FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Hosting  »  Running a Reverse Proxy in Apache

by 21 comments

In 2003, Nick Kew released a new module that complements Apache'smod_proxy and is essential for reverse-proxying. Since then he getsregular questions and requests for help on proxying with Apache. Inthis article he attempts to give a comprehensive overview of theproxying and mod_proxy_html


This article was originally published at ApacheWeek in January 2004,and moved to ApacheTutor with minor updates in October 2006.

Web Proxies

A proxy server is a gateway for users to the Web at large. Usersconfigure the proxy in their browser settings, and all HTTP requestsare routed via the proxy. Proxies are typically operated by ISPs andnetwork administrators, and serve several purposes: for example,

  • to speed access to the Web by caching pages fetched, so that popular pages don't have to be re-fetched for every user who views them.
  • to enable controlled access to the web for users behind a firewall.
  • to filter or transform web content.

Reverse Proxies

A reverse proxy is a gateway for servers, and enables one web serverto provide content from another transparently. As with a standardproxy, a reverse proxy may serve to improve performance of the web bycaching; this is a simple way to mirror a website. But the most commonreason to run a reverse proxy is to enable controlled access from theWeb at large to servers behind a firewall.

The proxied server may be a webserver itself, or it may be anapplication server using a different protocol, or an applicationserver with just rudimentary HTTP that needs to be shielded fromthe web at large. Since 2004, reverse proxying has been the preferredmethod of deploying JAVA/Tomcat applications on the Web, replacingthe old mod_jk (itself a special-purpose reverse proxy module).

Proxying with Apache

The standard Apache module mod_proxy supports both types of proxyoperation. Under Apache 1.x, mod_proxy only supported HTTP/1.0, butfrom Apache 2.0, it supports HTTP/1.1. This distinction isparticularly important in a proxy, because one of the most significantchanges between the two protocol versions is that HTTP/1.1 introducesrich new cache control mechanisms.

This article deals with running a reverse proxy with Apache 2. Usersof earlier versions of Apache are encouraged to upgrade and takeadvantage of the altogether richer architecture and improvedapplication support. At the time of writing, the reason most commonlycited for not upgrading is difficulties running PHP on Apache 2. Icannot speak from personal experience, but several well-informedsources tell me the difficulty lies with non-thread-safe code in PHP,and that it works well with Apache 2 if it is built with thenon-threaded Prefork MPM.

The Apache Proxy Modules

So far, we have spoken loosely of mod_proxy. However, it's a littlemore complicated than that. In keeping with Apache's modulararchitecture, mod_proxy is itself modular, and a typical proxy serverwill need to enable several modules. Those relevant to proxying andthis article include:

  • mod_proxy: The core module deals with proxy infrastructure and configuration and managing a proxy request.
  • mod_proxy_http: This handles fetching documents with HTTP and HTTPS.
  • mod_proxy_ftp: This handles fetching documents with FTP.
  • mod_proxy_connect: This handles the CONNECT method for secure (SSL) tunneling.
  • mod_proxy_ajp: This handles the AJP protocol for Tomcat and similar backend servers.
  • mod_proxy_balancer implements clustering and load-balancing over multiple backends.
  • mod_cache, mod_disk_cache, mod_mem_cache: These deal with managing a document cache. To enable caching requires mod_cache and one or both of disk_cache and mem_cache.
  • mod_proxy_html: This rewrites HTML links into a proxy's address space.
  • mod_headers: This modifies HTTP request and response headers.
  • mod_deflate: Negotiates compression with clients and backends.

Having mentioned the modules, I'm going to ignore caching for theremainder of this article. You may want to add it if you are concernedabout the load on your network or origin servers, but the details areoutside the scope of this article. I'm also going to ignore allnon-HTTP protocols, and load balancing.

Building Apache for Proxying

With the exception of mod_proxy_html, the above are all included inthe core Apache distribution. They can easily be enabled in the Apachebuild process. For example:

$ ./configure --enable-so --enable-mods-shared="proxy 
proxy_http proxy_ftp proxy_connect headers"
$ make
# make install

Of course, you may want other build options too, and you could just aswell build the modules as static.

