How to tell Apache httpd 2.4.6 to not proxypass a particular path?

Question

I am using apache to reverse proxy Rundeck. Rundeck has an API accessible at rundeck.dns/api/, as well as a web UI available at rundeck.dns/{long list of other possible paths, such as user,menu,project}.

As part of my reverse proxy, I am connecting to a RedHat SSO server to pass on user headers to rundeck. This is used for connecting to the UI. When accessing the API, I use a previously generated authtoken in my url. Therefore, I need apache to NOT proxy my /api path at all. I have tried multiple configurations, including LocationMatch, with no results. The current configuration that I have allows UI access, but fails with the API, telling me: "We're sorry, Kerberos is not set up. You cannot login." It is worth noting that I have no kerberos configured anywhere, and that this error may not be an a apache one, rather a rundeck or RHSSO issue, but since Rundeck is not configured with any mention of the kerberos, I am assuming I am just making a mistake in apache. My relevant current configuration in my site.conf is:

<Location />
AuthType openid-connect
  require valid-user

RequestHeader set "X-Forwarded-User" %{REMOTE_USER}s

ProxyPass http://{rundeck IP}
ProxyPassReverse http://{rundeck IP}
</Location>

<Location /api>
</Location>

I have tried adding a ! to a new ProxyPass for /api but that cannot be set inside a <Location>. On setting it at the outside the <Location>, I get a "Parameter must be in the form 'key=value'".

Thanks!

Answer 1

I believe it has been said before in many places, still, to make exceptions to proxy just append a ! at the end of the proxypass directive instead of specifying a target:

ProxyPass /path !

PS: Better to not place ProxyPass directives inside Location directives, that tends to complicate things (Location, ProxyPass directices are interpreted in opposite order and proxypass first parameter can already be a location so why complicate it)