Apache ProxyPreserveHost 配置

阅读更多
在应用SAML的时候,HTTP Request的HOST URL是一个非常重要的参数,用于鉴定当前请求是不是和SAML的metadata一致。如果不一致的话,认证是无法通过的。

在HA环境下,Apache作为反向代理,后面会配置多个Tomcat,并且Tomcat的地址一般都是使用的内网IP,如此Tomcat在获取请求的时候就会发现当前请求的request host和metadata里的host不一致,因为metadata肯定需要配置成reverse proxy的URL。

解决的方法就是在Apache中启用ProxyPreserveHost参数。
ProxyPreserveHost on
ProxyPass / shib.example.edu:8443/
ProxyPassReverse / shib.example.edu:8443/
引用

Enabling the Apache ProxyPreserveHost directive
The ProxyPreserveHost directive is used to instruct Apache mod_proxy, when acting as a reverse proxy, to preserve and retain the original Host: header from the client browser when constructing the proxied request to send to the target server.

The default setting for this configuration directive is Off, indicating to not preserve the Host: header and instead generate a Host: header based on the target server's hostname.

Because this is often not what is wanted, you should add the ProxyPreserveHost On directive to the Apache HTTPD configuration, either in httpd.conf or related/equivalent configuration files.


另外一个链接:
http://shibboleth.1660669.n2.nabble.com/IDP-Reverse-Proxy-td7580833.html

你可能感兴趣的:(apache,ha,saml,url,reverse,proxy)