This discussion is archived
1 2 Previous Next 16 Replies Latest reply: Nov 2, 2009 1:52 PM by 807573 Go to original post RSS
  • 15. Re: Proxy Returns 403 Forbidden For All Requests
    807573 Oracle ACE
    Currently Being Moderated
    I've just stumbled upon a way to get the request to "/" on port 443 to be redirected the way that I want.

    First I added a client tag to obj.conf that would handle requests for "/" when security is on:

    <Client security="on">
    NameTrans fn="home-page" path=/home
    </Client>

    I used the home-page function because it is specifically designed to handle requests for "/". I translated the path to /home, which is a bogus path and doesn't exist anywhere, either on the webserver or on the proxy.

    Then I defined a new object and had it map the request the way that I want:

    <Object ppath=/home>
    NameTrans fn="map" from="/home" to="http://deve-bcclearning.tanagerinc.com/plateau/user/login.jsp" rewrite-host="true"
    </Object>

    This effectively creates a mapping just for the specific situation of a request for "/". All the other times I tried this using other methods, I ended up mapping everything to the login.jsp page

    What do you think of this solution?
  • 16. Re: Proxy Returns 403 Forbidden For All Requests
    807573 Oracle ACE
    Currently Being Moderated
    As long as there is never a /home in the app then it looks like it should work. What I was suggesting was to have two separate client tag statements with the same NameTrans redirect in each. The difference between them would be that one would check for security="on" and the other would check for uri="/". The idea being that all non secure requests get redirected to the login page as well as secure requests only for the top-level url /. You mentioned that you had tried a NameTrans for "/" which affected all requests. That is what I would expect since the map functionality looks for the from="/" value to be the prefix of the requested item and everything starts with /. I can see that is why you mentioned wanting a regex so that you could limit the meaning of / to be the actual item requested rather than a prefix. That is basically what the <Client uri="/"> does. The example I should have posted was:

    <Object name="default">
    AuthTrans fn="match-browser" browser=".MSIE." ssl-unclean-shutdown="true"
    <Client security="off">
    NameTrans fn="redirect" from="/" url="https://deve-bcclearning.tanagerinc.com/plateau/user/login.jsp"
    </Client>
    <Client uri="/">
    NameTrans fn="redirect" from="/" url="https://deve-bcclearning.tanagerinc.com/plateau/user/login.jsp"
    </Client>
    NameTrans fn="reverse-map" from="http://deve-bcclearning.tanagerinc.com/" to="https://deve-bcclearning.tanagerinc.com/" rewrite-location="true" rewrite-content-location="true"
    NameTrans fn="map" from="/" to="http://deve-bcclearning.tanagerinc.com/" rewrite-host="true"
    PathCheck fn="url-check"
    PathCheck fn="check-acl" acl="default"
    ObjectType fn="block-ip"
    Service fn="deny-service"
    AddLog fn="flex-log" name="access"
    </Object>

    Also I had said that the pages could have absolute urls for resources and that because you are manipulating dns name resolution this might minimize the visibility of this issue. I mention this because in an environment where the proxy is actually in front of many applications on many webservers all with different dns names the urls for resources becomes an issue. Are all the web pages using relative urls for thier resources?
1 2 Previous Next