Red Hat Bugzilla – Bug 459209
mod_rewrite rules in ipa-rewrite.conf break cobbler install
Last modified: 2015-01-04 18:33:47 EST
Description of problem: overly greedy mod_rewrite rules in ipa-rewrite.conf break cobbler install functionality on same host.
Can you be more specific? What isn't working?
sorry for the mangled irc cut and paste below:
any request coming to apache that's _not_ for the fqdn
gets a 301 redirect, even requests that aren't ipa-related and don't
require kerberos auth
in particular, this breaks the cobbler webui
as there's local cobbler code that sends xmlrpc calls to localhost
that doesn't handle the 301 nicely
Created attachment 314651 [details]
limit mod_rewrite rules to /ipa
Removed the reference to favicon.ico in the patch since that won't ever exist in /ipa.
Please add steps to verify this bug. Thanks.
From what I can understand, IPA configures apache in such a way that if you go to http://some.server.com/something it will redirect you to http://fully.qualified.domain.name/ipa/something
(note that some.server.com might already be the fully qualified domain name..)
It will also redirect it to a secure port (https) if the URL doesn't contain 'errors', 'config', or 'favicon.ico'.
Seems like this is a problem if one wants to have something else than IPA on the web server as well.
This fix ensures that the rewriting of the URL only occurs if the first URL looks like this:
http://some.server.com/ipa/something (notice there is /ipa/ here)
This means that URLs like these won't get rewritten you won't get redirected:
Hope this helps.
Accessed https://hostname/test/default.html from browser