Getting error when logging in with Proxypass set up
101 views
Skip to first unread message
ldriver
Jul 25, 2016, 5:16:57 PM7/25/16
to Hippo Community
I have a website running on Apache port 80, and I have the following Proxypass set up for the Hippo CMS site:
This works and when I go to my URL http://www.example.com/cms, I do get the Hippo CMS login page. But when I enter the user/pass and submit, I get this error:
ProxyPass /cms http://localhost:8080/cmsProxyPassReverse /cms http://localhost:8080/cmsThis works and when I go to my URL http://www.example.com/cms, I do get the Hippo CMS login page. But when I enter the user/pass and submit, I get this error:
Forbidden
You don't have permission to access /cms/ on this server.
This is the URL it forwards to when I get the error: http://www.example.com/cms/?0-1.IFormSubmitListener-root-login~panel-login~form
There are no errors in my Tomcat logs, I tailed each of the files (hippo-cms, catalina.out, localhost_access), no errors.
Does anyone know why I can get to the login page, but can't log in. If I forward 80 to 8080 using iptables, it works. But I don't want to do that (actually at this time I "can't" do that due to security issues), I would rather use Proxypass. Has anyone gotten this to work?
I did look at the documentation here, that sample configuration did not work and generally did not help me.
Woonsan Ko
Jul 25, 2016, 5:28:43 PM7/25/16
to hippo-c...@googlegroups.com
Can you try to follow this best practice documentation?
I guess you need the following at least for cms server virtual host config:
ProxyPreserveHost Off
ProxyPass / http://127.0.0.1:8080/cms/
ProxyPassReverse / http://127.0.0.1:8080/cms/
ProxyPassReverseCookiePath /cms /
Regards,
Woonsan
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
w....@onehippo.com www.onehippo.com
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
ldriver
Jul 25, 2016, 6:46:53 PM7/25/16
to Hippo Community
That does not work. When I use my URL http://www.example.com/ I get a 404 error.
And when I add "?0" to the end, so it becomes: http://www.example.com/?0, I get the login page.
But when I login, I get a 404 error:
HTTP Status 404 - /cms/error/noindex.html
Here is the URL I get forwarded to:
Woonsan Ko
Jul 25, 2016, 7:01:09 PM7/25/16
to hippo-c...@googlegroups.com
Can you post your proxy configuration for cms here?
Regards,
Regards,
Woonsan (Sent from my iPhone)
--
ldriver
Jul 25, 2016, 7:06:29 PM7/25/16
to Hippo Community
It was just as you said, but here is a cut/paste from the httpd.conf:
Listen 80
<VirtualHost *:80> ProxyPreserveHost Off ProxyPass / http://127.0.0.1:8080/cms/ ProxyPassReverse / http://127.0.0.1:8080/cms/ ProxyPassReverseCookiePath /cms /</VirtualHost><Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" proxyName="www.example.com" proxyPort="80" />On Monday, July 25, 2016 at 5:16:57 PM UTC-4, ldriver wrote:
ldriver
Jul 25, 2016, 8:16:02 PM7/25/16
to Hippo Community
Ok so one problem is solved, the following was in my httpd conf, and I removed it and the log in works:
<IfModule security2_module>
Include crs-tecmint/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf
</IfModule>
However, now when I login, it immediately logs me out, I cannot stay logged in, I'm not sure why. There are no errors in the tomcat logs or httpd logs. How can I debug why it's not staying logged in.
On Monday, July 25, 2016 at 5:16:57 PM UTC-4, ldriver wrote:
Woonsan Ko
Jul 25, 2016, 9:16:00 PM7/25/16
to hippo-c...@googlegroups.com
The VirtualHost configuration seems okay. Can you remove proxyName and proxyPort in server.xml and try it again?
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
ldriver
Jul 25, 2016, 9:27:13 PM7/25/16
to Hippo Community
Ok removed, I get the same thing. I can login to /cms/console with not issues, but /cms logs me in and then immediately kicks me out back to the login screen.
