DevHeads.net

ReverseProxy InvalidUriScheme

Hi Everyone,

I have a small issue when configuring a ReverseProxy and Im wondering if someone has run into this issue before

- Application Innerscope developed in MS silverlight
(iframe content)
- Application does not support HTTPS
(We didn’t write the app in-house this has been provided by vendor)

- We do SSL offloading at the load balancer level before you hit the apache sever

- Proxy Config (very simple)

<VirtualHost *:*>
<IfDefine DEV>
ServerName <a href="https://testsite.dev.auckland.ac.nz" title="https://testsite.dev.auckland.ac.nz">https://testsite.dev.auckland.ac.nz</a>
</IfDefine>

RequestHeader set X-Forwarded-Proto http
RewriteRule .* http://xxx.xxx.xxx.xxx$0 [P,NE,QSA,L]

</VirtualHost>

1. Application Error:

[InvalidUriScheme]
Arguments: https,http
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See <a href="http://go.microsoft.com/fwlink/?linkid=106663&amp;Version=5.1.41212.00&amp;File=System.ServiceModel.dll&amp;Key=InvalidUriScheme" title="http://go.microsoft.com/fwlink/?linkid=106663&amp;Version=5.1.41212.00&amp;File=System.ServiceModel.dll&amp;Key=InvalidUriScheme">http://go.microsoft.com/fwlink/?linkid=106663&amp;Version=5.1.41212.00&amp;File=...</a>
Parameter name: via

2. From testing

- Tested the Virtual Site with HTTP and Reverse Proxy with HTTP — Works as excepted

<VirtualHost *:*>
<IfDefine DEV>
ServerName <a href="http://testsite.dev.auckland.ac.nz" title="http://testsite.dev.auckland.ac.nz">http://testsite.dev.auckland.ac.nz</a>
</IfDefine>

RewriteRule .* http://xxx.xxx.xxx.xxx$0 [P,NE,QSA,L]
</VirtualHost>

3. Apache Logs

testsite.dev.auckland.ac.nz: 127.0.0.1 - - [26/Oct/2016:21:36:54 +1300] "GET /Innerscope.xap?ignoreme=%20%20%20%20%201425527793 HTTP/1.1" 200 2400728 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0”

The backend server rejects the request because it requires HTTP not HTTPS

4. Attempted Workarounds / Hack Options - thought I could attempt to fake the Protocol
RequestHeader set X-Forwarded-Proto http

Any thoughts ???

Comments

Re: ReverseProxy InvalidUriScheme

By Daniel at 10/27/2016 - 11:45

ServeName can just take host names, not the scheme (http/https), and
virtualhost *:* looks to me a very complicatinhg, as in, normally one
virtualhost is SSL or not, but not both. So how about trying to go with
what's more correct and simple:

<VirtualHost *:80>
ServerName testsite.dev.auckland.ac.nz

ProxyPass / <a href="http://xxx.xxx.xxx.xxx/" title="http://xxx.xxx.xxx.xxx/">http://xxx.xxx.xxx.xxx/</a>
ProxyPassReverse / <a href="http://xxx.xxx.xxx.xxx/" title="http://xxx.xxx.xxx.xxx/">http://xxx.xxx.xxx.xxx/</a>
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
ServerName testsite.dev.auckland.ac.nz

ProxyPass / <a href="http://xxx.xxx.xxx.xxx/" title="http://xxx.xxx.xxx.xxx/">http://xxx.xxx.xxx.xxx/</a>
ProxyPassReverse / <a href="http://xxx.xxx.xxx.xxx/" title="http://xxx.xxx.xxx.xxx/">http://xxx.xxx.xxx.xxx/</a>
</VirtualHost>

Or am I missing something?

2016-10-26 11:07 GMT+02:00 Reid Watson <reid. ... at auckland dot ac.nz>:

Re: ReverseProxy InvalidUriScheme

By Reid Watson at 10/29/2016 - 19:11

Hi Daniel

I have been testing your proposed solutions

- <VirtualHost *:80> configuration works correctly
- <VirtualHost *:443> I receive InvalidUriScheme error message

I believe backend checks the protocol, problem is I don't have access to the backend application — I will have a chat to the vendor

I thought I could fake Protocol to the backend server but I’m making assumptions without understanding the application in more details

RequestHeader set X-Forwarded-Proto

Cheers

Reid