Question

我已根据下面的配置为我们的Splunk安装配置了Apache服务器以提供SSO和反向代理。 SSO的工作方式与反向代理一样，隐藏在/ splunk URL后面的端口8000上运行的Splunk实例。

ProxyPass /splunk http://localhost:8000/splunk
ProxyPassReverse /splunk http://localhost:8000/splunk
<Location /splunk >
        # Kerberos Authentication
        AuthType Kerberos
        AuthName "Kerberos Login"
        KrbAuthRealms MYDOMAIN.COM
        Krb5KeyTab /etc/krb5.http.keytab
        KrbMethodNegotiate on
        KrbAuthoritative on
        KrbMethodK5Passwd off
        KrbLocalUserMapping on
        KrbSaveCredentials on
        require valid-user

        # SSO
        RewriteEngine On
        RewriteCond %{LA-U:REMOTE_USER} (.+)$
        RewriteRule . - [E=RU:%1]
        RequestHeader set REMOTE_USER %{RU}e
</Location>

问题出在Apache日志中我收到了很多以下错误消息。

[client x.x.x.x] Request exceeded the limit of 10 subrequest nesting levels due to probable confguration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://splunk.mydomain.com/splunk/en-GB/debug/sso

我不确定这个问题是否与Splunk有关。有没有其他人看过这个，我该如何解决这个问题？

Answer 1

尝试

RewriteRule . - [E=RU:%1,NS]

确保RewriteRule不适用于内部子请求。

Apache使用kerberos + mod_proxy + mod_rewrite递归

1 个答案: