I just read some thread in serverfault where a user explain the same situation I have and one comment suggest that the problem was resolve by *by loading module LoadModule mpm_prefork_module modules/mod_mpm_prefork.so instead of LoadModule mpm_worker_module modules/mod_mpm_worker.so* does this sound believable to you? I understand that changing mpms in this version of apache is not so easy(it has to be re build) so I want to ask you first before I jump into such quest of rebuilding apache.
On Wed, Mar 25, 2020 at 9:39 AM Jairo Jimenez <jairo.xime...@gmail.com> wrote: > Thank you guys for such a quick response and elaborated answers. I haved > turned on the browser's debug tool and what i can get from there is > "Status": 401 unauthorized for many resources. > As per setting cookies I havent try any of this, dont know how to at the > moment. here is the configuration I have in my vhost file: > > ProxyRequests Off > ProxyPreserveHost Off > > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPass /innerLink/ http://intrasrv01:8080/sites/Home.aspx > ProxyPassReverse /innerLink/ http://intrasrv01:8080/sites/Home.aspx > > ProxyPass / http://intrasrv01:8080/ > ProxyPassReverse / http://intrasrv01:8080/ > > RequestHeader unset Accept-Encoding > AddOutputFilterByType SUBSTITUTE text/html > Substitute "s|http://intrasrv01:8080/|http://172.16.27.7:8080/|ni" > > the site is in a sharepoint 2010 server. The new odd thing is happening is > that sometimes loads almost all resources with just one login, and some times > is prompting for ever > > > On Tue, Mar 24, 2020 at 8:28 PM Muggeridge, Matt <matt.muggerid...@hpe.com> > wrote: > >> I’ll add a little more about cookies to Mark’s excellent answer… >> >> >> >> If you’re using cookies for passing authentication tokens via the >> reverse-proxy, then read about ProxyPassReverseCookiePath. >> >> >> >> E.g. let’s say your proxy uses the path “/foo/” and this is mapped to ”/” on >> the backend. Then you need a line in your configuration file: >> >> >> >> ProxyPassReverseCookiePath / /foo/ >> >> >> >> COOKIES and REVERSE PROXY: >> >> - Client issues a login request. >> >> - The backend server responds to the login request with a "Set-Cookie" >> header containing the cookie value and "path=/". >> >> - The reverse proxy must map the path to match the request, so "path=/" >> must be rewritten as "path=/<proxy-request-path>/". >> >> >> >> NOTE: You can see what’s needed by tracing the Cookie content on the >> backend server as well as this proxy. E.g. tracing the Set-Cookie in the >> Proxy might require something like: >> >> >> >> LogFormat "%h %l %u %t \"%r\" \"%{Content-Type}o\" \"C:%{Cookie}i\" >> \"S-C:%{Set-Cookie}o\" %>s %b" >> >> TransferLog "/store/log/httpd_access_log" >> >> >> >> Matt. >> >> >> >> >> >> *From:* Mark Brodis <mabro...@colorado4x4.net> >> *Sent:* Wednesday, 25 March 2020 1:58 AM >> *To:* users@httpd.apache.org >> *Subject:* Re: [users@httpd] Reverse proxy >> >> >> >> Without knowing exactly how your setup is configured, my guess is the >> issue is that when you authenticate the first time to the remote site >> whatever auth logic it's using that is not being persistent for your >> connection or repeat requests. Typically this would be a cookie, you >> authenticate successfully, the site gives you a cookie with some session ID >> in it, with each request you send that cookie and it references a valid >> session so it does not make you re-authenticate. That cookie from the site >> could be set with specific parameters, what hosts or domains are valid for >> it (when should the browser send this cookie with requests to those >> hosts/domains), what it can be used for (HTTPonly is common), expiration >> date, whether the browser should only send the cookie for secure >> connections, etc. >> >> >> >> My guess is whatever that logic is, it's not getting back to the browser >> so the browser either doesn't have, or isn't sending, whatever the site >> wants to see to show that you already have a valid session. >> >> >> >> Commonly this could happen if you are accessing a site by a different >> name, if you access 'coolsite.example.com' and that hits your proxy, >> ends up fetching content from 'othersite.foo.org', then whatever cookies >> the 'othersite.foo.org' site puts in the response, they should make it >> back to the originating browser (will be in the response header), but they >> will be for 'othersite.foo.org' and your browser will reject them >> because they will come in a reponse to a request for ' >> coolsite.example.com', if your browser did save them it still wouldn't >> use them for the next request because the name on them would be for ' >> othersite.foo.org' so it would dutifully only send those cookies to >> requests to that site (which you wouldn't be doing, you'd be going to ' >> coolsite.example.com'). >> >> >> >> If you turn on debugging (all modern browsers have this) or use a HTTP >> capture local proxy (if running Windows then Fiddler Tool is very good) you >> can see these transactions happen and see exactly what was sent and >> received from the browser's perspective. >> >> >> >> That's how I would start debugging at least. >> >> >> >> If that is the problem..then how to fix that (which is pseudo faking out >> the browser) would be to rewrite/modify the 'set-cookie' command as it >> comes from the remote server in the response and change the host/domain >> value in it to match what you actually went to. I believe that can be done >> as part of mod_rewrite but I don't have a lot of experience doing that. >> >> >> >> Good luck. >> >> >> >> On Tue, Mar 24, 2020 at 7:19 AM Jairo Jimenez <jairo.xime...@gmail.com> >> wrote: >> >> Greetings I am new to apache. so please dont be so hard if this is too >> basic >> >> >> >> I;ve been practicing by my self looking for scenarios to solve, but I >> have this a particular one that I can[t figure out. >> >> >> >> I manage to set some sore of reverse proxy to forward a website that I >> have on an intranet.(forward it to external net throug VPN). >> >> >> >> The thing I cant figure out is that when I acces this site through the >> proxy, it prompts to enter the user name an pass but it is doing this for >> every resource that needs to download, eg: images, style sheets,scripts >> every thing. >> >> >> >> Is there a way I can configure apache confs to manage this and store some >> kind of cookie or cache to avoid this and enter login credentials just >> once.? >> >>