Using the WebSphere plug-in with mod_alias and mod_rewrite

There are essentially 3 classes of operations one can perform with respect to changing requests and plug-in processing.
  1. Alter a request which would not be handled by the plug-in such that it will be handled by the plug-in

  2. Alter a request which would be handled by the plug-in such that it will not be handled by the plug-in

  3. Alter a request such that the URI passed to the plug-in is transformed

Other WebSphere Plugin / Apache interactions

The recommended method for performing these tasks is with mod_rewrite. Use of the Alias directive is ineffective in all three cases.


Examples

In the following examples, the WebSphere plug-in is configured to only handle requests of the form *.do.

Note that the RewriteRule directives are kept as simple as possible, but in practice can contain regular expressions and backreferences to alter an entire class of URIs.

Alter a request which would not be handled by the plug-in such that it will be handled by the plug-in

For some unknown reason, the HTML link to a WebSphere resource doesn't include the *.do, so we need to alter the URI to include so the plug-in will recognize and handle the request.
WebSphere ResourceLink in HTML
/servlet/members/ProjectA/V3/SignIn.do /ProjectA/SignIn

The link as written won't be recognized by the WebSphere plug-in, and consequently has no hope of getting passed to WebSphere Application Server, so we add the following configuration:

 
RewriteEngine on
RewriteRule /ProjectA/SignIn /servlet/members/ProjectA/V3/SignIn.do [PT]

The PT flag is required, as this is what lets the WebSphere plug-in observe the results of the mod_rewrite processing.
The Alias directive isn't effective here, because that only maps a URI to a filename on the IHS system and doesn't change the URI in the request. If it was used, IHS would be trying to find /servlet/members/ProjectA/V3/SignIn.do under the Document Root.

Alter a request which would be handled by the plug-in such that it will not be handled by the plug-in

Consider a resource in the filesystem that matches the *.do pattern, but should be served as a static file. Because it's a URI already known to the outside world, he has to make some provision to ensure it's not passed to WebSphere.
Filesystem ResourceLink in HTML
htdocs/scooby_do.jpg /scooby.do

This link as written will be recognized by the WebSphere plug-in and passed to WebSphere Application Server, so we add the following directives to the IHS configuration to make sure it's served out of the filesystem:

 
RewriteEngine on
RewriteRule /scooby.do scooby_do.jpg [PT]

The PT flag is required, as this is what lets the WebSphere plug-in observe the results of the mod_rewrite processing.
The Alias directive is not effective here, because that only maps a URI to a filename on the IHS system and doesn't change the URI in the request.
During request processing, the plug-in will have no interest in the new URI of scooby_do.jpg. The Redirect directive would be effective here, which is somewhat slower but updates the users browser with the proper URI

Redirect /scooby.do /scooby_do.jpg

Alter a request such that the URI passed to the plug-in is transformed

Many users are receiving 404 errors from typographical errors on the same WebSphere resource, so we provide a mapping between the erroneous name and the actual name.
WebSphere ResourceTypo
/servlet/already.do /servlet/allready.do

We change the URI that will be seen by the WebSphere plug-in as follows:

 
RewriteEngine on
RewriteRule /servlet/allready.do /servlet/already.do [PT]

The PT flag is required, as this is what lets the WebSphere plug-in observe the results of the mod_rewrite processing.
The Alias directive is not effective here, because that only maps a URI to a filename on the IHS system and doesn't change the URI in the request. This would cause the WebSphere plug-in to handle the request but still operate on the original URI.
The Redirect directive would be effective here, which is somewhat slower but updates the users browser with the proper URI

Redirect /servlet/allready.do /servlet/already.do


Practical Example

Environment

In this environment, a WAR file has been deployed to WebSphere with a context root of SillyNew, but we require that requests for files under /SillyNew/theme/ to be served by IHS.

One motivation for this aside from freeing up WebSphere threads is that only URLs served out of the IHS filesystem can be protected with .htaccess files, WebSphere resources must be protected with <Location> containers explicitly in httpd.conf.

The WAR file has been pushed to the IHS server in the /tmp directory.

