我有一個伺服器,我們有以下設定:
http://example.com -(REDIRECT)-> https://example.com
現在我們想要新增一個簡單的 ssl 代理程式(在 A 記錄也指向的同一台機器上),它將執行以下操作:
https://otherexample.com -(PROXY)-> https://example.com/a-uri
由於某種原因,我們總是陷入循環,這就是 modsecurity 日誌顯示的內容:
GET /a-uri/a-uri/a-uri/a-uri/a-uri/a-uri/a-uri/a-uri/a-uri/...
HTTP/1.1
Host: otherexample.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-BE,nl;q=0.9
X-Forwarded-For: CLIENTIP, SERVERIP, SERVERIP, SERVERIP, ...
X-Forwarded-Host: otherexample.com, otherexample.com, otherexample.com, ...
X-Forwarded-Server: otherexample.com, otherexample.com, otherexample.com, ...
我嘗試過的 Apache 設定:
ProxyPreserveHost On
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://example.com/a-uri/
ProxyPassReverse / https://example.com/a-uri/
重寫引擎:
RewriteRule ^/(.*) https://example.com/a-uri/$1 [P,l]
答案1
透過在每個請求的 URL 前面添加並將其發送回以再次處理,顯然會RewriteRule導致循環。/a-uri
您沒有說該指令是否是伺服器範圍配置的一部分,但看起來可能是。它應該包含在 otherexample.com 的虛擬主機中,因此它僅適用於該主機。像這樣:
<VirtualHost *:443>
ServerName otherexample.com
RewriteEngine on
RewriteRule ^/(.*) https://example.com/a-uri/$1 [P,L]
</VirtualHost>
或者,也許更清楚:
<VirtualHost *:443>
ServerName otherexample.com
ProxyPass / https://example.com/a-uri/
ProxyPassReverse / https://example.com/a-uri/
</VirtualHost>
答案2
我無法用 Apache 解決這個問題。我們嘗試了 nginx 代理,似乎對我們來說效果更好,沒有太多問題。