Accessing DD-WRT via Apache reverse proxy

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
Tom17
DD-WRT Novice


Joined: 15 Jun 2011
Posts: 4

PostPosted: Wed Jun 15, 2011 16:57    Post subject: Accessing DD-WRT via Apache reverse proxy Reply with quote
Hi all,

This is my first post, but I have been searching for info on my problem, but to no avail.

I have a web server on my network that runs Apache. On it, I run various reverse proxies to other apps. For example, I have a reverse proxy to my modem (http://mysite/modem), one to my current router running Tomato (http://mysite/router) and some to various app servers on my network.

This system works well and it keeps everything in one place as well as being securely accessible from outside my network.

Now I just got a new router in another building that I have installed DD-WRT on to act as a client bridge. This all worked flawlessly so I decided to set up my reverse proxy, but it does not work correctly. I'm wondering if there is something 'funky' about the rendering of the HTML management gui that I need to be aware of.

I set up my ProxyPass and ProxyPassReverse directives just like any other proxy, as so:

ProxyPass /bridge/ http://192.168.2.2/
ProxyPassReverse /bridge/ http://192.168.2.2/

Now when I navigate to http://mysite/bridge/ I do get the default document returned, but it does not get rendered correctly. It's as if none of the supporting js/css files are being served.

I checked my logs, and the requests are indeed being made and served (eg, /common.js, lang_pack/english.js etc etc), so I am a bit stuck.

I did notice that the requests for these files are sending a referrer of http://mysite/bridge/, would this prevent the DD-WRT internal webserver from serving up valid content? I also notice that either apache or dd-wrt is sending an error 400 along with each supporting file...

I did find this other thread that is trying to do the same thing, but with no solution.
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=64853&highlight=proxypass

Thanks, and hi!,

Tom...
Sponsor
Tom17
DD-WRT Novice


Joined: 15 Jun 2011
Posts: 4

PostPosted: Wed Jun 15, 2011 20:43    Post subject: Reply with quote
Well i've fixed it Smile So I will put the solution here incase anyone else has this problem, as I really could not find any solution anywhere else.

After checking logs and then running a tcpdump, I found that the only difference between a request for say, http://mysite/bridge/images/paypal.gif called directly from the browser and called from within the main page request, was that the one called directly did not have the referrer header set.

For some reason, if this referrer field is set, the DD-WRT httpd thinks that the headers are invalid and sends the 400 error.

I don't know if this is a bug in the DD-WRT code or a security feature, but the fix in Apache is to do the following:

First enable the mod_header module - this is dependent on your platform so I will not leave instructions here.

Then in your <Location /bridge> section, add:

Code:
RequestHeader unset referer


Note that referer is not spelled correctly.
The total config to make an Apache reverse proxy work with DD-WRT would then look like:

Code:
RewriteEngine On

<Location /bridge/>
  ProxyPass http://192.168.2.2
  ProxyPassReverse http://192.168.2.2
  RequestHeader unset referer
</Location>


Now, if I can get IPV6 working nicely, I might switch my main router over from Tomato to DD-WRT (I originally went DD-WRT -> Tomato a few years ago for MLPP support with my ISP...) DD-WRT looks so much more polished now than it did back then! Smile

Thanks,

Tom...
crashfly
DD-WRT Guru


Joined: 24 Feb 2009
Posts: 2026
Location: Sol System > Earth > USA > Arkansas

PostPosted: Wed Jun 15, 2011 23:07    Post subject: Reply with quote
Tom17 wrote:
Now, if I can get IPV6 working nicely, I might switch my main router over from Tomato to DD-WRT (I originally went DD-WRT -> Tomato a few years ago for MLPP support with my ISP...) DD-WRT looks so much more polished now than it did back then! Smile

Thanks,

Tom...

Thank you for the rest of the information. I may implement that on my router, except that I use an ssh proxy already, so I am already inside my network to connect to any client apps.

