Bug 459209 – mod_rewrite rules in ipa-rewrite.conf break cobbler install

Bug 459209 - mod_rewrite rules in ipa-rewrite.conf break cobbler install

Summary:	mod_rewrite rules in ipa-rewrite.conf break cobbler install

Status:	CLOSED ERRATA

Aliases:	None

Product:	freeIPA
Classification:	Community
Component:	WebUI (Show other bugs)
Sub Component:
Version:	1.1
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	453489
	Show dependency tree / graph

Reported:	2008-08-14 20:55 EDT by Steve Linabery
Modified:	2015-01-04 18:33 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	freeipa-2.0.0-1.fc15
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-03-27 03:14:41 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
limit mod_rewrite rules to /ipa (1.40 KB, patch) 2008-08-20 15:29 EDT, Rob Crittenden	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Steve Linabery 2008-08-14 20:55:51 EDT

Description of problem: overly greedy mod_rewrite rules in ipa-rewrite.conf break cobbler install functionality on same host.

Comment 1 Rob Crittenden 2008-08-14 21:58:52 EDT

Can you be more specific? What isn't working?

Comment 2 Steve Linabery 2008-08-15 17:00:26 EDT

sorry for the mangled irc cut and paste below:

any request coming to apache that's _not_ for the fqdn
gets a 301 redirect, even requests that aren't ipa-related and don't
require kerberos auth
in particular, this breaks the cobbler webui 
as there's local cobbler code that sends xmlrpc calls to localhost
that doesn't handle the 301 nicely

Comment 3 Rob Crittenden 2008-08-20 15:29:23 EDT

Created attachment 314651 [details]
limit mod_rewrite rules to /ipa

Comment 4 Rob Crittenden 2008-08-21 09:51:40 EDT

Removed the reference to favicon.ico in the patch since that won't ever exist in /ipa.

master: ff82c4c1e56f14b225485da09722c7f709480ab9

Comment 5 Jenny Galipeau 2008-11-25 14:11:43 EST

Please add steps to verify this bug.  Thanks.

Comment 6 Martin Nagy 2008-11-25 15:59:56 EST

From what I can understand, IPA configures apache in such a way that if you go to http://some.server.com/something it will redirect you to http://fully.qualified.domain.name/ipa/something
(note that some.server.com might already be the fully qualified domain name..)

It will also redirect it to a secure port (https) if the URL doesn't contain 'errors', 'config', or 'favicon.ico'.

Seems like this is a problem if one wants to have something else than IPA on the web server as well.

This fix ensures that the rewriting of the URL only occurs if the first URL looks like this:
http://some.server.com/ipa/something (notice there is /ipa/ here)

This means that URLs like these won't get rewritten you won't get redirected:
http://some.server.com/something
http://some.server.com/somedir/something

Hope this helps.

Comment 7 Jenny Galipeau 2008-11-26 08:37:14 EST

Fix verified:

Created /var/www/html/test/default.html
Accessed https://hostname/test/default.html from browser
no redirection.

Note You need to log in before you can comment on or make changes to this bug.