Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Shekhar (AmitShekhar)

AmitShekhar Member since 2016 3 posts
Posted: Jan 13, 2016
Last activity: Mar 16, 2016
Posted: 13 Jan 2016 14:59 EST
Last activity: 16 Mar 2016 15:40 EDT
Closed
Solved

Reverse Proxy  + Custom authentication

Hello Team,

I am implementing custom authentication for a customer via reverse proxy server.

I have followed PDN article https://pdn.pega.com/how-configure-reverse-proxy-server to the required setup

System setting for ContextRewriteEnabled has been set to true in prcofig.xml

Initial request seems to go through properly but later request are not working

.         User clicks link to https://InternalPortal/prweb/App1/CustomServlet

Based on location the reverse proxy then redirects to correct pega url.

The corresponding proxy config is shown below:

<Location "/prweb/App1/">

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

Show More

Hello Team,

I am implementing custom authentication for a customer via reverse proxy server.

I have followed PDN article https://pdn.pega.com/how-configure-reverse-proxy-server to the required setup

System setting for ContextRewriteEnabled has been set to true in prcofig.xml

Initial request seems to go through properly but later request are not working

.         User clicks link to https://InternalPortal/prweb/App1/CustomServlet

Based on location the reverse proxy then redirects to correct pega url.

The corresponding proxy config is shown below:

<Location "/prweb/App1/">

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

ProxyPass https://pega1/prweb/

ProxyPassReverse https://pega1/prweb/

ProxyPassReverseCookieDomain "pega1" "internalportal"

ProxyPassReverseCookiePath "/" "/prweb/App1/"

</Location >

 

It seems the initial request is reaching pega but somehow updates the URL to just https://internalportal/CustomServlet

Notice that the key word "/prweb/App1" gets removed at pega side.

Due to this the new URL is getting blocked by proxy server as then it becomes an invalid URL

Are we doing something incorrectly here?


Show Less
To see attachments, please log in.
System Administration

Accepted Solution

Posted: 10 years ago
Posted: 22 Jan 2016 8:21 EST
Chris Koyl (ChrisKoyl)
PEGA
Fellow Cloud Security Engineer
Pegasystems Inc.
US

Amit and I worked on this together and got this working with the following Apache mod_proxy settings:

<Location "/prweb/App1/">

ProxyPass https://pega1/prweb nocanon

ProxyPassReverse https://pega1/prweb

ProxyPassReverseCookieDomain "pega1" "internalportal"

ProxyPassReverseCookiePath "/" "/prweb/App1/"

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

</Location >

The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.

Also, we verified that the following were set:

ProxyRequests off

Show More

Amit and I worked on this together and got this working with the following Apache mod_proxy settings:

<Location "/prweb/App1/">

ProxyPass https://pega1/prweb nocanon

ProxyPassReverse https://pega1/prweb

ProxyPassReverseCookieDomain "pega1" "internalportal"

ProxyPassReverseCookiePath "/" "/prweb/App1/"

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

</Location >

The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.

Also, we verified that the following were set:

ProxyRequests off

ProxyPerserveHost on

This was done higher in the configuration.

Patches:

7.1.8:  None  (do NOT use HFix-22433)

7.1.9:  Use Hfix-24654.  This patch prevents any X-Forwarded headers sent from load balancers or web server plugins, WebLogic plugin for example, from overriding the PegaRULES-SetContextURI.


Show Less
To see attachments, please log in.

Accepted Solution

Posted: 10 years ago
Posted: 22 Jan 2016 8:21 EST
Chris Koyl (ChrisKoyl)
PEGA
Fellow Cloud Security Engineer
Pegasystems Inc.
US

Amit and I worked on this together and got this working with the following Apache mod_proxy settings:

<Location "/prweb/App1/">

ProxyPass https://pega1/prweb nocanon

ProxyPassReverse https://pega1/prweb

ProxyPassReverseCookieDomain "pega1" "internalportal"

ProxyPassReverseCookiePath "/" "/prweb/App1/"

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

</Location >

The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.

Also, we verified that the following were set:

ProxyRequests off

Show More

Amit and I worked on this together and got this working with the following Apache mod_proxy settings:

<Location "/prweb/App1/">

ProxyPass https://pega1/prweb nocanon

ProxyPassReverse https://pega1/prweb

ProxyPassReverseCookieDomain "pega1" "internalportal"

ProxyPassReverseCookiePath "/" "/prweb/App1/"

RequestHeader set PegaRULES-SetContextURI: https://InternalPortal/prweb/App1

</Location >

The ProxyPass and ProxyPassReverse had the trailing slashes removed. Also added nocanon option to ProxyPass.

Also, we verified that the following were set:

ProxyRequests off

ProxyPerserveHost on

This was done higher in the configuration.

Patches:

7.1.8:  None  (do NOT use HFix-22433)

7.1.9:  Use Hfix-24654.  This patch prevents any X-Forwarded headers sent from load balancers or web server plugins, WebLogic plugin for example, from overriding the PegaRULES-SetContextURI.


Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice