Advertisement
Got a pickle here. We have an application that, for some reason, the mobile app developer and the main developer haven’t gotten on the same page and mucked some things up.<\/p>\n
The backend app sits at https://externalapp.webserver.com/apppath/appsubpath<\/a> . This hasn’t been much of an issue in the past because a simple URL redirect was all that was needed, but the mobile developer has decided the mobile app has to be forced to use https://externalapp.webserver.com/appsubpath<\/a> , which leaves the pickle. If the user is lucky enough to completely delete the app and re-enter the URI of https://externalapp.webserver.com/apppath/appsubpath<\/a> manually, it seems to want to work. That’s not a practical workaround so I’m wanting to see if our old friend Apache can help, because it’s either that or IIS acting as the reverse proxy, and I don’t like IIS much.<\/p>\n
So, what I need to do is check to see if the URI starts with https://externalapp.webserver.com/appsubpath<\/a> , then rewrite the URI to be https://externalapp.webserver.com/apppath/appsubpath<\/a> , otherwise, don’t rewrite any part of the URI and proxy it as is. Here in lies the issues. This config works as long as the user is lucky to be able to manually enter the URI,<\/p>\n Anyone not so lucky, I have tried this config but it doesn’t seem to want to work.<\/p>\n I’m not sure why it isn’t working, and as you can see I even tried to use a ProxyPassMatch, but that doesn’t seem to work either. Thoughts?<\/p>","upvoteCount":3,"answerCount":9,"datePublished":"2023-06-08T23:48:59.000Z","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"},"suggestedAnswer":[{"@type":"Answer","text":" Got a pickle here. We have an application that, for some reason, the mobile app developer and the main developer haven’t gotten on the same page and mucked some things up.<\/p>\n The backend app sits at https://externalapp.webserver.com/apppath/appsubpath<\/a> . This hasn’t been much of an issue in the past because a simple URL redirect was all that was needed, but the mobile developer has decided the mobile app has to be forced to use https://externalapp.webserver.com/appsubpath<\/a> , which leaves the pickle. If the user is lucky enough to completely delete the app and re-enter the URI of https://externalapp.webserver.com/apppath/appsubpath<\/a> manually, it seems to want to work. That’s not a practical workaround so I’m wanting to see if our old friend Apache can help, because it’s either that or IIS acting as the reverse proxy, and I don’t like IIS much.<\/p>\n So, what I need to do is check to see if the URI starts with https://externalapp.webserver.com/appsubpath<\/a> , then rewrite the URI to be https://externalapp.webserver.com/apppath/appsubpath<\/a> , otherwise, don’t rewrite any part of the URI and proxy it as is. Here in lies the issues. This config works as long as the user is lucky to be able to manually enter the URI,<\/p>\n Anyone not so lucky, I have tried this config but it doesn’t seem to want to work.<\/p>\n I’m not sure why it isn’t working, and as you can see I even tried to use a ProxyPassMatch, but that doesn’t seem to work either. Thoughts?<\/p>","upvoteCount":3,"datePublished":"2023-06-08T23:48:59.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/1","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"}},{"@type":"Answer","text":" If I am understanding properly, you want it to be when a user goes to one URL is goes instead to another.<\/p>\n A reverse proxy will relay this information, however to the user the information exchange is transparent.<\/p>\n Since you said in the past a redirect would work and now will not, and the dev is “forcing” the change, I assume that means the app is checking the URL literally?<\/p>","upvoteCount":0,"datePublished":"2023-06-09T11:47:06.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/2","author":{"@type":"Person","name":"foo","url":"https://community.spiceworks.com/u/foo"}},{"@type":"Answer","text":" So the backend development group apparently decided that https://backend.webserver.com/apppath/appsubpath<\/a> is what they wanted and hard coded that, but the mobile developers have decided that https://backend.webserver.com/appsubpath<\/a> is how they want it, and while not hard-coded, until this recent update the users only had to go to https://backend.webserver.com/<\/a> and we had a redirect page to point them to https://backend.webserver.com/apppath/appsubpath<\/a> . If a user is lucky enough to get the chance to manually type https://backend.webserver.com/apppath/appsubpath<\/a> in, then everything works, but if they still use https://backend.webserver.com/<\/a> for a number of reasons, then the app automatically appends /appsubpath and tries to use it, which doesn’t work.<\/p>\n Management has tasked be with ensuring that users not have to manually type in https://backend.webserver.com/apppath/appsubpath<\/a> , but rather the shorter https://backend.webserver.com/<\/a> like they always have, so I need to rewrite the app generated url of https://backend.webserver.com/appsubpath<\/a> to https://backend.webserver.com/apppath/appsubpath<\/a> on the fly. Now the fun, and this is where I see Apache hanging up, is appsubpath is the same text regardless of position, so I have to tell it to only rewrite if it sees /appsubpath, not /apppath/appsubpath. That’s where I think I’m falling down at.<\/p>","upvoteCount":0,"datePublished":"2023-06-09T12:41:26.