How to best limit SQL injection attacks that are being funneled through an Apache proxy I control

I use an Apache proxy to funnel traffic to an IIS server. The IIS server sends me emails if some bad actor attacks my site with an sql injection attack. It captures their IP address, and sends me the URL that was used.

The other day I got 8,400 emails in 50 minutes, nothing my mail server can’t handle, but all from some IP proxy in the US.

Now I am thinking of hardening my code by adding some time sensitive (hindering) factor into the equation. The idea is to send them a redirect to somewhere else (fbi?) for a set time period, after an initial warning; provided they reach that emails code.

Should I have IIS handle this (simple to implement,) or is it better for Apache to handled it? I would think so it there is such a function in Apache.

In IIS I could start a session logging IP addresses of bad actors, and block their access to the site. Or has Apache something that could block these request for a set time period?

And how would I implement this IIS to Apache handover, maybe via some header?

apache – Ruby is starting httpd, and I can’t find where from

OSX 10.15.5. Mac Mini. Homebrew httpd and hopefully OSX httpd disabled in plist but something is still starting this I have the plist for apache/httpd disabled, but on reboot I still get this

  231 ??         0:00.08 /usr/bin/ruby /usr/sbin/httpd-wrapper -D FOREGROUND
 1258 ??         0:00.42 /usr/sbin/httpd -D FOREGROUND
 1262 ??         0:00.00 /usr/sbin/httpd -D FOREGROUND```

and so on.
I can’t find a way to stop it loading. How do I find what is starting this process? I don’t recall ever seeing it started with ruby before? It’s not in the list file even?

apache redirect / to subfolder

My application runs on https://example.com/app. I want to redirect https://example.com/ to https://example.com/app. My redirect rules in site conf are as below. How to modify it for my need?

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} =http
    
    RewriteRule (.*) https://%{HTTP:Host}%{REQUEST_URI} (L,R=PERMANENT)

Using apache mina for ssh using signed ssh-rsa-cert-01 from Certification Authority

There is an existing client configured and running (SshClient) using apache mina to ssh to one of our internal jump boxes. It currently uses PEM based authentication. Due to compliance we have to switch to using internally signed certificates (internally we are using hashicorp vault as a CA). I’m unable to find any documentation regarding how to use signed certificates for ssh in apache mina to start with. Is it not supported? Will I perhaps have to use any other java ssh library?

linux – PHP Soap SSL WSDL works outside Apache , but not inside

I have a soap Client, It works just fine calling the PHP file from bash using php -f. However, when i move it into /var/www/html/ and have apache serve the php file it wont load the WSDL i get this error.

SOAP-ERROR: Parsing WSDL: Couldn’t load from ‘https://api.five9.com/wsadmin/v11/AdminWebService?wsdl&user=

I’ve removed my username from the end of the string.

Server is Fedora 31.
Any help is appreciated.

mod_rewrite, 301 redirects, and optimizing Apache.

(size=+4)mod_rewrite(/size)​

(size=+2)Introduction.(/size)

Welcome to mod_rewrite, the Swiss Army Knife of URL manipulation! Despite the tons of examples and docs, mod_rewrite is voodoo!

This module uses a rule-based rewriting engine (based on a regular-expression parser) to rewrite requested URLs on the fly. It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule to provide a really flexible and powerful URL manipulation mechanism. The URL manipulations can depend on various tests, for instance server variables, environment variables, HTTP headers, time stamps and even external database lookups in various formats can be used to achieve a really granular URL matching.

This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can even generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.

This module was invented and originally written in April 1996. (1)

(size=+2)How to change your URLs from dynamic to search engine friendly static URLs using mod_rewrite.(/size)

Get an example of the dynamic URL and the way you want it. For example

http://www.domain.com/cgi-bin/store.cgi?section=Nintendo&id=4867635&item=Pokemon
and
http://www.domain.com/store/Nintendo/4867635/Pokemon.html

Now that you got both URLs, make a domain.com/.htaccess file starting with…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^

Depending on the server, you might not need the first two lines.

Right after RewriteRule ^ enter the static URL, then a $, a space, and then original URL (with out the domain part for both URLs).

You now got…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^store/Nintendo/4867635/Pokemon.html$ cgi-bin/store.cgi?section=Nintendo&id=4867635&item=Pokemon

In the first URL, the static URL code, where ever the URL will change, replace it with a (.*) (Nintendo, 4867635
and Pokemon in the example above).

