0

While trying to set-up apache as the Reverse Proxy, I see that I get incorrect location in the Response Headers ( Location is sent as "/" whereas it should be "backend/auth/api/token" )

I have set up my apache server as follows (relevant section pasted). What am I doing wrong here?

ProxyPreserveHost On


ProxyPass       /auth/  https://backend:8443/auth/
ProxyPass       /api/  https://backend:8443/endpoint/api/
ProxyPass       /legacy/api/  https://backend:8443/endpoint/legacy/api/

ProxyPassReverse       /auth/  https://backend:8443/auth/
ProxyPassReverse       /api/  https://backend:8443/endpoint/api/
ProxyPassReverse       /endpoint/api/  https://backend:8443/endpoint/api/
ProxyPassReverse       /endpoint/legacy/api/  https://backend:8443/endpoint/legacy/api/
ProxyPassReverse       /legacy/api  https://backend:8443/endpoint/legacy/api

RequestHeader set Host frontend

ProxyPassReverseCookieDomain  backend  frontend
ProxyPassReverseCookiePath https://frontend:8443  https://backend:8443

RequestHeader set X-Forwarded-Proto: "https"

Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "Authorization"
Header always set Access-Control-Allow-Methods "GET"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"

Header always set Strict-Transport-Security "max-age=63072000;"
Header set X-Content-Type-Options "nosniff"
Header always append X-Frame-Options "SAMEORIGIN"

I am on CentOS.

enter image description here

userx
  • 101
  • 2

1 Answers1

0

This might be a problem on your endpoint itself. Try checking the Backend server configuration as well as the logic at that endpoint.

SvenTUM
  • 146
  • 5