Combine RedirectMatch and ProxyPass in Apache VirtualHost

apache-2.4virtualhost

I have enabled HTTPS for a site and all requests to HTTP should be redirected to HTTPS now, except for the content of one directory, e.g. /downloads.

I changed my VirtualHost configuration for HTTP as follows and added the RedirectMatch setting:

<VirtualHost *:80>
        ServerName              example.com
        RedirectMatch           302 ^/(?!download/).*$ https://example.com$1
        ProxyPreserveHost       On
        ProxyRequests           Off
        ProxyPass               /       http://10.0.0.11:3000/
        ProxyPassReverse        /       http://10.0.0.11:3000/
</VirtualHost>

# configuration for HTTPS down here, working fine

My expectation: Requests such as http://example.com/faq would be redirected to the HTTPS version, and all requests such as http://example.com/download/file.zip would still be HTTP.

But obviously, the Proxy* instructions take higher precedence and no redirect at all takes place.

How would I have to structure my configuration correctly, so that I can use the RedirectMatch, and in case it does not match uses the Proxy* setting?

Best Answer

Okay, didn't see the forest for the trees. Solution was as easy as:

<VirtualHost *:80>
        ServerName              example.com
        RedirectMatch           302 ^/(?!download/).*$ https://example.com$1
        ProxyPreserveHost       On
        ProxyRequests           Off
        ProxyPass               /download/       http://10.0.0.11:3000/download/
        ProxyPassReverse        /download/       http://10.0.0.11:3000/download/
</VirtualHost>

So, the Proxy directives only kick in for the routes which are excluded by RedirectMatch.

Related Solutions

Tomcat cookies not working via the ProxyPass VirtualHost

I figured it out.

Add this to the VHost configuration:

ProxyPassReverseCookiePath /webapp /

How to use a virtual host to redirect https subfolders to different ports in apache

This did it:

<VirtualHost *:443>
    ServerName mydomain.com
    ServerAlias secure.mydomain.com
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    SSLEngine on
    SSLProxyEngine On
    SSLCertificateFile    /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/apache2/ssl/ca.pem

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /myapp/ http://127.0.0.1:8112/
    <Location /myapp/>
      ProxyPassReverse /
      ProxyPassReverseCookiePath / /myapp/
        #Some web services may or may not require an additional specific header variable
        # or additional internal configuration settings when located at a subfolder
        #In my case for example myapp specifically required a header variable to be set
        # with the new subfolder base as follows
        RequestHeader set X-myapp-Base "/myapp/"
      Order allow,deny
      Allow from all
    </Location>
</VirtualHost>

In this solution the web service will react as though it's responding on http and the apache reverse proxy will handle the ssl so that the service will appear as https to the user.

This may break some services or websites that are http/https aware. Wordpress for example would require the X-forwarded-for variable to be added to the header in a similar way to the example above.

Best Answer

Related Solutions

Tomcat cookies not working via the ProxyPass VirtualHost

How to use a virtual host to redirect https subfolders to different ports in apache

Related Topic