Then after .html add a $ and add a before the .html
If you have a hyphen (-) in the new static URL, add a before the hyphen, for example…

RewriteRule ^store-(.*)-(.*).html$ cgi-bin/store.cgi?section=Nintendo&id=4867635&item=Pokemon

If you don’t add the , you might get an Internal Server Error message, depending on the servers Apache version.

Now in the static part of the URL where the URL changes, in the first change, change it to $1, then $2 and so on. Then add an (L) at the very end, with a space before the (L).

You now got…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^store/(.*)/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2&item=3 (L)
SEMrush

Save the .htaccess file and upload it at domain.com/.htaccess and your static URLs will now work.
http://www.domain.com/store/Nintendo/4867635/Pokemon.html

Here’s some other examples…

http://www.domain.com/cgi-bin/store.cgi?section=Nintendo&id=4867635
RewriteRule ^store/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2 (L)

http://www.domain.com/cgi-bin/store.cgi?section=Nintendo
RewriteRule ^store/(.*).html$ cgi-bin/store.cgi?section=$1 (L)

http://www.domain.com/cgi-bin/store.cgi
RewriteRule ^index.html$ cgi-bin/store.cgi (L)

In this last example domain.com will show the index of the script. If the page shows nothing, try

RewriteRule ^$ cgi-bin/store.cgi (L)

With all the examples combined, you got…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^store/(.*)/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2&item=3 (L)
RewriteRule ^store/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2 (L)
RewriteRule ^store/(.*).html$ cgi-bin/store.cgi?section=$1 (L)
RewriteRule ^index.html$ cgi-bin/store.cgi (L)

Notice the order. if you list it as…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^index.html$ cgi-bin/store.cgi (L)
RewriteRule ^store/(.*).html$ cgi-bin/store.cgi?section=$1 (L)
RewriteRule ^store/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2 (L)
RewriteRule ^store/(.*)/(.*)/(.*).html$ cgi-bin/store.cgi?section=$1&id=$2&item=3 (L)

then mod_rewrite will freak out and it won’t work! List the line with the most variables first, then the second most and so on.

(size=+2)Can I have the .htaccess in a directory?(/size)

Yes.

In the above example, for having it at domain.com/store/.htaccess, change the code to…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /store/
RewriteRule ^index.html$ /cgi-bin/store.cgi (L)
RewriteRule ^(.*).html$ /cgi-bin/store.cgi?section=$1 (L)
RewriteRule ^(.*)/(.*).html$ /cgi-bin/store.cgi?section=$1&id=$2 (L)
RewriteRule ^(.*)/(.*)/(.*).html$ /cgi-bin/store.cgi?section=$1&id=$2&item=3 (L)

You moved store/ up to the RewriteBase line and added / before cgi-bin. If the script was in /store/store.cgi
you would of had store/ instead of cgi-bin/ and then just got rid of it, to look like…

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /store/
RewriteRule ^index.html$ store.cgi (L)
RewriteRule ^(.*).html$ store.cgi?section=$1 (L)
RewriteRule ^(.*)/(.*).html$ store.cgi?section=$1&id=$2 (L)
RewriteRule ^(.*)/(.*)/(.*).html$ store.cgi?section=$1&id=$2&item=3 (L)

The URL to the index of the store will be domain.com/store/

(size=+2)Ack!!! Now it’s messing up the rest of my site.(/size)

If you have domain.com/index.html for example, make sure your mod_rewrited URLs use another extension, like .htm or .shtml.

(size=+2)The original script URLs don’t have the product name in the URL. Can I add the product name to the URL?(/size)

Yes! If you can change the script to put the product names in the URL, or edit the links to link to them, yes you can. Here’s an example. Notice there are two (.*)’s and no $2.

RewriteRule ^(.*)/(.*).html$ cgi-bin/file.cgi?Item=$1 (L)

Just edit the script links, or links in the static page to link to domain.com/whatever/PRODUCT_NAME.html have the product name show up where the last (.*) is in the .htaccess code.

(size=+2)But how can I get rid of special characters or spaces?(/size)

For perl, you can do search and replaces, for example…

$value =~ s/ /_/g;
$value =~ s/?//g;
or
$value =~ s/(^wd-_. )//g;

which gets rid of almost everything but letters and numbers. Just make sure it only changes the URL and not the content. As for php or asp, I don’t know how to do it there.

