Clever Geek Handbook

Mod_rewrite not working to protect grails app

I have a grails app running on tomcat and I am using mod_proxy to connect an http server to it. My goal is to provide a login process.

My VirtualHost config to force https setup:

ProxyPass /myapp/ http://127.0.0.1:8080/myapp
ProxyPassReverse /myapp/ http://127.0.0.1:8080/myapp

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(myapp/login) https://%{HTTP_HOST}:443/$1 [NC,R=301,L]

When I go to https://mydomain.com/myapp/adm - which requires authentication - it redirects to http://mydomain.com/myapp/login/auth;jsessionid=yyyyyy no security, so the rewrite doesn't work (if I manually replace http with https it works fine).

Any hints?

+3


source to share


3 answers


When I go to https://mydomain.com/myapp/adm - which requires authentication - it redirects to http://mydomain.com/myapp/login/auth;jsessionid=yyyyyy .

It looks like Spring Security is doing a redirect to / login / auth. Burt Beckwith mentions here that Spring Security doesn't require grails.serverURL. It should use request.getServerName () Basically grails.serverURL is used for createLink methods

I would suggest:

  • try using https in grails.serverURL for workbench

  • set application context (if item 1) didn't help):

    grails.app.context = "/ MyApp"



Update

Just to isolate and better understand where the problem is:

Could you run grails (in a development environment) with https and check if everything is working fine:

grails run-app -https
+1


source


You made a typo, you wanted this:

RewriteRule ^/myapp/login https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

Your current RewriteRule cannot match



I also doubt there is any point in this

RewriteCond %{THE_REQUEST} ^[A-Z]+\s/myapp/login [NC]

This only duplicates the ^ / myapp / login you would like in the RewriteRule. Therefore, while it works, it is impractical.

+1


source


In the setup where you allow both http and https, add a separate Connector element to your tomcat conf / server.xml file:

<Connector port="8081" protocol="HTTP/1.1" 
           connectionTimeout="20000" 
           redirectPort="8443"  URIEncoding="UTF-8"
           scheme="https" secure="true" proxyName="somehostname.domain" proxyPort="443" />

If only https is allowed, you can add the schema, secure, proxyName, and proxyPort attributes to the existing Connector element.

In apache config, create virtual host proxy *: 443 for connector with additional attributes. A simple http *: 80 can connect to the original connector.

For more information: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html

+1


source






More articles:


All Articles