Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface

thondeboer
Hi,

I am trying desperately to setup my GALAXY system so that if you enter the website, you need to authenticate yourself using the proxy setup...
I also would like to be able to BYPASS the proxy server when an API call is made...

In the example proxy setting I have setup in the following way:

ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L]
RewriteRule ^(.*) http://localhost:8080$1 [P]

I then setup a <PROXY setting in the apache galaxy.d in /etc/httpd/conf.d/galaxy.d to require authentication when a user is re-directed to the localhost:8080 and allow the calls to localhost:8081 to pass unhindered...

This works brilliantly EXCEPT for when you want to make an API call that involves some histories....
The call fails, since /api/histories calls are routed through the proxy server and require authentication, which I want to avoid...

It seems that histories are "special" so they have their own line in the configuration file above...

I tried to change 
ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]

to 

ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L]

Which DOES work, but it also breaks the automatic update of the history in the webbrowser...
I have to reload the page manually to update the history...

Is there anyway I can get the automatic update to work again, but don't require autentication?

Thanks

Thon

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface

Adam Brenner
Why not use Allow All / Deny All rules?

<Location />
 ... your Auth Type stuff here ...

    Deny from all
    Allow from 127.0.0.1 # Assuming API calls are made locally
    Satisfy any
</Location>

--
Adam Brenner
Computer Science, Undergraduate Student
Donald Bren School of Information and Computer Sciences

Research Computing Support
Office of Information Technology
http://www.oit.uci.edu/rcs/

University of California, Irvine
www.ics.uci.edu/~aebrenne/
[hidden email]

On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <[hidden email]> wrote:

> Hi,
>
> I am trying desperately to setup my GALAXY system so that if you enter the
> website, you need to authenticate yourself using the proxy setup...
> I also would like to be able to BYPASS the proxy server when an API call is
> made...
>
> In the example proxy setting I have setup in the following way:
>
> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P,L]
> ReWriteRule ^(/api/.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [P,L]
> RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>
> I then setup a <PROXY setting in the apache galaxy.d in
> /etc/httpd/conf.d/galaxy.d to require authentication when a user is
> re-directed to the localhost:8080 and allow the calls to localhost:8081 to
> pass unhindered...
>
> This works brilliantly EXCEPT for when you want to make an API call that
> involves some histories....
> The call fails, since /api/histories calls are routed through the proxy
> server and require authentication, which I want to avoid...
>
> It seems that histories are "special" so they have their own line in the
> configuration file above...
>
> I tried to change
> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P,L]
>
> to
>
> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [L]
>
> Which DOES work, but it also breaks the automatic update of the history in
> the webbrowser...
> I have to reload the page manually to update the history...
>
> Is there anyway I can get the automatic update to work again, but don't
> require autentication?
>
> Thanks
>
> Thon
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface

Nate Coraor (nate@bx.psu.edu)
On Jun 5, 2013, at 10:01 PM, Adam Brenner wrote:

> Why not use Allow All / Deny All rules?
>
> <Location />
> ... your Auth Type stuff here ...
>
>    Deny from all
>    Allow from 127.0.0.1 # Assuming API calls are made locally
>    Satisfy any
> </Location>

You shouldn't need to restrict to just the localhost.  The API methods use internal authorization such that either a valid session or an API key must be present.  An outside client who does not authenticate and does not provide a valid API key won't be able to access anything.

--nate

>
> --
> Adam Brenner
> Computer Science, Undergraduate Student
> Donald Bren School of Information and Computer Sciences
>
> Research Computing Support
> Office of Information Technology
> http://www.oit.uci.edu/rcs/
>
> University of California, Irvine
> www.ics.uci.edu/~aebrenne/
> [hidden email]
>
> On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <[hidden email]> wrote:
>> Hi,
>>
>> I am trying desperately to setup my GALAXY system so that if you enter the
>> website, you need to authenticate yourself using the proxy setup...
>> I also would like to be able to BYPASS the proxy server when an API call is
>> made...
>>
>> In the example proxy setting I have setup in the following way:
>>
>> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P,L]
>> ReWriteRule ^(/api/.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [P,L]
>> RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>>
>> I then setup a <PROXY setting in the apache galaxy.d in
>> /etc/httpd/conf.d/galaxy.d to require authentication when a user is
>> re-directed to the localhost:8080 and allow the calls to localhost:8081 to
>> pass unhindered...
>>
>> This works brilliantly EXCEPT for when you want to make an API call that
>> involves some histories....
>> The call fails, since /api/histories calls are routed through the proxy
>> server and require authentication, which I want to avoid...
>>
>> It seems that histories are "special" so they have their own line in the
>> configuration file above...
>>
>> I tried to change
>> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P,L]
>>
>> to
>>
>> ReWriteRule ^(/api/histories/.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [L]
>>
>> Which DOES work, but it also breaks the automatic update of the history in
>> the webbrowser...
>> I have to reload the page manually to update the history...
>>
>> Is there anyway I can get the automatic update to work again, but don't
>> require autentication?
>>
>> Thanks
>>
>> Thon
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>  http://lists.bx.psu.edu/
>>
>> To search Galaxy mailing lists use the unified search at:
>>  http://galaxyproject.org/search/mailinglists/
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface

thondeboer
In reply to this post by Adam Brenner
Perfect!
that works great...

I'm not very proficient in apache configuration so thanks for the help!

Thon

On Jun 05, 2013, at 07:01 PM, Adam Brenner <[hidden email]> wrote:

Why not use Allow All / Deny All rules?

<Location />
... your Auth Type stuff here ...

Deny from all
Allow from 127.0.0.1 # Assuming API calls are made locally
Satisfy any
</Location>

--
Adam Brenner
Computer Science, Undergraduate Student
Donald Bren School of Information and Computer Sciences

Research Computing Support
Office of Information Technology
http://www.oit.uci.edu/rcs/

University of California, Irvine
www.ics.uci.edu/~aebrenne/
[hidden email]

On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <[hidden email]> wrote:
> Hi,
>
> I am trying desperately to setup my GALAXY system so that if you enter the
> website, you need to authenticate yourself using the proxy setup...
> I also would like to be able to BYPASS the proxy server when an API call is
> made...
>
> In the example proxy setting I have setup in the following way:
>
> ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
> ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L]
> RewriteRule ^(.*) http://localhost:8080$1 [P]
>
> I then setup a <PROXY setting in the apache galaxy.d in
> /etc/httpd/conf.d/galaxy.d to require authentication when a user is
> re-directed to the localhost:8080 and allow the calls to localhost:8081 to
> pass unhindered...
>
> This works brilliantly EXCEPT for when you want to make an API call that
> involves some histories....
> The call fails, since /api/histories calls are routed through the proxy
> server and require authentication, which I want to avoid...
>
> It seems that histories are "special" so they have their own line in the
> configuration file above...
>
> I tried to change
> ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
>
> to
>
> ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L]
>
> Which DOES work, but it also breaks the automatic update of the history in
> the webbrowser...
> I have to reload the page manually to update the history...
>
> Is there anyway I can get the automatic update to work again, but don't
> require autentication?
>
> Thanks
>
> Thon
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
> http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/