(size=+2)Can I rewrite a sub-domain to a directory?(/size)

Yes. Here’s the code mnemtsas came up with…

xxxxx.domain.com

to

www.domain.com/XXXXXX/

RewriteCond %{HTTP_HOST} ^(www.)*xxxxx.domain-name.com (NC)
RewriteCond %{REQUEST_URL} !^/XXXXX/.*
RewriteRule ^(.*) /XXXXX/$1 (L)

(size=+2)Does .htaccess increase server load?(/size)

I have yet to ever see it increase server load on my dedicated server. IMO, that’s just a rumor. I got about 30 domains with about 54 lines in the domain.com/.htaccess file and have yet to ever see it effect the server. The only effect I’ve ever got is getting GoogleBombed (Google chomping away at the static URLs so much that the server almost crashes or does crash!!!). Don’t panic. This is why you have static URLs, to help search engines crawl your site.

If you ever see high server loads or a slow server, try optimizing Apache.

(size=+2)How do I optimize Apache?(/size)

You have to have access to the actual server through telnet as root.

Edit your httpd.conf file.

Here’s the best settings I’ve found.

Timeout 50
KeepAlive On
MaxKeepAliveRequests 120
KeepAliveTimeout 10
MinSpareServers 10
MaxSpareServers 20
StartServers 16
MaxClients 125
MaxRequestsPerChild 5000

and then restart apache. Even when I have massively HIGH server loads, the sites are fast. Once I had the server load above 100, which is EXTREMELY high, and the static pages loaded as if nothing was high!!

Don’t ask me how to do it. If you don’t know what you’re doing, don’t mess with it. Ask your web host. Mess up and your sites can ‘die’ until it get’s fixed! For example, simply pressing return can crash your sites until you go back and undo the return, geting it back to how it was before.

(size=+2)How can I do a 301 redirect?(/size)

at domain.com/.htaccess

Options +Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^whatever/(.*)$ http://www.domain.com/$1/ (R=301,L)
or
RewriteRule ^index.htm$ http://www.domain.com/ (R=301,L)

The second example only changes one URL.

(.*) and $1 work the same way here as in mod_rewrite, so you can easily change a lot of URLs with one line. The only change with redirects and mod_rewrite is the R=301 (Redirect 301).

(size=+2)Conclusion.(/size)

Yes, mod_rewrite is voodoo, and it may look hard to learn, but it’s not that hard. When I first tried to figure it out, I spent a day over at apache.org and hardly got any where (hence there is only one link there as the source to the introduction.) I then posted over on the Amazon Associate board, some one gave me a few lines of code, I changed it a little and with in a day I had a completely search engine friendly Amazon store using MrRats script, and my mod_rewrite hack, which as you may know by now, it completely revolutionized the Amazon AWS industry, until it drove Google insane! mod_rewrite rocks, if you got any URLs that have ?, =, or &, do mod_rewrite!

 

centos – How to troubleshoot an Apache reverse proxy?

As a heads up: I’ve asked this question on the Webmaster StackExchange and ServerFault and both times it got closed. On ServerFault I was redirected here.

I’ve been going out of my mind trying to figure out why this won’t work. This is my first time working with Apache and CentOS. This is for a hobby website to help me build my skills.

Here’s what I’m trying to do: I have an ASP.NET Core application setup on the server. The files are in /var/www/myapp. I have a service setup for it and it is running and working on port 5000. I can cURL to it and get the proper response:

curl -H 'Content-Type: application/json' -X POST -d '<json>' http://127.0.0.1:5000/graphql

Now, I want to be able to interact with this application via a reverse proxy on my domain. I started by following the Microsoft documentation about this: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-3.1

That was not working for me so I started doing a bunch of research and I’m just lost. No matter what I do I am getting 404 errors. Not Found. God I’m sick of that lol. Here is where I’m at right now. I have a configuration file name myapp.conf in /etc/apache2/conf.d:

<VirtualHost *:80>
    ServerName <domain>.com
    ServerAlias *.<domain>.com
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
    ErrorLog /etc/apache2/logs/myapp-error.log
    CustomLog /etc/apache2/logs/myapp-access.log common
</VirtualHost>