# Report the handler in Access Log LoadModule status_module modules/mod_status.so ExtendedStatus on LogFormat "%h %l %{RH}e %u %t \"%r\" %>s %b" common LoadModule rewrite_module modules/mod_rewrite.so LoadModule was_ap20_module modules/mod_was_ap20_http.so WebSpherePluginConfig /opt/.../plugin-cfg.xml # Map the WAR file into the webspace at the URL rewrite will use. Alias /SillyNewWithoutPlugin/ /tmp/SillyNew.war/ <Directory /tmp/SillyNew.war> AllowOverride AuthConfig Order Deny,Allow </Directory> # Remove the context root from requests for anything in the theme directory so it won't go through the plug-in RewriteEngine on RewriteRule ^/SillyNew/theme/(.*)$ /SillyNewWithoutPlugin/theme/$1 [PT]
The original access log entry which shows the plug-in handling the response:
    127.0.0.1 - (mod_was_ap20_http.c/-2/handler) - [01/Dec/2006:14:57:51 -0500] "GET /SillyNew/theme/blue.css HTTP/1.1" 200 9049

After enabling config change as illustrated above, IHS has attempted to serve the file from its own filesystem:
    127.0.0.1 - (mod_auth.c/401/check_user_id) - [01/Dec/2006:15:10:13 -0500] "GET /SillyNew/theme/blue.css HTTP/1.0" 401 466

After enabling above and sending the proper userid/password
    127.0.0.1 - (core.c/0/handler) user1 [01/Dec/2006:15:11:15 -0500] "GET /SillyNew/theme/blue.css HTTP/1.0" 200 9049

Configuration Issues

Module Loading/Ordering

See this document on module ordering for instructions on how to be sure that mod_rewrite (or mod_alias for Redirects) has precedence over the WebSphere Plug-in.

Using the RequestHeader directive to change the Host header

The RequestHeader directive cannot effectively be used to influence the plug-in while it's deciding whether or not to handle the request, because the plug-in has completed this processing before RequestHeader takes effect. In the case that a request is going to be routed to the plug-in initially, RequestHeader can be used to change the Host: header passed on by the plug-in to the Application Server.

Using .htaccess files to change requests that would be handled by the plugin

.htaccess files are only processed by IHS after a request has been mapped to a local file, therefore .htaccess files cannot be the mechanism used to prevent the plug-in from handling a URL.

Combining mod_rewrite flags

In some more complicated configurations, multiple mod_rewrite rules may potentially operate on the same incoming URL. In addition to the PassThrough flag (PT), the Last (L) flag is often used to end rewriting with the current rule. Flags are combined by separating them with commas as in the following:

# Transparently rewrite anything matching *.do under /servlet/app1 and stop rewrite processing (L=Last flag)
RewriteRule /servlet/app1/(.*\.do) /servlet/$1.jsp [PT,L]
RewriteRule ... 

Using mod_dir with the websphere plugin

It's not possible to use mod_dir to to map e.g. / to /index.jsp because of checking done by mod_dir when querying the DirectoryIndex filenames through an internal subrequest.

Using IHS proxy features to avoid context root of / in plugin-cfg.xml

The WebSphere Plugin will only a handle a request if it knows about the URL, hostname, and port. Typically the hostname (Host Aliases in the WebSphere Administration Console) is a wildcard, and the ports include all ports the frontend webserver is listening on.

If the WebSphere plugin is responding to /*, and you want the file to not be served by the WebSphere Plugin, you can configure IHS to proxy the request to a port on the same webserver that the WebSphere Plugin isn't handling.

This can be accomplished in a few steps:

Historical Issues

2.0 Alias directive causes plug-in to decline handling request

In WebSphere Plug-in versions prior to 5.0.2.6 / 5.1.0.4, the existence of an Alias for a URI would disable plug-in processing regardless of whether or not the result of the Alias matched or did not match a pattern in plugin-cfg.xml.

There may be some configurations which exploit this behavior to serve things such as images out of the filesystem instead of from WebSphere using an Alias directive -- upgraders will find they must replace this Alias directive with an equivalent RewriteRule directive.

Incorrect: Alias /servlet/images/ /images/
Correct  : RewriteRule /servlet/images/(.*) /images/$1 [PT]

1.3 Plugin crashes if mod_alias has higher priority than plug-in

Between versions 5.1.1 and 5.1.1.6 (inclusive) of the WebSphere plug-in for IHS 1.3, a crash can be encountered if mod_alias is higher priority than the plug-in and an Alias directive operates on a URI that will be handled by the plug-in.