If you are adding proxying to an existing installation, you should useapxs instead:

# apxs -c -i [module-name].c
noting that mod_proxy itself is in two source files
(mod_proxy.c and proxy_util.c).

This leaves mod_proxy_html, which is not included in the coredistribution. mod_proxy_html is a third-party module, and requires athird-party library libxml2. At the time of writing, libxml2 isinstalled as standard or packaged for most operating systems. If youdon't have it, you can download it from xmlsoft.org and install ityourself. For the purposes of this article, we'll assume libxml2 isinstalled as /usr/lib/libxml2.so, with headers in/usr/include/libxml2/libxml/.

  1. Check libxml2 is installed. If you have a version older than 2.5.10, then upgrade - there's a bug in earlier versions that can, in some particular cases, severely affect performance.
  2. Download mod_proxy_html.c from http://apache.webthing.com/
  3. Build mod_proxy_html with apxs:
# apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c

A Reverse Proxy Scenario

Company example.com has a website at www.example.com, which has apublic IP address and DNS entry, and can be accessed from anywhereon the Internet.

The company also has a couple of application servers which haveprivate IP addresses and unregistered DNS entries, and are inside thefirewall. The application servers are visible within the network -including the webserver, as "internal1.example.com" and"internal2.example.com", But because they have no public DNS entries,anyone looking at internal1.example.com from outside the companynetwork will get a "no such host" error.

A decision is taken to enable Web access to the application servers.But they should not be exposed to the Internet directly, instead theyshould be integrated with the webserver, so thathttp://www.example.com/app1/any-path-here is mapped internally tohttp://internal1.example.com/any-path-here andhttp://www.example.com/app2/other-path-here is mapped internally tohttp://internal2.example.com/other-path-here. This is a typicalreverse-proxy situation.

Configuring the Proxy

As with any modules, the first thing to do is to load them inhttpd.conf (this is not necessary if we build them statically intoApache).

LoadModule  proxy_module         modules/mod_proxy.so
LoadModule  proxy_http_module    modules/mod_proxy_http.so
#LoadModule proxy_ftp_module     modules/mod_proxy_ftp.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule  headers_module       modules/mod_headers.so
LoadModule  deflate_module       modules/mod_deflate.so
LoadFile    /usr/lib/libxml2.so
LoadModule  proxy_html_module    modules/mod_proxy_html.so

For windows users this is slightly different: you'll need to loadlibxml2.dll rather than libxml2.so, and you'll probably need toload iconv.dll and xlib.dll as prerequisites to libxml2 (youcan download them from zlatkovic.com, the same site thatmaintains windows binaries of libxml2). The LoadFile directive is the same.

Of course, you may not need all the modules. Two that are not requiredin our typical scenario are shown commented out above.

Having loaded the modules, we can now configure the Proxy. But beforedoing so, we have an important security warning:

Do Not set "ProxyRequests On". Setting ProxyRequests On turns yourserver into an Open Proxy. There are 'bots scanning the Web for openproxies. When they find you, they'll start using you to route aroundblocks and filters to access questionable or illegal material. Atworst, they might be able to route email spam through your proxy. Yourlegitimate traffic will be swamped, and you'll find your servergetting blocked by things like family filters.

Of course, you may also want to run a forward proxy withappropriate security measures, but that lies outside the scope of thisarticle. The author runs both forward and reverse proxies on the sameserver (but under different Virtual Hosts).

The fundamental configuration directive to set up a reverse proxy isProxyPass. We use it to set up proxy rules for each of the applicationservers:

ProxyPass       /app1/  http://internal1.example.com/
ProxyPass       /app2/  http://internal2.example.com/

Now as soon as Apache re-reads the configuration (the recommended wayto do this is with "apachectl graceful"), proxy requests will work, sohttp://www.example.com/app1/some-path maps tohttp://internal1.example.com/some-path as required.

However, this is not the whole story. ProxyPass just sends trafficstraight through. So when the application servers generate referencesto themselves (or to other internal addresses), they will be passedstraight through to the outside world, where they won't work.