I know that my configuration file is being seen:

apachectl -S | grep myapp

*:80                   <domain>.com (/etc/apache2/conf.d/myapp.conf:1)

I know that the proxy modules are enabled:

httpd -M | grep proxy

 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)

When I try to load them manually anyway just to be safe, Apache tells me that they’re already enabled and skips them. I know that my configuration is okay as well:

apachectl -t

Syntax OK

I’m using Insomnia to test the reverse proxy out. Here’s what an exchange looks like:

* Preparing request to http://<domain>.com/graphql
* Using libcurl/7.69.1 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.7 libidn2/2.1.1 libssh2/1.9.0 nghttp2/1.40.0
* Current time is 2020-06-27T01:22:57.448Z
* Disable timeout
* Enable automatic URL encoding
* Enable SSL validation
* Enable cookie sending with jar of 1 cookie
* Too old connection (488 seconds), disconnect it
* Connection 46 seems to be dead!
* Closing connection 46
*   Trying <ip_address>:80...
* Connected to <domain>.com (<ip_address>) port 80 (#47)

> POST /graphql HTTP/1.1
> Host: <domain>.com
> User-Agent: insomnia/2020.2.2
> Content-Type: application/json
> Accept: */*
> Content-Length: 343

| <json>

* upload completely sent off: 343 out of 343 bytes
* Mark bundle as not supporting multiuse

< HTTP/1.1 404 Not Found
< Date: Sat, 27 Jun 2020 01:22:57 GMT
< Server: Apache
< Content-Length: 315
< Content-Type: text/html; charset=iso-8859-1


* Received 315 B chunk
* Connection #47 to host <domain>.com left intact

Based on everything I’ve read … there’s no reason I should be getting these 404s. By the way, I’ve tried dozens and dozens of different ways of configuring each directive in the configuration file. I will happily do it all again if you have suggestions.

One thing that I’ve been trying to find out but have been unsuccessful is whether there is a way to test a request against your Apache setup and just see how Apache routes the request. So that would be nice if anyone knows.

htaccess – Apache Rewrite Rule www to non-www + http to https + add trailing slash

I really need the following 3 features of my website:

  • www to non-www
  • http to https
  • force trailing slash at the end of the URLs

I have a current implementation but I face a very bad bug.

When I write manually in the browser “example.com/page” the browser redirects to “example.com/?page/” This, of course, opens my homepage and not the required “/page/”

I tried many examples and read a lot of similar questions for the last few weeks. No success.

Here is my full htaccess file:

RewriteEngine on
RewriteBase /


# Redirects www to non-www
RewriteCond %{HTTP_HOST} ^www.(.*)$ (NC)
RewriteRule ^(.*)$ https://%1/$1 (R=301,L)


# Force ending url traling slash
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ /$1/ (L,R=301)



# Prevent CI index.php

RewriteCond $1 !^(index.php|resources|robots.txt)


RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule .* index.php/$0 (PT,L) 
RewriteRule ^(.*)$ index.php?$0 (L)

# Prevent user access to the CI system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 (L) 

# Prevent user access to the CI application folder
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 (L)

# Redirects http to https protocol
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


# Redirect index.php to the root /
RewriteCond %{THE_REQUEST} ^.*/index.php 
RewriteRule ^(.*)index.php$ /$1 (R=301,L)

# One month for most static assets
<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2628000, public"
</filesMatch>

RedirectPermanent /free-project-management-certification/ https://bvop.org/projectmanagement/
RedirectPermanent /free-scrum-master-certification/ https://bvop.org/scrummaster/
RedirectPermanent /product-owner-certification/ https://bvop.org/productowner/
RedirectPermanent /human-resources-management-certification/ https://bvop.org/humanresources/
RedirectPermanent /product-management-certification/ https://bvop.org/productmanagement/
RedirectPermanent /project-management-certification/ https://bvop.org/projectmanagement/

RedirectPermanent /index.php/ https://bvop.org/


<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4.0(678) no-gzip
  BrowserMatch bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>

I changed positions of all redirects, tried different combinations, changed characters, a lot of things. I would really appreciate some help.

asp.net – How to troubleshoot an Apache reverse proxy?

I’ve been going out of my mind trying to figure out why this won’t work. This is my first time working with Apache and CentOS. This is for a hobby website to help me build my skills.

Here’s what I’m trying to do: I have an ASP.NET Core application setup on the server. The files are in /var/www/myapp. I have a service setup for it and it is running and working on port 5000. I can cURL to it and get the proper response:

curl -H 'Content-Type: application/json' -X POST -d '<json>' http://127.0.0.1:5000/graphql

Now, I want to be able to interact with this application via a reverse proxy on my domain. I started by following the Microsoft documentation about this: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-3.1

That was not working for me so I started doing a bunch of research and I’m just lost. No matter what I do I am getting 404 errors. Not Found. God I’m sick of that lol. Here is where I’m at right now. I have a configuration file name myapp.conf in /etc/apache2/conf.d:

<VirtualHost *:80>
    ServerName <domain>.com
    ServerAlias *.<domain>.com
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
    ErrorLog /etc/apache2/logs/myapp-error.log
    CustomLog /etc/apache2/logs/myapp-access.log common
</VirtualHost>

I know that my configuration file is being seen:

apachectl -S | grep myapp

*:80                   <domain>.com (/etc/apache2/conf.d/myapp.conf:1)

I know that the proxy modules are enabled:

httpd -M | grep proxy

 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)

When I try to load them manually anyway just to be safe, Apache tells me that they’re already enabled and skips them. I know that my configuration is okay as well:

apachectl -t

Syntax OK

I’m using Insomnia to test the reverse proxy out. Here’s what an exchange looks like:

* Preparing request to http://<domain>.com/graphql
* Using libcurl/7.69.1 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.7 libidn2/2.1.1 libssh2/1.9.0 nghttp2/1.40.0
* Current time is 2020-06-27T01:22:57.448Z
* Disable timeout
* Enable automatic URL encoding
* Enable SSL validation
* Enable cookie sending with jar of 1 cookie
* Too old connection (488 seconds), disconnect it
* Connection 46 seems to be dead!
* Closing connection 46
*   Trying <ip_address>:80...
* Connected to <domain>.com (<ip_address>) port 80 (#47)

> POST /graphql HTTP/1.1
> Host: <domain>.com
> User-Agent: insomnia/2020.2.2
> Content-Type: application/json
> Accept: */*
> Content-Length: 343

| <json>

* upload completely sent off: 343 out of 343 bytes
* Mark bundle as not supporting multiuse

< HTTP/1.1 404 Not Found
< Date: Sat, 27 Jun 2020 01:22:57 GMT
< Server: Apache
< Content-Length: 315
< Content-Type: text/html; charset=iso-8859-1


* Received 315 B chunk
* Connection #47 to host <domain>.com left intact

Based on everything I’ve read … there’s no reason I should be getting these 404s. By the way, I’ve tried dozens and dozens of different ways of configuring each directive in the configuration file. I will happily do it all again if you have suggestions.

One thing that I’ve been trying to find out but have been unsuccessful is whether there is a way to test a request against your Apache setup and just see how Apache routes the request. So that would be nice if anyone knows.

Return 404 after configure the https on Apache 2.4

I am trying to deploy a new Angular app with apache 2.4 + ubuntu 16. Angular app is the frontend app, it would call the api from backend servers.
I can visit the home page, but failed with error “The requested URL was not found on this server.” when I try to visit the next page.

Here is my configurations for apache.

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName xxxxxxxxx.com
        DocumentRoot /var/www/

        RewriteEngine on
        RewriteCond %{SERVER_PORT} !^443$
        RewriteCond %{REQUEST_URI} !^/api
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} (L,R=301)
        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/apache2_error.log
        CustomLog ${APACHE_LOG_DIR}/apache2_access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>


<VirtualHost *:443>
        DocumentRoot /var/www/
        ServerName xxxxxxxxx.com
        SSLEngine on
        SSLCertificateFile /opt/clsfd_ib/env/ssl_keys/xxxxxxxxx.com.crt
        SSLCertificateKeyFile /opt/clsfd_ib/env/ssl_keys/xxxxxxxxx.com.rsa
        #SSLCertificateChainFile /opt/clsfd_ib/env/ssl_keys/xxxxxxxxx.com.pem
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combinedi

        ProxyPass /api http://YYYYYYYYYY.com:1337
        ProxyPassReverse /api http://YYYYYYYYYY.com:1337
        <Location "/api">
                Require all granted
        </Location>
</VirtualHost>

Feel free to let me know if you need more infomation.
Thank you a lot.