Bug 459209 - mod_rewrite rules in ipa-rewrite.conf break cobbler install
Summary: mod_rewrite rules in ipa-rewrite.conf break cobbler install
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: WebUI
Version: 1.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 453489
TreeView+ depends on / blocked
 
Reported: 2008-08-15 00:55 UTC by Steve Linabery
Modified: 2015-01-04 23:33 UTC (History)
4 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Clone Of:
Environment:
Last Closed: 2012-03-27 07:14:41 UTC
Embargoed:


Attachments (Terms of Use)
limit mod_rewrite rules to /ipa (1.40 KB, patch)
2008-08-20 19:29 UTC, Rob Crittenden
no flags Details | Diff

Description Steve Linabery 2008-08-15 00:55:51 UTC
Description of problem: overly greedy mod_rewrite rules in ipa-rewrite.conf break cobbler install functionality on same host.

Comment 1 Rob Crittenden 2008-08-15 01:58:52 UTC
Can you be more specific? What isn't working?

Comment 2 Steve Linabery 2008-08-15 21:00:26 UTC
sorry for the mangled irc cut and paste below:

any request coming to apache that's _not_ for the fqdn
gets a 301 redirect, even requests that aren't ipa-related and don't
require kerberos auth
in particular, this breaks the cobbler webui 
as there's local cobbler code that sends xmlrpc calls to localhost
that doesn't handle the 301 nicely

Comment 3 Rob Crittenden 2008-08-20 19:29:23 UTC
Created attachment 314651 [details]
limit mod_rewrite rules to /ipa

Comment 4 Rob Crittenden 2008-08-21 13:51:40 UTC
Removed the reference to favicon.ico in the patch since that won't ever exist in /ipa.

master: ff82c4c1e56f14b225485da09722c7f709480ab9

Comment 5 Jenny Severance 2008-11-25 19:11:43 UTC
Please add steps to verify this bug.  Thanks.

Comment 6 Martin Nagy 2008-11-25 20:59:56 UTC
From what I can understand, IPA configures apache in such a way that if you go to http://some.server.com/something it will redirect you to http://fully.qualified.domain.name/ipa/something
(note that some.server.com might already be the fully qualified domain name..)

It will also redirect it to a secure port (https) if the URL doesn't contain 'errors', 'config', or 'favicon.ico'.

Seems like this is a problem if one wants to have something else than IPA on the web server as well.

This fix ensures that the rewriting of the URL only occurs if the first URL looks like this:
http://some.server.com/ipa/something (notice there is /ipa/ here)

This means that URLs like these won't get rewritten you won't get redirected:
http://some.server.com/something
http://some.server.com/somedir/something

Hope this helps.

Comment 7 Jenny Severance 2008-11-26 13:37:14 UTC
Fix verified:

Created /var/www/html/test/default.html
Accessed https://hostname/test/default.html from browser
no redirection.


Note You need to log in before you can comment on or make changes to this bug.