As for your IPv6 "problem", I have been able to get it working just recently. At best, it is a 6to4 tunnel since ATT does not support IPv6 at this time. However, it works and I can get to most IPv6 websites (all that I have tested anyway). If you need help or pointers on how I set mine up, I can help you out with IPv6 if you want.

_________________
E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]

Try Dropbox for syncing files - get 2.5gb online for free by signing up.

Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Tom17
DD-WRT Novice


Joined: 15 Jun 2011
Posts: 4

PostPosted: Thu Jun 16, 2011 1:21    Post subject: Reply with quote
You're welcome.

Don't forget that what I did was on a PC, not my router. Unfortunately the only easy 'way in' from work is via HTTP. I can ssh too, but no forwarding is allowed on my jump server. So I have to do it this way (Well, I don't HAVE to access it while at work, but it's fun working it all out).

As for IPV6, I don't have a problem yet Smile I have IPV6 (not a tunnel) from my ISP and that is working well. It's working trivially easy in Tomato on my main router, I even have my websites listening on IPV6 and accessible to the world. No more NAT, YAY!. But I have no IPV6 anywhere else to access it from so i'm kinda just playing around with it for now.

I'll have a muck about with this one I used as my client bridge once I work out which firmware version to get and if I like it I may do the same to the main router and leave Tomato. We'll see.

Thanks for the offers of future help on that.

Tom...
myoo
DD-WRT User


Joined: 22 Jun 2006
Posts: 95
Location: Erfurt

PostPosted: Fri Aug 17, 2012 17:08    Post subject: Reply with quote
Tom17 wrote:
For some reason, if this referrer field is set, the DD-WRT httpd thinks that the headers are
invalid and sends the 400 error.

...

Then in your ... section, add:

Code:

RequestHeader unset referer   




Thank you for this information. Found that error 400 too - but couldn't explain myself. Works perfect for me too !

Very Happy
z-vap
DD-WRT Novice


Joined: 20 Dec 2009
Posts: 8
Location: Pittsburgh

PostPosted: Sat Oct 19, 2013 18:13    Post subject: Reply with quote
(zombie thread alert)

I wanted to add to this specific post mainly because this was the ONLY thing that I found that worked for me.

However I do want to make mention of the trailing slash at the end of the URI.

For this config:
Code:
<Location /ddwrt>
    ProxyPass         http://192.168.1.1
    ProxyPassReverse  http://192.168.1.1
    RequestHeader unset referer
</Location>

this worked : http://12.34.56.78/ddwrt/
badly formatted: http://12.34.56.78/ddwrt


For this config:
Code:
<Location /ddwrt/>
    ProxyPass         http://192.168.1.1/
    ProxyPassReverse  http://192.168.1.1/
    RequestHeader unset referer
</Location>

this worked : http://12.34.56.78/ddwrt/
badly formatted: http://12.34.56.78/ddwrt


But this did not for this config:
Code:
<Location /ddwrt/>
    ProxyPass         http://192.168.1.1
    ProxyPassReverse  http://192.168.1.1
    RequestHeader unset referer
</Location>

badly formatted : http://12.34.56.78/ddwrt/
Object not found: http://12.34.56.78/ddwrt


neither did this:
Code:
<Location /ddwrt>
    ProxyPass         http://192.168.1.1/
    ProxyPassReverse  http://192.168.1.1/
    RequestHeader unset referer
</Location>

400 illegal filename: http://12.34.56.78/ddwrt/
Object not found : http://12.34.56.78/ddwrt

Here was my post: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=177728
MustangChris04
DD-WRT Novice


Joined: 02 Feb 2015
Posts: 1

PostPosted: Mon Feb 02, 2015 0:15    Post subject: Reply with quote
I was having the same issue as the OP, but I am using Internet Information Services (IIS).

With IIS, Application Request Routing doesn't preserve the original header by default. The enable it open a command prompt in the following directory" "C:\Windows\System32\inetsrv"

Then run the following command:
appcmd.exe set config -section:system.webServer/proxy /preserveHostHeader:"True" /commit:apphost
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum