Question
Reverse Proxy + Custom authentication
Hello Team,
I am implementing custom authentication for a customer via reverse proxy server.
I have followed PDN article https://pdn.pega.com/how-configure-reverse-proxy-server to the required setup
System setting for ContextRewriteEnabled has been set to true in prcofig.xml
Initial request seems to go through properly but later request are not working
. User clicks link to https://InternalPortal/prweb/App1/CustomServlet
Based on location the reverse proxy then redirects to correct pegaurl.
The corresponding proxy config is shown below:
<Location "/prweb/App1/">
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
ProxyPasshttps://pega1/prweb/
ProxyPassReversehttps://pega1/prweb/
ProxyPassReverseCookieDomain "pega1" "internalportal"
ProxyPassReverseCookiePath "/" "/prweb/App1/"
</Location >
It seems the initial request is reaching pega but somehow updates the URL to just https://internalportal/CustomServlet
Notice that the key word "/prweb/App1" gets removed at pega side.
Due to this the new URL is getting blocked by proxy server as then it becomes an invalid URL
Are we doing something incorrectly here?
Amit and I worked on this together and got this working with the following Apache mod_proxy settings:
<Location "/prweb/App1/">
ProxyPasshttps://pega1/prweb nocanon
ProxyPassReversehttps://pega1/prweb
ProxyPassReverseCookieDomain "pega1" "internalportal"
ProxyPassReverseCookiePath "/" "/prweb/App1/"
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
</Location >
The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.
Also, we verified that the following were set:
ProxyRequests off
ProxyPerserveHost on
This was done higher in the configuration.
Patches:
7.1.8: None (do NOT use HFix-22433)
7.1.9: Use Hfix-24654. This patch prevents any X-Forwarded headers sent from load balancers or web server plugins, WebLogic plugin for example, from overriding the PegaRULES-SetContextURI.
For information, the details can be found in this support article: https://pdn.pega.com/support-articles/contextrewriteenabled-does-not-wo…
Chris Koyl can you take a look when you get a chance?