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/3","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"}},{"@type":"Answer","text":" As an added bonus, if I do this<\/p>\n This does seem to work, but then the second ProxyPass doesn’t seem to get hit anymore for other URLs going to https://backend.webserver.com<\/a> that also need to pass through unaltered, only when https://backend.webserver.com<\/a> /appsubpath is seen do I want the rewrite to occur, otherwise, pass the URL through unaltered.<\/p>\n Just curious if you can just user a URL shortener to the new URL? And make it all go away? It’s about trying to fix the developers two teams not talking to each other and forcing different URI schemes<\/p>","upvoteCount":0,"datePublished":"2023-06-09T13:45:13.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/6","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"}},{"@type":"Answer","text":" Ok, so, another wrinkle came up in trying to figure this all out. Apparently there is multiple appsubpaths that give an issue, and the mobile app is really screwed up on this. So, what I needed to do is this, which works if the mobile app is set to use https://externalapp.webserver.com/appsubpath<\/a> , but not if it’s set to use https://externalapp.webserver.com/apppath<\/a> , which should meet the requirements but I’m frustraited it’s not working in both cases.<\/p>\n
Advertisement
<VirtualHost *:443>\n\n ServerName externalapp.webserver.com\n\n ProxyPreserveHost On\n\n ProxyPass \"/\" \"https://backend.webserver.com/\"\n ProxyPassReverse \"/\" \"https://backend.webserver.com/\"\n\n SSLProxyEngine On\n SSLProxyCheckPeerCN Off\n SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\n\n LogLevel debug\n CustomLog \"C:/Apache24/logs/externalapp_webserver_com_https.log\" combined\n\n</VirtualHost>\n<\/code><\/pre>\n<VirtualHost *:443>\n\n ServerName externalapp.webserver.com\n\n RewriteEngine On\n ProxyPreserveHost On\n\n # ProxyPassMatch ^/appsubpath/(.*)$ https://backend.webserver.com/apppath/appsubpath/$1\n # ProxyPassReverse \"/apppath\" \"https://backend.webserver.com/apppath/\"\n\n RewriteRule \"^/appsubpath/(.*)$\" \"https://backend.webserver.com/apppath/appsubpath/$1\" [PT]\n\n ProxyPass \"/\" \"https://backend.webserver.com/\"\n ProxyPassReverse \"/\" \"https://backend.webserver.com/\"\n\n SSLProxyEngine On\n SSLProxyCheckPeerCN Off\n SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\n\n LogLevel debug\n CustomLog \"C:/Apache24/logs/externalapp_webserver_com_https.log\" combined\n\n</VirtualHost>\n<\/code><\/pre>\n<VirtualHost *:443>\n\n ServerName externalapp.webserver.com\n\n ProxyPreserveHost On\n\n ProxyPass \"/\" \"https://backend.webserver.com/\"\n ProxyPassReverse \"/\" \"https://backend.webserver.com/\"\n\n SSLProxyEngine On\n SSLProxyCheckPeerCN Off\n SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\n\n LogLevel debug\n CustomLog \"C:/Apache24/logs/externalapp_webserver_com_https.log\" combined\n\n</VirtualHost>\n<\/code><\/pre>\n<VirtualHost *:443>\n\n ServerName externalapp.webserver.com\n\n RewriteEngine On\n ProxyPreserveHost On\n\n # ProxyPassMatch ^/appsubpath/(.*)$ https://backend.webserver.com/apppath/appsubpath/$1\n # ProxyPassReverse \"/apppath\" \"https://backend.webserver.com/apppath/\"\n\n RewriteRule \"^/appsubpath/(.*)$\" \"https://backend.webserver.com/apppath/appsubpath/$1\" [PT]\n\n ProxyPass \"/\" \"https://backend.webserver.com/\"\n ProxyPassReverse \"/\" \"https://backend.webserver.com/\"\n\n SSLProxyEngine On\n SSLProxyCheckPeerCN Off\n SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\n\n LogLevel debug\n CustomLog \"C:/Apache24/logs/externalapp_webserver_com_https.log\" combined\n\n</VirtualHost>\n<\/code><\/pre>\nRewriteRule ^/appsubpath/(.*) https://backend.webserver.com/apppath/appsubpath/$1 [P]\nProxyPassReverse \"/apppath\" \"https://backend.webserver.com/apppath/\"\n<\/code><\/pre>\nProxyPass \"/\" \"https://backend.webserver.com\"\nProxyPassReverse \"/\" \"https://backend.webserver.com\"\n<\/code><\/pre>","upvoteCount":0,"datePublished":"2023-06-09T13:12:17.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/4","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"}},{"@type":"Answer","text":"
\nBecause on reading your second post this sems to just be the complexity to the end user, and in a browser?
\nNot an application’s backend API?<\/p>","upvoteCount":0,"datePublished":"2023-06-09T13:14:43.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/5","author":{"@type":"Person","name":"foo","url":"https://community.spiceworks.com/u/foo"}},{"@type":"Answer","text":"<VirtualHost *:443>\n\n ServerName externalapp.webserver.com\n\n RewriteEngine On\n ProxyPreserveHost On\n\n RewriteRule \"^/appsubpath2(.*)$\" \"https://backend.webserver.com/apppath/appsubpath2$1\" [P]\n RewriteRule \"^/appsubpath/appsubpath(.*)$\" \"https://backend.webserver.com/apppath/appsubpath/$1\" [P]\n\n ProxyPass \"/\" \"https://backend.webserver.com\"\n ProxyPassReverse \"/\" \"https://backend.webserver.com\"\n\n SSLProxyEngine On\n SSLProxyCheckPeerCN Off\n SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\n\n LogLevel debug\n CustomLog \"C:/Apache24/logs/externalapp_webserver_com_https.log\" combined\n\n</VirtualHost>\n<\/code><\/pre>","upvoteCount":0,"datePublished":"2023-06-09T14:19:58.000Z","url":"https://community.spiceworks.com/t/reverse-proxy-with-rewrite/953401/7","author":{"@type":"Person","name":"Jody4575","url":"https://community.spiceworks.com/u/Jody4575"}},{"@type":"Answer","text":"