Bypassing the proxy server when using the API, without breaking the automatic update of the history in the web interface
Hi, I am trying desperately to setup my GALAXY system so that if you enter the website, you need to authenticate yourself using the proxy setup... I also would like to be able to BYPASS the proxy server when an API call is made... In the example proxy setting I have setup in the following way: ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L] ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L] RewriteRule ^(.*) http://localhost:8080$1 [P] I then setup a <PROXY setting in the apache galaxy.d in /etc/httpd/conf.d/galaxy.d to require authentication when a user is re-directed to the localhost:8080 and allow the calls to localhost:8081 to pass unhindered... This works brilliantly EXCEPT for when you want to make an API call that involves some histories.... The call fails, since /api/histories calls are routed through the proxy server and require authentication, which I want to avoid... It seems that histories are "special" so they have their own line in the configuration file above... I tried to change ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L] to ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L] Which DOES work, but it also breaks the automatic update of the history in the webbrowser... I have to reload the page manually to update the history... Is there anyway I can get the automatic update to work again, but don't require autentication? Thanks Thon
Why not use Allow All / Deny All rules? <Location /> ... your Auth Type stuff here ... Deny from all Allow from 127.0.0.1 # Assuming API calls are made locally Satisfy any </Location> -- Adam Brenner Computer Science, Undergraduate Student Donald Bren School of Information and Computer Sciences Research Computing Support Office of Information Technology http://www.oit.uci.edu/rcs/ University of California, Irvine www.ics.uci.edu/~aebrenne/ aebrenne@uci.edu On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <thondeboer@me.com> wrote:
Hi,
I am trying desperately to setup my GALAXY system so that if you enter the website, you need to authenticate yourself using the proxy setup... I also would like to be able to BYPASS the proxy server when an API call is made...
In the example proxy setting I have setup in the following way:
ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L] ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L] RewriteRule ^(.*) http://localhost:8080$1 [P]
I then setup a <PROXY setting in the apache galaxy.d in /etc/httpd/conf.d/galaxy.d to require authentication when a user is re-directed to the localhost:8080 and allow the calls to localhost:8081 to pass unhindered...
This works brilliantly EXCEPT for when you want to make an API call that involves some histories.... The call fails, since /api/histories calls are routed through the proxy server and require authentication, which I want to avoid...
It seems that histories are "special" so they have their own line in the configuration file above...
I tried to change ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
to
ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L]
Which DOES work, but it also breaks the automatic update of the history in the webbrowser... I have to reload the page manually to update the history...
Is there anyway I can get the automatic update to work again, but don't require autentication?
Thanks
Thon
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
On Jun 5, 2013, at 10:01 PM, Adam Brenner wrote:
Why not use Allow All / Deny All rules?
<Location /> ... your Auth Type stuff here ...
Deny from all Allow from 127.0.0.1 # Assuming API calls are made locally Satisfy any </Location>
You shouldn't need to restrict to just the localhost. The API methods use internal authorization such that either a valid session or an API key must be present. An outside client who does not authenticate and does not provide a valid API key won't be able to access anything. --nate
-- Adam Brenner Computer Science, Undergraduate Student Donald Bren School of Information and Computer Sciences
Research Computing Support Office of Information Technology http://www.oit.uci.edu/rcs/
University of California, Irvine www.ics.uci.edu/~aebrenne/ aebrenne@uci.edu
On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <thondeboer@me.com> wrote:
Hi,
I am trying desperately to setup my GALAXY system so that if you enter the website, you need to authenticate yourself using the proxy setup... I also would like to be able to BYPASS the proxy server when an API call is made...
In the example proxy setting I have setup in the following way:
ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L] ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L] RewriteRule ^(.*) http://localhost:8080$1 [P]
I then setup a <PROXY setting in the apache galaxy.d in /etc/httpd/conf.d/galaxy.d to require authentication when a user is re-directed to the localhost:8080 and allow the calls to localhost:8081 to pass unhindered...
This works brilliantly EXCEPT for when you want to make an API call that involves some histories.... The call fails, since /api/histories calls are routed through the proxy server and require authentication, which I want to avoid...
It seems that histories are "special" so they have their own line in the configuration file above...
I tried to change ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
to
ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L]
Which DOES work, but it also breaks the automatic update of the history in the webbrowser... I have to reload the page manually to update the history...
Is there anyway I can get the automatic update to work again, but don't require autentication?
Thanks
Thon
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Perfect! that works great... I'm not very proficient in apache configuration so thanks for the help! Thon On Jun 05, 2013, at 07:01 PM, Adam Brenner <aebrenne@uci.edu> wrote: Why not use Allow All / Deny All rules? <Location /> ... your Auth Type stuff here ... Deny from all Allow from 127.0.0.1 # Assuming API calls are made locally Satisfy any </Location> -- Adam Brenner Computer Science, Undergraduate Student Donald Bren School of Information and Computer Sciences Research Computing Support Office of Information Technology http://www.oit.uci.edu/rcs/ University of California, Irvine www.ics.uci.edu/~aebrenne/ aebrenne@uci.edu On Wed, Jun 5, 2013 at 5:15 PM, Anthonius deBoer <thondeboer@me.com> wrote:
Hi,
I am trying desperately to setup my GALAXY system so that if you enter the website, you need to authenticate yourself using the proxy setup... I also would like to be able to BYPASS the proxy server when an API call is made...
In the example proxy setting I have setup in the following way:
ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L] ReWriteRule ^(/api/.*) http://localhost:8081$1 [P,L] RewriteRule ^(.*) http://localhost:8080$1 [P]
I then setup a <PROXY setting in the apache galaxy.d in /etc/httpd/conf.d/galaxy.d to require authentication when a user is re-directed to the localhost:8080 and allow the calls to localhost:8081 to pass unhindered...
This works brilliantly EXCEPT for when you want to make an API call that involves some histories.... The call fails, since /api/histories calls are routed through the proxy server and require authentication, which I want to avoid...
It seems that histories are "special" so they have their own line in the configuration file above...
I tried to change ReWriteRule ^(/api/histories/.*) http://localhost:8080$1 [P,L]
to
ReWriteRule ^(/api/histories/.*) http://localhost:8081$1 [L]
Which DOES work, but it also breaks the automatic update of the history in the webbrowser... I have to reload the page manually to update the history...
Is there anyway I can get the automatic update to work again, but don't require autentication?
Thanks
Thon
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
participants (3)
-
Adam Brenner -
Anthonius deBoer -
Nate Coraor