Saturday, April 9, 2022

[SOLVED] HTTPD ReverseProxy ProxyPass directive ending in wrong Location header

Issue

HTTPD is configure as following:

#redirectder edit Location "(^http[s]?://)([^/]+)" "" port 80 to secure
<VirtualHost *:80>

    ServerName mitestui02.sn.test.net
    #ServerAlias server server2.domain.com server2
    ServerAdmin [email protected]
    ErrorLog /var/log/test/iiq/appserver/apache-error.log
    CustomLog /var/log/test/iiq/appserver/apache-access.log common

    Redirect /identityiq/ https://mitestui02.sn.test.net/identityiq/
    Redirect / https://mitestui02.sn.test.net/identityiq/

</VirtualHost>

#redirect to port 8080 on localhost
<VirtualHost *:443>
    ServerName mitestui02.sn.test.net
    # ServerAlias mitestui02 mitestui02.sn.test.net
    ServerAdmin [email protected]
    SSLProxyEngine On
    SSLEngine On
    #allow only tls
    SSLProtocol -all +TLSv1.2
    SSLHonorCipherOrder on
    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384...
    
    SSLCertificateFile /etc/opt/test/iiq/appserver/secure/ssl/web-iiq.crt
    SSLCertificateKeyFile /etc/opt/test/iiq/appserver/secure/ssl/apache-iiq.key

    Redirect /identityiq/ https://mitestui02.sn.test.net/
    Redirect / https://mitestui02.sn.test.net/identityiq/

    ProxyRequests     Off
    ProxyPreserveHost On

    ProxyPass /identityiq/ http://localhost:8080/identityiq/

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^OPTIONS
    RewriteRule .* - [F]

    <If "%{THE_REQUEST} =~ m#.jsf/?[?\s]#">
        Header add X-UI-Source "mitestui02"
        Header add X-UA-Compatible "IE=edge"
        Header add Referrer-Policy "strict-origin-when-cross-origin"
        Header add Feature-Policy "microphone 'none'; geolocation 'none'; usb 'none'; payment 'none'; document-domain 'none'; camera 'none'; display-capture 'none'; ambient-light-sensor 'none'"
        Header add Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
        Header add Strict-Transport-Security "max-age=63072000; includeSubDomains"
        Header add Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"
        Header add X-Content-Type-Options "nosniff"

        Header always edit Set-Cookie (.*) "$1; Secure; SameSite=Strict"
        Header onsuccess edit Set-Cookie (.*) "$1; Secure; SameSite=Strict"
    </If>
</VirtualHost>

When I connect to the front-end URL, https://mitest.sn.test.net/ I get redirected with a response code 302 and Location header pointing to https://mitestui02.sn.test.net/identityiq/ instead of https://mitest.sn.test.net/identityiq/ .

This doesn't happen when connecting to https://mitest.sn.test.net/identity/ directly.

I have tried with different ProxyPass and ProxyPassReverse directives and also rewriting the Location header, nothing seems to help. Thanks


Solution

So the issue seemed to be related to the Redirect directives. We removed them and added the following for 443:

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301,NE]
    # Redirect / to /identiyiq
    RedirectMatch ^/$ /identityiq

We removed them and added the following for 80:

   Redirect permanent / https://mitestui02.sn.test.net/

Now it is working as expected.



Answered By - Matioski
Answer Checked By - Pedro (WPSolving Volunteer)
at