Join Log in
Score:0
tomas avatar Server

mod_proxy + mod_reqrite results in errors 502 or 502

pt flag
tomas

I have working httpd config (reverse proxy) that forwards requests to proxy:

Listen 443 https

<VirtualHost *:443>
    ServerName  public-dns.example.org
    ServerAlias internal-hostname.internal

    ProxyPreserveHost On

    RewriteEngine On

    #check & block some URLs in target service
    RewriteCond %{REQUEST_URI} ^/service
    RewriteRule /service(/(api(/(([a-zA-Z_-]+)(/|/.*swagger.*)?(\.\.)?)?)?)?)?$ - [F,L]

    <Location "/service/api/">
      ProxyPreserveHost Off
      ProxyErrorOverride Off
    </Location>

    ProxyPass /service/api/ https://services.apps.cloud.example.internal/

    ProxyErrorOverride On

    SSLProxyEngine On
#START - avoid unnecessary checks in internal network - development environment
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
#END - avoid unnecessary checks in internal network - development environment

#START - not relevant part of config (for this question)
    SSLEngine On
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 +TLSv1.2
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder On

    SSLCompression off
    SSLSessionTickets Off
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#END - not relevant part of config (for this question)
</VirtualHost>

I want to enrich the request to upstream server - add one query string parameter, but I have problem even applying rewriteRule and forward it to proxy.

Since the services use another querystring parameters, I found mod_rewrite flag QSA should handle ?/& correctly...

When I add this set of rewrite rules, all rewriteRules attempts fails with the same 502 Proxy error.

According to error_log, it seems like mod_proxy is not forwarding it based on ProxyPass directive defined above.

    #test - adding query parameter to proxy request

    RewriteCond %{REQUEST_URI} ^/service
# attempt 1 failed - match all under the rewriteCond "^/service", add "queryStringParam" and apply flags QSA & P (proxy)
#    RewriteRule ^(.*)$ $1?queryStringParam=example [QSA,P]
# attempt 2 failed - try the same without QSA
#    RewriteRule ^(.*)$ $1 [P]
# attempt 3/4 failed - try absolute url in target url 
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1?queryStringParam=example [QSA,P]
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1 [P]

All attempts failed with proxy error (http 502):

The proxy server received an invalid response from an upstream server. 
The proxy server could not handle the request "GET /services/api/example-service/list/".

Can you point me to the right direction? Thanks

34
1 + 0
Score:0
tomas avatar Server
pt flag
tomas

I found that flag P is not working with ProxyPass directive, but instead forwarding to proxy immediatelly. so the target url needs to be url of upstream... ProxyPass directive can be discarded from original config

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.