Apache 反向代理剥离授权标头

时间:2021-06-29 10:25:09

标签: apache authorization reverse-proxy bearer-token

我正在使用 Apache - 在 Mac 上,Apache 是通过 brew 安装的 - 作为反向代理连接到位于 docker 容器内的 Web 服务器。 apache 具有以下规格:

Server version: Apache/2.4.48 (Unix)
Server built:   May 26 2021 07:00:18

除了作为反向代理运行的 Apache 将 authorization 标头从到达上游服务器之外,一切正常。以下是我的 .conf 设置 -

<VirtualHost *:80>
    ServerName web.test
    ServerAlias www.web.test
    ServerAdmin mail@web.test

    # Redirecting insecure connections to secure connections
    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\. [NC]
    RewriteRule ^ https://web.test%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>

<VirtualHost *:443>
    ServerName web.test
    ServerAlias www.web.test

    <Directory />
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
    Satisfy Any

    </Directory>

    ErrorLog "/Users/test/websites/web.test/logs/host/error.log"
    CustomLog "/Users/test/websites/web.test/logs/host/access.log" combined

    <Location />
        ProxyPass        "https://127.0.0.1:14443/"
        ProxyPassReverse "https://127.0.0.1:14443/" 
        Order deny,allow
        Allow from all
    </Location>
    
    SSLEngine on
    SSLCertificateFile "/path/to/certificates/web.test/web.test.crt"
    SSLCertificateKeyFile "/path/to/certificates/web.test/web.test.key"

    ProxyRequests on
    ProxyPreserveHost On
    ProxyTimeout 1000

    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

   RewriteEngine On
   RewriteCond %{HTTPS} on
   RewriteCond %{HTTP_HOST} ^www\. [NC]
   RewriteRule ^ https://web.test%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>

在 docker 中,端口 443 映射到主机端口 1443,我使用自签名证书进行开发。我知道出于安全考虑,Apache 可能会从其 authorization : Bearer value 令牌中剥离请求。但就我而言,剥离 authorization 是不可取的,因为授权是在上游服务器上处理的。

我在 SO 中看到过类似的问题 - 几乎所有问题 - 但没有人为我提供解决方案。有人能告诉我如何解决这个问题吗?

0 个答案:

没有答案
相关问题
最新问题