For example, an HTTP redirection often takes place when a user (orauthor) forgets a trailing slash in a URL. So the response to arequest for http://www.example.com/app1/foo proxies tohttp://internal.example.com/foo which generates a response:

HTTP/1.1 302 Found
Location: http://internal.example.com/foo/
(etc)

But from the outside world, the net effect of this is a "No such host"error. The proxy needs to re-map the Location header to its ownaddress space and return a valid URL

HTTP/1.1 302 Found
Location: http://www.example.com/app1/foo/

The command to enable such rewrites in the HTTP Headers isProxyPassReverse. The Apache documentation suggests the form:

ProxyPassReverse /app1/ http://internal1.example.com/
ProxyPassReverse /app2/ http://internal2.example.com/

However, there is a slightly more complex alternative form that Irecommend as more robust:

<location /app1/>
ProxyPassReverse /
</location>
<location /app2/>
ProxyPassReverse /
</location>

The reason for recommending this is that a problem arises with someapplication servers. Suppose for example we have a redirect:

HTTP/1.1 302 Found
Location: /some/path/to/file.html

This is a violation of the HTTP protocol and so should never happen:HTTP only permits full URLs in Location headers. However, it is also asource of much confusion, not least because the CGI spec has a similarLocation header with different semantics where relative paths areallowed. There are a lot of broken servers out there! In thisinstance, the first form of ProxyPassReverse will return the incorrectresponse

HTTP/1.1 302 Found
Location: /some/path/to/file.html

which, even allowing for error-correcting browsers, is outside theProxy's address space and won't work. The second form fixes this to

HTTP/1.1 302 Found
Location: /app2/some/path/to/file.html

which is still broken, but will at least work in error-correctingbrowsers. Most browsers will deal with this.

If your backend server uses cookies, you may also need theProxyPassReverseCookiePath and ProxyPassReverseCookieDomaindirectives. These are similar to ProxyPassReverse, but deal with thedifferent form of cookie headers. These require mod_proxy fromApache 2.2 (recommended), or a patched version of 2.0.

Fixing HTML Links

As we have seen, ProxyPassReverse remaps URLs in the HTTP headers toensure they work from outside the company network. There is, however,a separate problem when links appear in HTML pages served. Considerthe following cases:

  1. This link will be resolved by the browser and will work correctly.
  2. This link will be resolved by the browser to http://www.example.com/otherfile.html, which is incorrect.
  3. This link will resolve to "no such host" for the browser.

The same problem of course applies to included content such as images,stylesheets, scripts or applets, and other contexts where URLs occurin HTML.

To fix this requires us to parse the HTML and rewrite the links. Thisis the purpose of mod_proxy_html. It works as an output filter,parsing the HTML and rewriting links as it is served. Twoconfiguration directives are required to set it up:

  • SetOutputFilter proxy-html This simply inserts the filter, to enable ProxyHTMLURLMap
  • ProxyHTMLURLMap from-pattern to-pattern [flags] In its basic form, this has a similar purpose and semantics to ProxyPassReverse. Additionally, an extended form is available to enable search-and-replace rewriting of URLs within Scripts and Stylesheets.

How it works

mod_proxy_html is based on a SAX parser: specifically the HTMLparsermodule from libxml2 running in SAX mode (any other parse mode would ofcourse be very much slower, especially for larger documents). It hasfull knowledge of all URI attributes that can occur in HTML 4 andXHTML 1. Whenever a URL is encountered, it is matched againstapplicable ProxyHTMLURLMap directives. If it starts with anyfrom-pattern, that will be rewritten to the to-pattern. Rules areapplied in the reverse order to their appearance in httpd.conf, andmatching stops as soon as a match is found.

Here's how we set up a reverse proxy for HTML. Firstly, full links tothe internal servers should be rewritten regardless of where theyarise, so we have:

ProxyHTMLURLMap http://internal1.example.com /app1
ProxyHTMLURLMap http://internal2.example.com /app2

Note that in this instance we omitted the "trailing" slash. Since thematching logic is starts-with, we use the minimal matching pattern. Wehave now globally fixed case 3 above.

