apache with kerberos + mod_proxy + mod_rewrite遞歸

Question

我配置了一個Apache服務器，爲我們的Splunk安裝提供SSO和反向代理服務，具體配置如下。 SSO的作用與反向代理隱藏在/ splunk URL後面的端口8000上運行的Splunk實例一樣。

ProxyPass /splunk http://localhost:8000/splunk 
ProxyPassReverse /splunk http://localhost:8000/splunk 
<Location /splunk > 
     # Kerberos Authentication 
     AuthType Kerberos 
     AuthName "Kerberos Login" 
     KrbAuthRealms MYDOMAIN.COM 
     Krb5KeyTab /etc/krb5.http.keytab 
     KrbMethodNegotiate on 
     KrbAuthoritative on 
     KrbMethodK5Passwd off 
     KrbLocalUserMapping on 
     KrbSaveCredentials on 
     require valid-user 

     # SSO 
     RewriteEngine On 
     RewriteCond %{LA-U:REMOTE_USER} (.+)$ 
     RewriteRule . - [E=RU:%1] 
     RequestHeader set REMOTE_USER %{RU}e 
</Location> 

問題是在Apache日誌中我收到了很多以下錯誤消息。

[client x.x.x.x] Request exceeded the limit of 10 subrequest nesting levels due to probable confguration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://splunk.mydomain.com/splunk/en-GB/debug/sso 

我不確定這個問題是否與Splunk相關。有沒有其他人看過這個，我該如何解決這個問題？

Answer 1

嘗試

RewriteRule . - [E=RU:%1,NS] 

爲了確保重寫規則並不適用於內部子請求。