIndex index.php index.html

        SSLEngine on
        SSLCertificateFile /opt/testlab/pki/publicCertificates/host_crt.pem
        SSLCertificateKeyFile /opt/testlab/pki/keystore/host_key.pem
        SSLCertificateChainFile /opt/testlab/pki/publicCertificates/chain_crt.pem
        SSLProxyEngine On

        ProxyPass /  https://dev.cdsw.abc.intranet.cd.com/
        ProxyPassReverse / https://dev.cdsw.abc.intranet.cd.com/
        ProxyPassReverseCookieDomain frafahadooappd3.de.cd.com frafahadooappd5.de.cd.com


                    RewriteEngine on
                        RewriteCond %{HTTPS_HOST} ^frafahadooappd5\.de\.cd\.com$
                        RewriteRule ^(.*)$                   "https\:\/\/frafahadooappd5\.de\.cd\.com\/$1" [R=301,L]

</VirtualHost>

When I navigate to the Reverse proxy URL,

Reverse proxy URL : https://frafahadooappd5.de.cd.com/ -> Application login page lands up with the proxied URL, even after the login to the application as expected, but there is a field named like projects inside the application webpage, when I tap on that, it goes to the application URL (https://dev.cdsw.abc.intranet.cd.com/login?next=%2Fvijay%2Ftest-dev), which is not supposed to be the case rather than restricting itself to the reverse proxy URL.

Not sure, this rewrite condition is correct. Since this request is peculiar, I have furnished all the details. Please help me out with this.

possible duplicate of [https://serverfault.com/questions/864841/apache-reverse-proxy-wildcard-directory-rerouting-htaccess](https://serverfault.com/questions/864841/apache-reverse-proxy-wildcard-directory-rerouting-htaccess) or [https://serverfault.com/questions/433125/how-to-direct-reverse-proxy-requests-using-wildcard-vhosts](https://serverfault.com/questions/433125/how-to-direct-reverse-proxy-requests-using-wildcard-vhosts) — Colt, Dec 28 '17 at 16:05
Sorry @Colt I don't think so, my post is duplicate, I am using Linux httpd configuration file, not using anything like .htaccess nor Ubuntu, I am using RHEL 7. My case is a reverse proxy one, not matching to either of the links. — Vijay, Dec 28 '17 at 16:10
Are you expecting the proxy to change the URLs on the page... — Jacob Evans, Dec 28 '17 at 21:24
@Jacob yes, if user hits the reverse proxy URL, the request should go to the application URL also, the application URL shouldn't be exposed to the user, it should remain in reverse proxy URL itself pretending that reverse proxy URL is serving the request. Above told works fine initially, but some of the links after the login gets diverted to the random page, and exposes the application link and logs out, which should not be the case. I think this could be handled by rewriting condition but not sure whether the rewrite condition is correct or not. — Vijay, Dec 28 '17 at 21:50
Are those links using `HOST` header variables...or static values....sounds like a code problem — Jacob Evans, Dec 28 '17 at 21:53
@Jacob this is the application link origin - https://dev.cdsw.abc.intranet.cd.com/ this doesn't have any header to it in the URL, barely expands like below, https://dev.cdsw.abc.intranet.cd.com/login, https://dev.cdsw.abc.intranet.cd.com/administration, https://dev.cdsw.abc.intranet.cd.com/options based on the links the user clicks post the login. — Vijay, Dec 28 '17 at 22:08
@Jacob I am trying to hide this application link with the reverse proxy URL below, https://frafahadooappd5.de.cd.com/ — Vijay, Dec 28 '17 at 22:10

Jacob Evans · Answer 1 · 2017-12-30T04:20:02.267

0

It looks like you are expecting rewrite module to replace content, rewrite module changes http requests, it does not change content.

You can try and use substitute module, or reconfigure the application to dynamically assign links/assets with the host header or use relative links only.

Try something like...

AddOutputFilterByType SUBSTITUTE text/html
substitute "s|frafahadooappd5.de.cd.com|%{HTTPS_HOST}|inq"

edited Dec 30 '17 at 04:20

answered Dec 28 '17 at 22:15

Jacob Evans

7,636
3
25
55

Reverse proxy for wildcard domains - apache linux

1 Answers1