Case 2 above requires a little more care. Because the link doesn'tinclude the hostname, the rewrite rule must be context-sensitive. Aswith ProxyPassReverse above, we deal with that using<location>

<location /app1/>
ProxyHTMLURLMap / /app1/
</location>
<location /app2/>
ProxyHTMLURLMap / /app2/
</location>

Debugging your Proxy Configuration

The above is a simple case taken from mod_proxy_html version 1. Withthe more complex URLmapping and rewriting enabled by Version 2, youmay need a bit of help setting up a complex ruleset, perhaps involvinga series of complex regexps, chained anc blocking rules, etc. To helpwith setting up and troubleshooting your rulesets, mod_proxy_html 2provides a "debug" mode, in which all the 'interesting' things it doesare written to the Apache error log. To analyse and fix your rulesets,set

ProxyHTMLLogVerbose On
LogLevel Info   (or LogLevel Debug)

Now run your testcases through your rulesets, and examine the apacheerror log for details of exactly how it was processed.

Do not leave ProxyHTMLLogVerbose On for normal use. Although theeffect is marginal, it is an overhead.

Extended URL Mapping

The previous section sets up remapping of HTML URLs, but leaves anyURL encountered in a Stylesheet or Script untouched. mod_proxy_htmldoesn't parse Javascript or CSS, so dealing with URLs in them requirestext-based search-and-replace. This is enabled by the directiveProxyHTMLExtended On.

Because the extended mode is text-based, it can no longer guarantee tomatch exact URLs. It's up to you to devise matching rules that canpick out URLs, just as if you were writing an old-fashioned Perl orPHP regexp-based filter (though of course it's still massively moreefficient than performing search-and-replace on an entire documentin-memory). To help with this, ProxyHTMLExtended supports both simpletext-based and regular expression search-and-replace, according to theflags. You can also use the flags to specify rules separately for HTMLlinks, scripting events, and embedded scripts and stylesheets.

A second key consideration with extended URL mapping is that whereasan HTML link contains exactly one URL, a script or stylesheet maycontain many. So instead of stopping after a successful match, theprocessor will apply all applicable mapping rules. This can be stoppedwith the L (last) flag.

Dealing with multimedia content

We just set up a proxy to parse and where necessary correct HTML. Butof course, the web isn't just HTML. Surely feeding non-HTML contentthrough an HTML parser is at best inefficient, if not totally broken?

Yes indeed. mod_proxy_html deals with that by checking theContent-Type header, and removing itself from the processing chainwhen a document is not HTML (text/html) or XHTML(application/xhtml+xml). This happens in the filter initialisationphase, before any data are processed by the filter.

But that still leaves a problem. Consider compressed HTML:

Content-Type: text/html
Content-Encoding: gzip

Feeding that into an HTML parser is clearly broken!

There are two solutions to this. One is to uncompress the incomingdata with mod_deflate.Uncompressing and compressing content radically reduces networktraffic, but increases the processor load on the proxy. It isworthwhile if and only if bandwidth between the proxy and thebackend is at a premium: this is common on the 'net at large,but unlikely to be the case on a company internal network.

SetOutputFilter  INFLATE;proxy-html;DEFLATE

The alternative solution is to refuse to supportcompression. Stripping any Accept-Encoding request header does thejob. So invoking mod_headers, we add a directive

RequestHeader unset Accept-Encoding

This should only apply to the Proxy, so we put it inside our <location> containers.

A similar situation arises in the case of encrypted (https) content.But in this case, there is no such workaround: if we could decrypt thedata to process it then so could any other man-in-the-middle, and thesecurity would be worthless. This can only be circumvented byinstalling mod_ssl and a certificate on the proxy, so that the actualsecure session is between the browser and the proxy, not the originserver.

The Complete Configuration

We are now in a position to write a complete configuration for ourreverse proxy. Here is a bare minimum, that ignores extendedurlmapping:

LoadModule proxy_module      modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module    modules/mod_headers.so
LoadFile   /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
 
ProxyRequests off
ProxyPass /app1/ http://internal1.example.com/
ProxyPass /app2/ http://internal2.example.com/
ProxyHTMLURLMap http://internal1.example.com /app1
ProxyHTMLURLMap http://internal2.example.com /app2
 
<location /app1/>
ProxyPassReverse /
SetOutputFilter  proxy-html
ProxyHTMLURLMap  /      /app1/
ProxyHTMLURLMap  /app1  /app1
RequestHeader    unset  Accept-Encoding
</location>
 
<location /app2/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap /       /app2/
ProxyHTMLURLMap /app2   /app2
RequestHeader   unset   Accept-Encoding
</location>

Of course, there's more than one way to do it. Our configuration wouldactually have been simpler if we'd used Virtual Hosts for eachapplication server. But that takes you beyond the realm of Apacheconfiguration and into DNS. If you don't fully understand that (or ifyou think "why can't I see my domain" is a webserver question), thenplease don't try using virtual hosts for this.

