Bug 459061
Summary: | ipa.conf Proxy directive wildcard match not specific enough | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] freeIPA | Reporter: | Steve Linabery <slinaber> | ||||
Component: | WebUI | Assignee: | Rob Crittenden <rcritten> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 1.1 | CC: | benl, dpal, jgalipea, rvokal | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-03-27 07:13:06 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 453489 | ||||||
Attachments: |
|
Description
Steve Linabery
2008-08-14 06:29:17 UTC
Created attachment 314327 [details]
Make Proxy directive wildcard match more specific
master: 8edc9aa8aa9c109aa2c904161985288710748333 The <ProxyMatch> in the ipa.conf file is: <ProxyMatch ^.*/ipa/ui.*$$> Which does not match that in comment #1, <ProxyMatch ^.*/ipa/ui.*$> Please advice. Thanks Jenny, this file is a template containing variables like $REALM. These are replaced, the $$ is replaced by single $, so what's important is the resulting file that gets installed. Is this similar to https://bugzilla.redhat.com/show_bug.cgi?id=459209? To verify - try to access a uri that doesn't exist and there should be no redirection? Thanks Setting this to assigned to get question answered. No, this one doesn't cover redirection, it covers whether requests should be forwarded to TurboGears. Try this. Create /etc/httpd/conf.d/proxy.conf: ProxyPass /foo http://www.redhat.com/ ProxyPassReverse /foo http://www.redhat.com/ Restart httpd curl -kv https://localhost/foo Should return the contents of http://www.redhat.com/ You can further test with: curl -kv https://your.server.name/ipa/ui It should return the contents of the kerberos login failed screen. And even more: kinit admin@REALM curl -kv --negotiate -u : https://your.server.name/ipa/ui That should do a full connection and you should receive the contents of the main page with full rights. Thanks Rob Fix Verified: .../foo returns contents of redhat.com no admin ticket .../ipa/ui returns kerberos login failure contents admin ticket ../ipa/ui returns contents of ipa_webgui page |