mod_proxy + mod_reqrite results in errors 502 or 502

Question

I have working httpd config (reverse proxy) that forwards requests to proxy:

Listen 443 https

<VirtualHost *:443>
    ServerName  public-dns.example.org
    ServerAlias internal-hostname.internal

    ProxyPreserveHost On

    RewriteEngine On

    #check & block some URLs in target service
    RewriteCond %{REQUEST_URI} ^/service
    RewriteRule /service(/(api(/(([a-zA-Z_-]+)(/|/.*swagger.*)?(\.\.)?)?)?)?)?$ - [F,L]

    <Location "/service/api/">
      ProxyPreserveHost Off
      ProxyErrorOverride Off
    </Location>

    ProxyPass /service/api/ https://services.apps.cloud.example.internal/

    ProxyErrorOverride On

    SSLProxyEngine On
#START - avoid unnecessary checks in internal network - development environment
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
#END - avoid unnecessary checks in internal network - development environment

#START - not relevant part of config (for this question)
    SSLEngine On
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 +TLSv1.2
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder On

    SSLCompression off
    SSLSessionTickets Off
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#END - not relevant part of config (for this question)
</VirtualHost>

I want to enrich the request to upstream server - add one query string parameter, but I have problem even applying rewriteRule and forward it to proxy.

Since the services use another querystring parameters, I found mod_rewrite flag QSA should handle ?/& correctly...

When I add this set of rewrite rules, all rewriteRules attempts fails with the same 502 Proxy error.

According to error_log, it seems like mod_proxy is not forwarding it based on ProxyPass directive defined above.

    #test - adding query parameter to proxy request

    RewriteCond %{REQUEST_URI} ^/service
# attempt 1 failed - match all under the rewriteCond "^/service", add "queryStringParam" and apply flags QSA & P (proxy)
#    RewriteRule ^(.*)$ $1?queryStringParam=example [QSA,P]
# attempt 2 failed - try the same without QSA
#    RewriteRule ^(.*)$ $1 [P]
# attempt 3/4 failed - try absolute url in target url 
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1?queryStringParam=example [QSA,P]
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1 [P]

All attempts failed with proxy error (http 502):

The proxy server received an invalid response from an upstream server. 
The proxy server could not handle the request "GET /services/api/example-service/list/".

Can you point me to the right direction? Thanks

Answer 1

I found that flag P is not working with ProxyPass directive, but instead forwarding to proxy immediatelly. so the target url needs to be url of upstream... ProxyPass directive can be discarded from original config