Further topics

Caching

We haven't dealt with caching in this article. In a company-intranetsituation, the connection from the proxy to the application servers isthe local LAN, which is probably fast and has ample capacity. In suchcases, caching at the proxy will have little effect, and can probablybe omitted.

If we want to cache pages, we can of course do so with mod_cache Butthat is beyond the scope of this article.

Content Transformation

Another powerful use for a proxy is to transform the contenton-the-fly according to the user's preferences. This author's flagshipmod_accessibility product (from which mod_proxy_html is a spinoff)serves to transform HTML and XHTML on-demand to enhance usability andaccessibility.

Filtering and Security

A reverse proxy is not the natural place for a "family filter", but isideal for defining access controls and imposing security restrictions.We could, for example, configure the proxy to recognise a customheader from an origin server and block content based on it. Thisdelegates control to the application servers.

Questions and Answers

(Q) Where can I get the software?
(A) Most of it from the obvious place, http://httpd.apache.org/ mod_proxy_html is available from http://apache.webthing.com/ libxml2 is available from http://xmlsoft.org/. Windows users should read libxml2.dll for libxml2.so, and can obtain it together with the prerequisites iconv.dll and zlib.dll from Igor Zlatkovic's site.
(Q) Can I get a binaries of software ?
(A) If there's no link at the websites above, ask the provider of your operating system or distribution. The author can compile it on different platforms but does not provide a free compilation service.
(Q) What is httpd.conf? My apache has different configuration files.
(A) Some distribution packagers mess about with the Apache configuration. If this applies to you, the details should be documented by your distributor, and have nothing to do with Apache itself! Substitute your distributions choice of configuration file for httpd.conf in the above discussion, or create your own proxy.conf file and Include it.
(Q) You mentioned apxs and apachectl. Where do I find them?
(A) They're part of a standard Apache installation (except on Windows). If you don't have them or can't find them, that's a problem with your installation. The easiest solution is probably to download a complete Apache from httpd.apache.org.
(Q) Does mod_proxy_html deal with Javascript links?
(A) From mod_proxy_html 2.0, yes!
(Q) The proxy appears to change my HTML?

(A) It doesn't really, but it may appear to. Here are the possible causes:

  1. Changing the FPI (the <!DOCTYPE ...> line) may affect some browsers. FIX: set the doctype explicitly if this bothers you.

  2. mod_proxy_html has the side-effect of transforming content to utf-8 (Unicode) encoding. This should not be a problem: utf-8 is well-supported by browsers, and offers comprehensive support for internationalisation. If it appears to cause a problem, that's almost certainly a bug in the application server, or possibly a misconfigured browser. FIX: filter through mod_charset_lite to your chosen charset.

  3. mod_proxy_html will perform some minor normalisations. If your HTML includes elements that are closed implicitly, it will explicitly close them. In other words:

    <body>
    <p>Hello, World!
    </body>

    will be transformed to

    <body>
    <p>Hello, World!</p>
    <body>

    If this affects the rendition in your browser, it almostcertainly means you are using malformed HTML and relying onerror-correction in a browser. FIX: validate your HTML! Theonline Page Valet service will both validate and show yourmarkup normalised by the DTD, while a companion toolAccessValet will show markup normalised by the same parserused in the proxy, and highlight other problems. Both areavailable at http://valet.webthing.com/

(Q) I need a customised solution.
(A) The author is available for development and consultancy.

Tags

January 3rd, 2007

Comments Welcome

  • LonerVamp

    This is just FYI. The article says:

    "At the time of writing, the reason most commonly cited for not upgrading is difficulties running PHP on Apache 2. I cannot speak from personal experience, but several well-informed sources tell me the difficulty lies with non-thread-safe code in PHP, and that it works well with Apache 2 if it is built with the non-threaded Prefork MPM."

