0

This is the configuration:

<Directory />
    Deny from all
    Allow from localhost
    Order Deny,Allow
    AuthType Basic
    Require valid-user
    AllowOverride None
    Satisfy any
    Options None FollowSymLinks
</Directory>


<Proxy *>
    Deny from all
    Order Deny,Allow
    AuthType Basic
    Require valid-user
    Satisfy any
    Options None FollowSymLinks
</Proxy>

Questions:

1) Why configured Proxy * if already configured Directory /?

2) Should be configured Proxy * or Proxy /

3) Should all attributes (e.g. Deny from all or Allow from localhost) be configured twice (Proxy and Directory) or enough only in one place? If in one place where it should configured: Proxy or Directory?

4) What configuration takes priority Proxy or Directory?

Added Is order of Directory / Proxy in the configuration file is important? For example if I have specific /app related section should it be before or after the root section?

<Directory /app>
    AuthType None 
</Directory>

<Proxy http://localhost:8080/app >
    AuthType None
</Proxy>
Michael
  • 597
  • 3
  • 9
  • 23

1 Answers1

1

Basic explanations:

  • URI is what you see near the top of the browser window. Server sees it in a HTTP GET xxx ... Host: yyy at the beginning of each conversation.
  • Frontend is your apache; generally a server explicitly included into URI, hence contacted by clients (browsers); but frontend only does some intermediary processing of the request, and passes it to other backend server, passes back the result. In your case the intermediary processing seems to be TLS/SSL, and backend is Tomcat.
  • Apache docs say reverse proxy when referring to a frontend. That's a synonym.
  • Browsers don't need to know backend and vice versa.
  • Browser sends one URI, frontend changes the URI, backend sees a different URI.

Now the actual answer to your question is:

  • The <Proxy> matches a backend URI.
  • The <Directory> matches a real local filesystem directory, something that you can cd from the shell.
  • Thus the request that matches <Directory> quite possibly never matches a <Proxy>.

Rest of what you wrote requires either looking into the docs for like a minute, or asking as a separate question on this site.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55
  • Thanks, I have asked the separate question http://serverfault.com/questions/822429/what-should-be-configured-in-ajp-proxy-configuration. Any case I will happy to clarify if I need to configure attributes twice or once. in addition I will happy for one additional clarification that I have added to the question (I can ask in the separate question). – Michael Dec 23 '16 at 11:06