0

I have a custom server running behind an apache reverse proxy. Since the custom server can only handle HTTP traffic, i am trying to use apache for wrapping proper SSL around it, and for some kind of HTTP authentication.

So i enabled mod_proxy and mod_ssl and modified sites-available/default-ssl. The config is as following:

<Location /server>
    order deny,allow
    allow from all
    AuthType Basic
    AuthName "Please log in"
    AuthUserFile /etc/apache2/htpasswd
    Require valid-user
    ProxyPass http://192.168.1.102:8181/server
    ProxyPassReverse http://192.168.1.102:8181/server
</Location>

The custom server is accessible from the internal network via the location specified in the ProxyPass directive.

However, when the proxy is accessed from the outside, it presents the login prompt, and after successfully authenticated, i get a blank page with the words The resource can be found at http://192.168.1.102:8181/server. When i type the external URL again in an already authenticated browser instance, i am properly redirected to the server frontend.

The access.log is full of entrys stating that my browser does successful GET requests, and the proxy is happily serving the /server ressource. However, the ressource isn't containing the server's frontend, but this blank page with these words on it.

Cristian Ciupitu
  • 6,396
  • 2
  • 42
  • 56
simonszu
  • 373
  • 7
  • 14
  • It seems to have something to do with this: http://serverfault.com/questions/311994/how-to-proxy-context-to-different-backend-context-in-apache I have also a cherrypy application, and investigated the access.log for 303 statuses. – simonszu Oct 26 '13 at 22:16
  • Well, what i didn't realize, and therefore didn't state in the first post: The server usually is redirecting from http://serverip/server to http://serverip/server/home, so the apache is sending a 301 status. So this all is possible to redirect the SSL connection to a insecure connection unknowingly to the user, so this may be the reason, one must confirm the redirect manually... But this does not happen when i disable the user authentication. – simonszu Oct 26 '13 at 22:43
  • Any difference if you add `ProxyPreserveHost On`? – Shane Madden Oct 27 '13 at 07:25
  • Yes. The notification changes to `The resource can be found at http://proxyurl/server/home`. But, still, http. So the proxy is not very transparent... – simonszu Oct 27 '13 at 09:09

1 Answers1

0

After some investigation it was clear to me that only Google Chrome shows this behaviour. Safar and Firefox were redirecting fine. Since i didn't suppose that Google built its browser with such a "feature" and the others didn't, i checked my extensions. And: I had one extension called "HTTPS Everywhere" installed. This was the point. After disabling this extension, everything works as desired.

simonszu
  • 373
  • 7
  • 14