    This was true in Ocftober 2006 when this was updated, but is no longer the issue with the latest Apache and PHP installs.

  • http://hype-free.blogspot.com/ Cd-MaN

    Hello. I have an issue with mod_proxy I blogged about (http://hype-free.blogspot.com/2006/09/apache-and-modproxy.html). Basically the scenario is the following:
    -one internal server with CentOS running an old(er) version of Apache (some 2.0.x) with mod proxy
    -the target server out on the web with Windows and a new Apache 2.2
    -connections from the proxy to the target server are made through SSL for security reasons
    -if keep-alive connections are enabled at every 2-3 requests the proxy says something similar to: "I received an invalid response from an upstream server". With keep-alive connections disabled everything works fine, but the performance penalty is big, because the encryption has to be renegotiated for every query. Any ideas what could be the problem? I tried to google it by came up with no useful info.

  • dumbo

    Hi,
    I have slightly different scenario then the reverse proxy examples given.i have to redirect the incoming requests (http:/)to secured site (https://) and get the data back.
    Also there is user authentication.
    how can that be acompished in reverse proxy.

  • Des

    If backend server returns 302 redirect response can this be "trapped" by proxy and redirected internally without sending response back to client?

  • Chris

    Could you possibly post the "simplified" example that you mentioned if vhosts were used?

    We use virtual hosts extensively, and I'm curious as to how this would be simplified...

    Thanks, this is a great read!

  • pradyumna

    Hi,

    I want an architecture based on the following scenario.

    1. I will have a server that will play a role of a web server/reverse proxy.
    2. This proxy server will be placed in my DMZ
    3. My applications will be running on the MZ.
    4. When some external user will access they have to use _https_ where as internal users should access by _http_
    5. The reverse proxy must be able to provide "local" websites (PHP/HTML etc )

    Please can someone help me in designing the architecture and how i will do it.

    /Pradyumna

  • ice_zombie

    THANK YOU!!! This was a great help. Needed a bit customization but works like a charm. =)

  • Tapas Mishra

    Thank you this was great it works.

  • Koriun

    Hello,

    How I can specify dynamic URL mapping? In my case URL map is kept in database. So what 'header' can i change to inform mod_proxy_html to make correct changes?

  • Fernando Cabal

    Publishing TFS Through a Reverse Proxy

    I have been trying to expose a Team Foundation Server 2010 using an apache 2.2 reverse proxy config and it seems to be impossible to implement.

    I am using this config :

    ProxyPass / http://site.com:8080/
    ProxyPassReverse /  http://site.com:8080/

    I get these errors at some point on the TFS client while trying to get the latest version:

    TF30063: You are not authorized to access Microsoft-IIS/7.5.

    And the Apache log shows 401 errors:

    HTTP/1.1" 401 - "-" "Team Foundation (devenv.exe, 10.0.30128.1)"

    I believe it is related to NTLM auth being requested

    Has anyone successfully implemented this?

  • Vinny

    Is it also possible to configure mod_proxy within htaccess? Couldn't find anything about that on the net.

  • ebrahim

    I have an application that check referer option in HTTP header and if this referer is out of my domain my application don't respond to client. When i use mod_proxy in reverse mod, referer option value is address of proxy server and therefore my application don't work correctly. I there a directive for changing referer by mod_proxy?

  • Mike

    It appears that Apache's mod_proxy is not able to correctly reverse proxy 302 and 303's that redirect from http to https (or vice-versa) and make it seamless for the client.

    Example:

    Client—————————–ReverseProxy—————————-Internal
     
    —https://ReverseProxy/foo—>
    —http://Internal/foo—>
    <—303: "http://internal/bar"—
    <—http://ReverseProxy/bar—

    Note that to the client, the connection method has changed from https to http. It seems that apache's ProxyPassReverse directive does not understand that the connection method needs to remain https (despite living inside of a virtualhost on port 443 with SSLEngine On).

    Do you have any ideas how to force ProxyPassReverse to always return https to the client?

