[ejabberd] Apache/ejabberd and mod_rewrite

Shaun Kruger shaun.kruger at gmail.com
Fri Jun 17 01:52:17 MSD 2011


Are you sure that you need mod_rewrite and not mod_proxy?  I think
mod_rewrite is going to send a redirect.  mod_proxy terminates the
connection and apache transfers all data between the user and
ejabberd.  I expect mod_proxy to provide the desired results when
working with javascript clients such as strophejs that have cross site
scripting constraints.  In a mod_proxy setup you would still run your
ejabberd_http on the default port 5280 and do a "ProxyPass /http-bind
http://ejabber-server:5280/http-bind" in your apache configuration.

mod_rewrite does not address xss problems because it sends the client
a URL that it perhaps doesn't have access to according to javascript
security rules.

I might be making some assumptions based on the use cases for BOSH
that I'm most familiar with.  Could you provide some more details
about your setup?

Shaun

On Thu, Jun 16, 2011 at 2:39 PM, Jette Derriche <jette at nerdgirl.dk> wrote:
>
> I am a bit confused about the relation between hosts configured in
> ejabberd and apache. I have configured the rewrite rule in apache but
> whenever I access /http-bind in the browser I get "forbidden".
>
> I am able to access http-bind directly via the host configured in
> ejabberd.
>
> This is my apache virtual host, from where the http chat client will be:
>
> (I have replaced the actual domain with 'example')
>
> --------------------------------
> <VirtualHost *:80>
>   ServerName jabber.example.com
>   DocumentRoot /usr/local/www/vhosts/jabber.example.com
>   <Directory /usr/local/www/vhosts/jabber.example.com>
>     Options  +Indexes +Multiviews
>   </Directory>
>   AddDefaultCharset UTF-8
>   RewriteEngine on
>   RewriteRule http-bind/ http://chat.example.com/http-bind/ [P]
> </VirtualHost>
> --------------------------------
>
> And this is the hosts defined in ejabberd.cfg:
>
> --------------------------------
> {hosts, ["localhost","jabber.example.com","chat.example.com"]}.
> --------------------------------
>
> And the listen config:
>
> --------------------------------
>  {{80,12.34.56.78}, ejabberd_http, [
>        %%{request_handlers,
>        %% [
>        %%  {["pub", "archive"], mod_http_fileserver}
>        %% ]},
>        %%captcha,
>        http_bind,
>        http_poll,
>        %%register,
>        web_admin
>       ]}
> --------------------------------
>
> I can access http://chat.example.com/http-bind/
> But I can't http://jabber.example.com/http-bind/
>
> Actually I am not sure if jabber.example.com needs to be configured both
> in apache and ejabberd. It seems to make no difference if it is in
> ejabberd.cfg or not.
>
> What am I doing wrong with the apache rewrite?
>
> As I understand, I need the rewrite to be able to access ejabberd from a
> XMPP javascript like JSJaC, at the website where the chat is
> implemented.
>
> /Jette
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>


More information about the ejabberd mailing list