Question
Last activity: 16 Mar 2016 15:40 EDT
Reverse Proxy + Custom authentication
Hello Team,
I am implementing custom authentication for a customer via reverse proxy server.
I have followed PDN article https://pdn.pega.com/how-configure-reverse-proxy-server to the required setup
System setting for ContextRewriteEnabled has been set to true in prcofig.xml
Initial request seems to go through properly but later request are not working
. User clicks link to https://InternalPortal/prweb/App1/CustomServlet
Based on location the reverse proxy then redirects to correct pega url.
The corresponding proxy config is shown below:
<Location "/prweb/App1/">
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
Hello Team,
I am implementing custom authentication for a customer via reverse proxy server.
I have followed PDN article https://pdn.pega.com/how-configure-reverse-proxy-server to the required setup
System setting for ContextRewriteEnabled has been set to true in prcofig.xml
Initial request seems to go through properly but later request are not working
. User clicks link to https://InternalPortal/prweb/App1/CustomServlet
Based on location the reverse proxy then redirects to correct pega url.
The corresponding proxy config is shown below:
<Location "/prweb/App1/">
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
ProxyPass https://pega1/prweb/
ProxyPassReverse https://pega1/prweb/
ProxyPassReverseCookieDomain "pega1" "internalportal"
ProxyPassReverseCookiePath "/" "/prweb/App1/"
</Location >
It seems the initial request is reaching pega but somehow updates the URL to just https://internalportal/CustomServlet
Notice that the key word "/prweb/App1" gets removed at pega side.
Due to this the new URL is getting blocked by proxy server as then it becomes an invalid URL
Are we doing something incorrectly here?
Pegasystems Inc.
US
Chris Koyl can you take a look when you get a chance?
Accepted Solution
Pegasystems Inc.
US
Amit and I worked on this together and got this working with the following Apache mod_proxy settings:
<Location "/prweb/App1/">
ProxyPass https://pega1/prweb nocanon
ProxyPassReverse https://pega1/prweb
ProxyPassReverseCookieDomain "pega1" "internalportal"
ProxyPassReverseCookiePath "/" "/prweb/App1/"
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
</Location >
The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.
Also, we verified that the following were set:
ProxyRequests off
Amit and I worked on this together and got this working with the following Apache mod_proxy settings:
<Location "/prweb/App1/">
ProxyPass https://pega1/prweb nocanon
ProxyPassReverse https://pega1/prweb
ProxyPassReverseCookieDomain "pega1" "internalportal"
ProxyPassReverseCookiePath "/" "/prweb/App1/"
RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1
</Location >
The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.
Also, we verified that the following were set:
ProxyRequests off
ProxyPerserveHost on
This was done higher in the configuration.
Patches:
7.1.8: None (do NOT use HFix-22433)
7.1.9: Use Hfix-24654. This patch prevents any X-Forwarded headers sent from load balancers or web server plugins, WebLogic plugin for example, from overriding the PegaRULES-SetContextURI.
Pegasystems Inc.
US
For information, the details can be found in this support article: https://community.pega.com/support/support-articles/contextrewriteenabled-does-not-work-post-upgrade