  • http://Www.unblockrunescape.com new proxy

    Good post. I learn something totally new and challenging on blogs I stumbleupon everyday.

    It will always be interesting to read through content from other authors and practice
    a little something from other websites.

  • Zamy

    This article helped me, i was able to configure the reverse proxy, but i ran to another issue. The internal application is now on the web , but the application seems to be having problems, link and login button on the page are not working well. The internal application runs on IIS. How can i resolve it ? Thank you in advance.

  • Zamy

    This article helped me, i was able to configure the reverse proxy, but i ran to another issue. The internal application is now on the web , but the application seems to be having problems, link and login button on the page are not working well. The internal application runs on IIS. How can i resolve it ? Thank you in advance.

  • Yash

    Thank you. This helped me to understand the concept and also in implementing the same.

  • Pingback: Sharepoint Wiki through an Apache Reverse Proxy - Just just easy answers

  • Pingback: How do I point one virtual host to another instance of apache running at another port on the same box? - Just just easy answers

  • Pol Hallen

    Beautiful howto! very thanks! :-))) I lost myself with a problem... and I don't know what is
    useful to resolve it :-/ My situation:

    the name of this webserver is: domain.org, I've phpmyadmin as alias:

    http://domain.org/phpmyadmin

    A virtual host: newdomain.org

    I need connect to phpmyadmin using http://newdomain.org/phpmyadmin and
    KEEP (in the address bar) http://newdomain.org/phpmyadmin (and not
    domain.org/phpmyadmin).

    I check a something like this but I don't think is useful for me.

    Can you help me please?

    thanks!

    ProxyPass /phpmyadmin/ http://domain.org/phpmyadmin
    ProxyPassReverse /info/ http://domain.org/phpmyadmin/
    ProxyHTMLURLMap http://domain.org/phpmyadmin /phpmyadmin/

    ProxyPassReverse /
    SetOutputFilter proxy-html
    ProxyHTMLURLMap newdomain.org/phpmyadmin /phpmyadmin/
    ProxyHTMLURLMap / /phpmyadmin/
    ProxyHTMLURLMap /phpmyadmin/ /phpmyadmin/
    RequestHeader unset Accept-Encoding

  • Thuy Vu

    Hi,

    I have a problem but could not figure out.

    Firstly, I had an apache http server stand as a reverse proxy on address A
    The request that sent to A will be reverse to DotNetnuke Portal on address B

    Secondly, on B we have made a redirect to B.abc.aspx

    I expect that it should be A.abc.aspx but it was always B.abc.aspx.

    Please help me to figure out the issue.

    Thanks

My Online Tools
WordPress Sites

My Picks

Related Articles
Newest Posts
Twitter

  • Trojan Horse, a novel!  t.co/Hf8EtYaZVa 
  • The Hacker Playbook - very nice high level overview of attacks  t.co/lHwNVWi61u 
  • Clean Code - A Handbook of Agile Software Craftsmanship  t.co/hnJX0x1qIc 
  • Secrets of the JavaScript Ninja - By my absolute favorite JS hacker John Resig!  t.co/tZ42ljmcCl 
  • Hacking Exposed 7: Network Security Secrets & SolutionsMy all time favorite, basic but thorough and accurate.  t.co/jycW0RDVtZ 
  • Empty words will be no surrogate for cold resolve. Pain is nothing.  t.co/qXjpRxbjCw 
  • REVERSING: Secrets of Reverse Engineering  t.co/GaWo29lWWG 
  • NEUROMANCER  t.co/3OoknUcb5Z 
  • "The Shockwave Rider", by John Brunner (1975 hacker sci-fi)  t.co/ZW56HVUefW 
  • The Rootkit ARSENAL - Escape and Evasion in the Dark Corners of the System  t.co/1FzX6bHgsQ 
  • "We Are Anonymous - Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency" better be good!  t.co/GL0cFNiUOq 
  • THE IDEA FACTORY Bell Labs  t.co/FyVhgNwwT5 
  • The Datacenter as a Computer -- Urs Holzle  t.co/M5WIYs1OVg 
  • Now by Steven Levy, "IN THE PLEX"  t.co/PwxtLgqukG 

Friends and Recommends
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman






[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain