jrd Contributor.
Contributor.

Re: Need help with vhost or reverseproxy setup

On 04/05/2019 13:24, stelgenkamp wrote:
>
> Chipping away at the last defenses ?
> iptabled -L -vn shows it is accepting at all needed ports : 80, 8080,
> 44, 8443, 8009
> I have fiddled around with the settings enabling/disabling port
> redirection
> I have tried changing the ports of the port redirection.
> Anything which could trigger the enabled reverse proxy.
> Nothing.
>
> Then I thought, well I most have broken something with all these
> settings.
> I have reinstalled the entire Appliance.
> Tried again, still nothing.
> in the Configuration Summary:
> Reverse Proxy : Enabled: false
> Could this be a bug in the setup of the Appliance ? I am using version
> 4.0.0.155
> Will send you a copy of the Configuration Summary.
> Thank you so much for your help!
>
>

----------
If you contact me directly (email) then I can provide an old-ish
presentation about the subject which might have a useful hint or two.
Thanks,
Joe D.
jrd@netlab1.net

0 Likes
stelgenkamp Honored Contributor.
Honored Contributor.

Re: Need help with vhost or reverseproxy setup

Dear Joe,
I have found your presentation Hiding Tomcat behind Apache,
and gone through it. I am sure the Filr Application is not working properly.
The apache log on the proxy box is stating :
client denied by server configuration: proxy:ajp://192.168.168.13:8009/ssf/a

Have send you an email with my thoughts on this.
0 Likes
jrd Contributor.
Contributor.

Re: Need help with vhost or reverseproxy setup

On 05/05/2019 12:54, stelgenkamp wrote:
>
> Dear Joe,
> I have found your presentation Hiding Tomcat behind Apache,
> and gone through it. I am sure the Filr Application is not working
> properly.
> The apache log on the proxy box is stating :
> client denied by server configuration:
> proxy:ajp://192.168.168.13:8009/ssf/a
>
> Have send you an email with my thoughts on this.
>
>

----------
For the benefit of other readers, I found the supplied Filr
configuration to be duplicating the Apache proxy setup. That is, in
Filr's configuration the "network" configuration page has a proxy
section and there if one ticks the box to proxy (and thus use its port
mapping) then that conflicts with using an external Apache server doing
the same thing. So, don't let Filr get into the proxy business (don't
check that proxy box).
We shall see how this plays out over the next few days.
Thanks,
Joe D.
0 Likes
stelgenkamp Honored Contributor.
Honored Contributor.

Re: Need help with vhost or reverseproxy setup

I have kept fiddling around, but found it could not be in the Firewall settings of the Appliance.
Because the 403 page Access Denied was from the proxy server.
Then I tried googling the 403 in combination with AJP.
I tried manipulating the conf file and have come up with a version that works :
<Location /filr>
Options +FollowSymLinks
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}/ssf/a [QSA,R]
Order allow,deny
Allow from all
</Location>

<Location /ssf>
Order allow,deny
Allow from all
RewriteEngine On
Rewritecond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/%{REQUEST_URI} [QSA,R]
ProxyPass ajp://192.168.168.13:8009/ssf
ProxyPassReverse ajp://192.168.168.13:8009/ssf
</Location>


So with adding allow,deny it works !
BUT is this ok ? Or am I leaving my system doors wide open ?
I have also seen versions with allow from localhost
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.