Ssl – Apache ajp reverse proxy redirect a specific page to https

apache-2.2mod-proxy-ajpreverse-proxyssltomcat

I have apache load balancing reverse proxy with mod_proxy_ajp running and redirecting to the backend tomcat servers. I have also created a separate virtual host for HTTPS(SSL) along with HTTP virtual hosting. Both the below http://my.domain.net/ and https://my.domain.net/ virtual hosts are accessible and working fine individually.

http ##:

<VirtualHost *:80>
ServerName my.domain.net

ProxyRequests On
ProxyVia On
ProxyPreserveHost On
ProxyErrorOverride On
ProxyStatus On

<Proxy balancer://ClusterDomain>
    Order deny,allow
    Allow from all

BalancerMember ajp://192.168.1.22:8009 route=web1 redirect=web2 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.23:8009 route=web2 redirect=web1 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.21:8009 route=balancer1 status=+H disablereuse=on


  ProxySet lbmethod=byrequests
  ProxySet stickysession=JSESSIONID|jsessionid
</Proxy>

ProxyPass /errors !
ProxyPass /balancer-manager !
ProxyPass / balancer://ClusterDomain/ nofailover=off
ProxyPassReverse / balancer://ClusterDomain/


# Balancer-manager for ajp proxy nodes management
<Location /balancer-manager>
        SetHandler balancer-manager
        Order deny,allow
        Allow from all
</Location>

#Recording virtual host logs
LogLevel Debug
CustomLog /var/log/apache2/my.domain.com-access.log combined
ErrorLog  /var/log/apache2/my.domain.com-error.log

</VirtualHost>

https ## :

NameVirtualHost 123.123.123.123:443
<VirtualHost 123.123.123.123:443>
ServerName my.domain.net

SSLEngine on
SSLProxyEngine On
SSLCertificateFile    /etc/ssl/myapp/server.crt
SSLCertificateKeyFile /etc/ssl/myapp/server.pem

ProxyRequests On
ProxyVia On
ProxyPreserveHost On
ProxyErrorOverride On
ProxyStatus On

<Proxy balancer://ClusterDomain>
    Order deny,allow
    Allow from all

BalancerMember ajp://192.168.1.22:8009 route=web1 redirect=web2 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.23:8009 route=web2 redirect=web1 ttl=300 timeout=5 retry=60
BalancerMember ajp://192.168.1.21:8009 route=balancer1 status=+H disablereuse=on


  ProxySet lbmethod=byrequests
  ProxySet stickysession=JSESSIONID|jsessionid
</Proxy>

ProxyPass /errors !
ProxyPass / balancer://ClusterDomain/ nofailover=off
ProxyPassReverse / balancer://ClusterDomain/


 BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

I searched in SF if anybody already asked this question but didn't find. Most of them asked how to redirect completely from http to https but in my case it's a bit different as I want only specific page(s) to be redirected to secured page but it should NOT redirect to https completely when tried with http.

How do I redirect a specific http page(let http://my.domain.net/register) to secured https(https://my.domain.net/register) page in my case based on the above virtual hosting?. Is it possible to do with ajp proxy?. I need both http and https accessible when accessed individually but only specific page should be forcibly redirected to secured page. Could I do this?

Update 1

I am really very bad at understand apache rewrite rules!!!.

As suggested by KM01 I tried rewrite rules.

It's simple ignoring the rules just by redirecting to http page when accessed http://my.domain.net/register even after appending the following rules in the virtual hosting for https redirection.

rewrite rule,

RewriteRule ^/register/$ https://my.domain.net/register [R=301]

(or)

I also tried with Redirect

RedirectMatch ^/register/$ https://my.domain.net/register

Update 2

After trying for a while got some basic thoughts!

I got both rewrite and redirect working!. The key thing was EXCLUDING the page(/register) from proxy redirection which should be redirected to secured https page!.

First Redirect worked this way,

ProxyPass /register !
RedirectMatch /register https://my.domain.net/register
#(or) RedirectMatch permanent /register https://my.domain.net/register

And Rewrite,

Even after excluding /register from proxy didn't work for me. I had to use RewriteEngine on though having rewrite module enabled.

Appending the following worked,

ProxyPass /register !
RewriteEngine on
RewriteRule ^/register/$ https://my.domain.net/register [R=301]

I don't know if this is the right way to do but got it working on KV01's help

Thanks to KV01!!!

Best Answer

You can achieve what you are trying to do with a rewrite/redirect. Something like this in your vhost config ought to work (please test in a test server first before rolling to production):

#requires mod_rewrite
RewriteRule ^/register$ https://my.domain.com/register [R=301]

This rules says that redirect only that which starts(^) and ends ($) and in between contains /register. This will not redirect any other path, just this one.

HTH

Related Topic