Apache-2.4

帶有重定向刪除授權標頭的 Apache mod_rewrite

  • April 28, 2020

我設置了一些 Apache mod_rewrite 規則來將 Maven 部署從一個 url/伺服器重定向到另一個。我們正在從 Nexus 遷移到 Artifactory,需要設置這些重定向,以便團隊仍然可以在一段時間內使用 Nexus URL 而不會破壞建構。這是我們的 mod_rewrite 規則的範例:

RewriteRule ^/nexus/content/repositories/nexus-repository/(.*)$ https://artifactory-instance.net/repository/$1 [NE,R=301,L]

該規則成功地將 GET 請求重定向到新的 Artifactory URL,但我們遇到了授權標頭在重定向中被丟棄的問題。我們收到 401 錯誤,通過執行 cURL PUT 命令來推送單個工件,我可以看到授權標頭正在被刪除:

...
> PUT /nexus/content/repositories/nexus-repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: nexus-instance.com
> Authorization: Basic XXXXXXXXXX
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
> 
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 23 Apr 2020 17:27:22 GMT
< Server: Apache/2.4.37 (Red Hat Enterprise Linux)
< Location: https://artifactory-instance.net/repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar
< Content-Length: 311
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
...
> PUT /repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: artifactory-instance.net
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
> 
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 401 Unauthorized
< Date: Thu, 23 Apr 2020 17:27:22 GMT
...
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Artifactory Realm"
< Content-Type: application/json;charset=ISO-8859-1
< Transfer-Encoding: chunked
...

cURL 有一個名為--location-trusted. 當我將它應用到我的測試 cURL 命令時,它會將授權標頭傳遞給重定向。

--location-trusted我的問題是,在 httpd中是否有任何等價物?我該怎麼做才能通過重定向傳遞身份驗證標頭?

我想出了我需要什麼才能讓它工作。mod_rewrite 不會讓它工作,但使用 mod_proxy 我能夠讓它工作:

ProxyPreserveHost Off
SSLProxyEngine On

<Location /nexus/content/repositories/nexus-repository>
   ProxyPass https://artifactory-instance.net/repository
   ProxyPassReverse https://artifactory-instance.net/repository
</Location>

它不會將使用者重定向到 URL,但會在連結 URL 中顯示 Artifactory 內容。

引用自:https://serverfault.com/questions/1013838