Apache Reverse Proxy - HTTP requests with a Cookie
We have an Apache Reverse Proxy which works fine (configuration below). Now we have the need to forward a few requests to another server (server3.domain.com) and check that a cookie named "LtpaToken" exists in user request. If the cookie is absent, the error page will return (we want to block anonymous requests).
I need to forward http(s)://server.domain.com/jsreports/* to JSReport's http(s) server VM ( server3.domain.com IP address) and check the LtpaToken if exists.
Can anybody give some hints how can it be implemented? Thank you!
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ServerName server.domain.com
ServerAlias server.com
ProxyRequests Off
# ProxyPreserveHost On
<Proxy balancer://my_cluster>
BalancerMember https://server.domain.com keepalive=on
BalancerMember https://server2.domain.com keepalive=on status=+H
AllowOverride None
Order allow,deny
allow from all
# ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Deny from all
allow from 192.168.1
allow from 5.5.20
allow from 10.0.0
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://my_cluster/
ProxyPassReverse / balancer://my_cluster/
Solution 1:
You can check the presence of the LtpaToken=
string in the Cookie
header, and serves the "/forbidden.html" page if it is not found.
RewriteEngine On
RewriteCond "%{HTTP:Cookie}" "!LtpaToken=" [NC]
RewriteRule ".*" "/forbidden.html" [R,P]
If you want to return a HTTP error (403), you can replace the last line with
RewriteRule ".*" - [F]