Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 12:57:37 2006 good.pngbad.png
    icon2.gif   Re: Accessing elog through two apache servers..., posted by Stefan Ritt on Tue Feb 14 13:40:49 2006 
       icon2.gif   Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 14:23:04 2006 
          icon2.gif   Re: Accessing elog through two apache servers..., posted by Dimitrios Tsirigkas on Tue Feb 14 16:06:28 2006 
             icon2.gif   Re: Accessing elog through two apache servers..., posted by Stefan Ritt on Wed Feb 15 18:13:25 2006 
Message ID: 1689     Entry time: Tue Feb 14 13:40:49 2006     In reply to: 1688     Reply to this: 1690
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Question  OS: Linux  ELOG Version: 2.6.1 
Subject: Re: Accessing elog through two apache servers... 
Hi Dimitrios,

I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/. In meantime I learned that relative redirects are not allowed. Actually the Safari Browser on the MAC complains and does not support this. So my problem is not how to derive the URL for the redirection.

The standard way is the URL = ... option in the config file. So ELOG takes this URL, and adds the remainder if needed (like the entry ID after a submit, so to go to .../DAQ/123 for example). While this works fine if you only access ELOG through that URL, it breaks if you access if from different locations. Other people at BNL have the problem that they access ELOG through a ssh tunnel, so the browser URL is then http://localhost:1234 which is the local end of the tunnel. Since the redirection uses then the Apache URL, they have the same problem.

Now the big question is how to derive the URL dynamically. From your Ethereal dumps you see that there is the Referer: statement which would be one option. Actually if you install "Tamper Data", which is a Firefox extension, you can monitor the HTTP traffic much easier inside your browser than with Ethereal. The problem with this is that if you bookmark a ELOG page directly in the browser, the first access to that page does not contain any Referer: statement. The other options are the Host: or the X-Forwarded-Host: statements. The problem is that they do not contain any subdirectory, like your /DAQ/ in the example above. Furthermore, if you access ELOG through Apache and through an ssh tunnel directly for example, one URL does have the Apache subdirectory and the other has none.

So from the setup you have right now, can you derive a set of rules how to compose the forward URL from the items in the HTTP header? If you succeed, I'm happy to implement this into the next version of ELOG.

Best regards,

Stefan
ELOG V3.1.5-fe60aaf