Apache 2.x and mod_proxy produce redirect loop if user is not authenticated

Question

I have an application with spring security. I case the user is not authenticated he is redirected to bo/login page.

The problem is that the way i setup the apache web server in front of the tomcat i produce infinite redirection loop:

<VirtualHost *:80>
       ServerName dev.bo.MYDOMAIN.com
       ProxyPass / ajp://localhost:20009/bo/
       ProxyPassReverse / ajp://localhost:20009/bo/
       ProxyPassReverseCookiePath /bo/ /
</VirtualHost>

Does anyone knows how can i prevent the loop in case the user is not authenticated?

score 0 · Answer 1 · answered Jun 04 '18 at 18:21

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName dev.bo.MYDOMAIN.com
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
  ProxyPass / ajp://localhost:20009/bo/
  ProxyPassReverse / ajp://localhost:20009/bo/
</VirtualHost>

Try the above config

score -1 · Accepted Answer · answered Nov 23 '13 at 12:06

Finally i found the problem. I had to proxy also the 'bo' path:

<VirtualHost *:80>
   ServerName dev.bo.MYDOMAIN.com
   ProxyPass / ajp://localhost:20009/bo/
   ProxyPassReverse / ajp://localhost:20009/bo/
   ProxyPass /bo ajp://localhost:20009/bo/
   ProxyPassReverse /bo ajp://localhost:20009/bo/
   ProxyPassReverseCookiePath /bo/ /
</VirtualHost>

score -3 · Answer 3 · answered Nov 22 '13 at 21:35

-3

Why use mod_jk and mod_proxy? You should just be able to do

ProxyPass / http://localhost:20009/bo/
ProxyPassReverse / http://localhost:20009/bo/

At least you save yourself the protocol switch.

answered Nov 22 '13 at 21:35

hubbardr

3,153
1
21
27

why not? ajp protocol has may goodies. BTW this has nothing to do with my question. – mspapant Nov 23 '13 at 12:05

Apache 2.x and mod_proxy produce redirect loop if user is not authenticated

3 Answers3