Bounty: 50
I’m trying to set up group access to certain urls on my reverse proxy gateway. The previous questions that combine proxypass and mod_rewrite do so not for the reasons that I am doing so. I am combining them because I am trying to force an internal redirect (so I can see the HTTP headers.. This is because mod_rewrite cannot see the headers that I want unless I do an internal redirect). (This is a must, unfortunately)
If I remove the rewrite lines, the proxy works as expected (it’s serving the files correctly). However, the group access is not being enforced.
<VirtualHost *:*>
ServerName mysubdomain.mydomain.com
SSLProxyEngine on
#I'm not an apache sys-admin professional so I'm not sure if any of these are necessary
ProxyPreserveHost On
ProxyRequests Off
AllowEncodedSlashes On
<Location /mypath>
#this AuthType is what gets the HTTP header that I want (GROUPS)
AuthType MyApacheAgt
Order Deny,Allow
Deny from all
Allow from all
RewriteEngine On
RewriteCond %{ENV:REDIRECT_PASS} !1
RewriteRule ^(.*)$ /$1 [L,E=PASS:1,PT]
RewriteCond %{HTTP:GROUPS} !^.*some-group-to-match-to.*$
RewriteRule ^(.*)$ /$1 [L,R=403,PT]
ProxyPass http://my-proxied-webserver.mydomain:8080/mypath disablereuse=On retry=0 nocanon
ProxyPassReverse http://my-proxied-webserver.mydomain:8080/mypath
</Location>
</VirtualHost>
From my apache logs, I see that I’m getting:
[pid 9:tid 140131688048384] [client XX] AH00128: File does not exist: /var/www/html/proxy:http:/my-proxied-webserver.mydomain:8020/mypath
One thing that alarms me is that there is only one / in the proxied url in the error log. Is this normal?
I am using apache 2.4 (and would prefer 2.4, but most 2.2 can be converted over)
Would it be simpler to merge the rewriterules and the proxy lines (if this is possible?)