Woonsan Ko
Jul 25, 2016, 10:18:07 PM7/25/16
to hippo-c...@googlegroups.com
If your virtual host configuration for www.example.com is like these,
ProxyPreserveHost Off
ProxyPass / http://127.0.0.1:8080/cms/
ProxyPassReverse / http://127.0.0.1:8080/cms/
ProxyPassReverseCookiePath /cms /
I think you should access cms application by http://www.example.com/, not http://www.example.com/cms/. And CMS Console by http://www.example.com/console/, not http://www.example.com/cms/console/.
marijan milicevic
Jul 26, 2016, 3:47:32 AM7/26/16
to hippo-c...@googlegroups.com
On Tue, Jul 26, 2016 at 3:27 AM, ldriver <ldri...@gmail.com> wrote:
Ok removed, I get the same thing. I can login to /cms/console with not issues, but /cms logs me in and then immediately kicks me out back to the login screen.
this indicates that most probably your cookie path is wrong....also, if you are running a cluster behind loadbalancer, make sure sticky sessions are enabled...
cheers
marijan
Mahesh Acharya
Jul 26, 2016, 10:52:13 AM7/26/16
to hippo-c...@googlegroups.com
On Mon, Jul 25, 2016 at 8:16 PM, ldriver <ldri...@gmail.com> wrote:
> Ok so one problem is solved, the following was in my httpd conf, and I
> removed it and the log in works:
>
> <IfModule security2_module>
>
> Include crs-tecmint/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
>
> Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf
>
> </IfModule>
>
>
> However, now when I login, it immediately logs me out, I cannot stay logged
> in, I'm not sure why. There are no errors in the tomcat logs or httpd logs.
> How can I debug why it's not staying logged in.
Are you able to check hippo-cms.log in your srever? maybe you want to
> removed it and the log in works:
>
> <IfModule security2_module>
>
> Include crs-tecmint/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
>
> Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf
>
> </IfModule>
>
>
> However, now when I login, it immediately logs me out, I cannot stay logged
> in, I'm not sure why. There are no errors in the tomcat logs or httpd logs.
> How can I debug why it's not staying logged in.
paste the snippet here..
Also,
Do you have any services/servlet that creates a session like below
UserSession.get().getJcrSession()
and call session.logout() immediately? That is one scenario you are
likely to be prompted for re-login recursively.
>
>
> On Monday, July 25, 2016 at 5:16:57 PM UTC-4, ldriver wrote:
>>
>> I have a website running on Apache port 80, and I have the following
>> Proxypass set up for the Hippo CMS site:
>>
>> ProxyPass /cms http://localhost:8080/cms
>> ProxyPassReverse /cms http://localhost:8080/cms
>>
>> This works and when I go to my URL http://www.example.com/cms, I do get
>> the Hippo CMS login page. But when I enter the user/pass and submit, I get
>> this error:
>>
>> Forbidden
>> You don't have permission to access /cms/ on this server.
>>
>> This is the URL it forwards to when I get the error:
>> http://www.example.com/cms/?0-1.IFormSubmitListener-root-login~panel-login~form
>>
>> There are no errors in my Tomcat logs, I tailed each of the files
>> (hippo-cms, catalina.out, localhost_access), no errors.
>>
>> Does anyone know why I can get to the login page, but can't log in. If I
>> forward 80 to 8080 using iptables, it works. But I don't want to do that
>> (actually at this time I "can't" do that due to security issues), I would
>> rather use Proxypass. Has anyone gotten this to work?
>>
>> I did look at the documentation here, that sample configuration did not
>> work and generally did not help me.
>
> --
> Hippo Community Group: The place for all discussions and announcements about
> Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google Groups
> "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to hippo-communi...@googlegroups.com.
> Visit this group at https://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.
--
Mahesh R. ACHARYA
> Hippo Community Group: The place for all discussions and announcements about
> Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google Groups
> "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to hippo-communi...@googlegroups.com.
> Visit this group at https://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.
--
Solution Architect | Mobile: 781-640-5559 | Email: m.ac...@onehippo.com
Boston - 71 Summer Street, Boston, MA 02110
http://www.onehippo.com/
ldriver
Jul 26, 2016, 11:31:19 AM7/26/16
to Hippo Community
Ok awesome, I got it working, marijan had said the cookie path was wrong and that was correct, I changed the cookie path and enabled sticky session and it's now behaving correctly. Thank you all!
On Monday, July 25, 2016 at 5:16:57 PM UTC-4, ldriver wrote:
sr...@hugeinc.com
Oct 21, 2016, 3:49:50 AM10/21/16
to Hippo Community
I am having this same issue what exactly was wrong with the cookie path? where do I set this up?... thanks appreciate it if you can post the details
marijan milicevic
Oct 21, 2016, 8:58:22 AM10/21/16
to hippo-c...@googlegroups.com
On Fri, Oct 21, 2016 at 5:23 AM, <sr...@hugeinc.com> wrote:
I am having this same issue what exactly was wrong with the cookie path? where do I set this up?... thanks appreciate it if you can post the details
if you read the thread posts you would/could have found the link to:
cheers
marijan
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-community@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-community+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages