Bug 459209 - mod_rewrite rules in ipa-rewrite.conf break cobbler install
mod_rewrite rules in ipa-rewrite.conf break cobbler install
Product: freeIPA
Classification: Community
Component: WebUI (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
Depends On:
Blocks: 453489
  Show dependency treegraph
Reported: 2008-08-14 20:55 EDT by Steve Linabery
Modified: 2015-01-04 18:33 EST (History)
4 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-27 03:14:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
limit mod_rewrite rules to /ipa (1.40 KB, patch)
2008-08-20 15:29 EDT, Rob Crittenden
no flags Details | Diff

  None (edit)
Description Steve Linabery 2008-08-14 20:55:51 EDT
Description of problem: overly greedy mod_rewrite rules in ipa-rewrite.conf break cobbler install functionality on same host.
Comment 1 Rob Crittenden 2008-08-14 21:58:52 EDT
Can you be more specific? What isn't working?
Comment 2 Steve Linabery 2008-08-15 17:00:26 EDT
sorry for the mangled irc cut and paste below:

any request coming to apache that's _not_ for the fqdn
gets a 301 redirect, even requests that aren't ipa-related and don't
require kerberos auth
in particular, this breaks the cobbler webui 
as there's local cobbler code that sends xmlrpc calls to localhost
that doesn't handle the 301 nicely
Comment 3 Rob Crittenden 2008-08-20 15:29:23 EDT
Created attachment 314651 [details]
limit mod_rewrite rules to /ipa
Comment 4 Rob Crittenden 2008-08-21 09:51:40 EDT
Removed the reference to favicon.ico in the patch since that won't ever exist in /ipa.

master: ff82c4c1e56f14b225485da09722c7f709480ab9
Comment 5 Jenny Galipeau 2008-11-25 14:11:43 EST
Please add steps to verify this bug.  Thanks.
Comment 6 Martin Nagy 2008-11-25 15:59:56 EST
From what I can understand, IPA configures apache in such a way that if you go to http://some.server.com/something it will redirect you to http://fully.qualified.domain.name/ipa/something
(note that some.server.com might already be the fully qualified domain name..)

It will also redirect it to a secure port (https) if the URL doesn't contain 'errors', 'config', or 'favicon.ico'.

Seems like this is a problem if one wants to have something else than IPA on the web server as well.

This fix ensures that the rewriting of the URL only occurs if the first URL looks like this:
http://some.server.com/ipa/something (notice there is /ipa/ here)

This means that URLs like these won't get rewritten you won't get redirected:

Hope this helps.
Comment 7 Jenny Galipeau 2008-11-26 08:37:14 EST
Fix verified:

Created /var/www/html/test/default.html
Accessed https://hostname/test/default.html from browser
no redirection.

Note You need to log in before you can comment on or make changes to this bug.