hostヘッダの検証

Windows側のhostsファイル修正

192.168.2.170 nginx

 

②ngixのconf修正

URLがnginxできたものを後ろのIHSに送る。(81番ポート)

このとき、レスポンスヘッダのhost部分はキープする。(nginxという名前で)

[root@localhost conf.d]# cat server.conf
server {

listen 80;
server_name nginx;

#location /KKK/ {
#proxy_pass http://192.168.3.150:81;
# }

location /snoop {
proxy_pass http://192.168.3.150:81/snoop;
proxy_set_header Host $host;
}

}

 

プラグインの修正

URLがnginxという名前で

ポート番号が81の場合

通信を許可する。

[root@WASIHS1 ~]# cat /opt/IBM/WebSphere/Plugins/config/webserver181/plugin-cfg.xml
<?xml version="1.0" encoding="Shift_JIS"?><!--HTTP server plugin config file for the webserver cell01.WASIHS1-node.webserver181 generated on 2019.05.26 at 01:45:58 AM JST-->
<Config ASDisableNagle="false" AcceptAllContent="true" AppServerPortPreference="WebserverPort" ChunkedResponse="false" FIPSEnable="false" FailoverToNext="false" HTTPMaxHeaders="300" IISDisableFlushFlag="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" KillWebServerStartUpOnParseErr="true" MarkBusyDown="false" OS400ConvertQueryStringToJobCCSID="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="true" StrictSecurity="true" TrustedProxyEnable="false" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="/opt/IBM/WebSphere/Plugins/logs/webserver181/http_plugin.log"/>
<Property Name="ESIEnable" Value="false"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="ESICacheidFull" Value="false"/>
<Property Name="PostSizeLimit" Value="-1"/>
<Property Name="PostBufferSize" Value="0"/>
<Property Name="PluginInstallRoot" Value="/opt/IBM/WebSphere/Plugins/"/>
<Property Name="Keyfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.kdb"/>
<Property Name="Stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.sth"/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="wasnd2:9080"/>
<VirtualHost Name="wasnd2:80"/>
<VirtualHost Name="wasnd2:9443"/>
<VirtualHost Name="wasnd2:5060"/>
<VirtualHost Name="wasnd2:5061"/>
<VirtualHost Name="wasnd2:443"/>
<VirtualHost Name="*:9081"/>
</VirtualHostGroup>
<VirtualHostGroup Name="test_host">
<VirtualHost Name="nginx:81"/>
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:9081"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="true" IgnoreAffinityRequests="false" LoadBalance="Round Robin" Name="cluster" PostBufferSize="0" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="AAAA" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="WASND1Node01_member1" ServerIOTimeout="900" WaitForContinue="false">
<Transport ConnectionTTL="28" Hostname="WASND1" Port="9080" Protocol="http"/>
<Transport ConnectionTTL="28" Hostname="WASND1" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="BBBB" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="WASND2Node01_member2" ServerIOTimeout="900" WaitForContinue="false">
<Transport ConnectionTTL="28" Hostname="WASND2" Port="9081" Protocol="http"/>
<Transport ConnectionTTL="28" Hostname="WASND2" Port="9444" Protocol="https">
<Property Name="keyring" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver181/plugin-key.sth"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="WASND1Node01_member1"/>
<Server Name="WASND2Node01_member2"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="test_host_cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/snoop/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hello"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hitcount"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsp"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsv"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsw"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/j_security_check"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ibm_security_logout"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/servlet/*"/>
</UriGroup>
<Route ServerCluster="cluster" UriGroup="test_host_cluster_URIs" VirtualHostGroup="test_host"/>
<UriGroup Name="default_host_cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/snoop/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hello"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hitcount"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsp"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsv"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsw"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/j_security_check"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ibm_security_logout"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/servlet/*"/>
</UriGroup>
<Route ServerCluster="cluster" UriGroup="default_host_cluster_URIs" VirtualHostGroup="default_host"/>
<RequestMetrics armEnabled="false" loggingEnabled="false" rmEnabled="false" traceLevel="HOPS">
<filters enable="false" type="URI">
<filterValues enable="false" value="/snoop"/>
<filterValues enable="false" value="/hitcount"/>
</filters>
<filters enable="false" type="SOURCE_IP">
<filterValues enable="false" value="255.255.255.255"/>
<filterValues enable="false" value="254.254.254.254"/>
</filters>
<filters enable="false" type="JMS">
<filterValues enable="false" value="destination=aaa"/>
</filters>
<filters enable="false" type="WEB_SERVICES">
<filterValues enable="false" value="wsdlPort=aaa:op=bbb:nameSpace=ccc"/>
</filters>
</RequestMetrics>
</Config>

 

f:id:kenken0102:20190526173107p:plain

f:id:kenken0102:20190526173111p:plain

f:id:kenken0102:20190526173115p:plain

f:id:kenken0102:20190526173120p:plain

f:id:kenken0102:20190526173126p:plain

f:id:kenken0102:20190526173131p:plain

 

④上記がアクセスできた画面

 

⑤websphere側の設定も変更しております。

 

f:id:kenken0102:20190526173638p:plain

f:id:kenken0102:20190526173638p:plain

 

一応完成!!