How to prevent URL being expanded by port number

Hi team,

I set up latest version of the software (agent, server, tlwebaccess on the same server) to my satisfaction.

I need to get access to the server via the web access solution.

Unfortunately the URL’s get expanded by the port, for example

httpps://tl.myserver.com:9443/agent

I want it to be

httpps://tl.myserver.com/agent

I want to have access to the server from behind restrictive firewalls, which only allow port 443.

The port 9443 gets redirected to port 443 by the sslh port multiplexer software.

As another option I made some changes to my webaccess.conf.

This is part of my webaccess.hconf

*# The url to the login page. *
# Example: https://thinlinc.example.com:300/
#login_page=/
login_page=https://tl.myserver.com:443/

# The port on which to run the webserver
listen_port=9443

# This parameter controls the order and availability of TLS ciphers
# and handshake options for GnuTLS, also called a GnuTLS priority
# string.
gnutls_priority=NORMAL

O. K. I defined the login_page parameter to work around, but
strange thing, even though the login page defines the port “443”, instead the generated URL contains the wrong string “9443” - httpps://tl.myserver.com:9443/agent
So the wrong port is getting inserted after being logged in (…/agent).

And yes, I restarted all processes to apply all changes.

I kindly ask you to verify, and give some opinion on that.

Martin.

P. S. Don’t stumble upon “httpps” - this system does not allow for more than two URLs so I needed to do this trick…

Well, I went to the source code and replaced the $targetserver in main.tmpl with my URL
This solved the problem for me, maybe there is a cleaner way?

Hello,

I don’t think there’s an easy way around it. Browsers will always the display the port number in the address field if it is not a standard port 80 or 443.

Kind regards,
Martin

Thank you,

but what is the use of the " login_page" entry if it does not get respected?

Hello @MSK

The login_page URL, which is used to redirect back to the Web Access login page on the master server. The default value is / , which redirects to the current server. This parameter needs to be changed when ThinLinc Web Access is used in a cluster setup.

In a single server setup, redirect to / is usually fine, but as stated above (from the manual) this will redirect the user back to the current agent, and not to the master server, which is normally the desired behavior in such scenarios.

It was never meant to do port redirection as well, it will use what is defined in listen_port.

I understand that the example given in the configuration file

# Example: https://thinlinc.example.com:300/

Can sometimes be misleading that it will also do port translations, but it will not.

Very good to know, well, the topic can be closed now I guess.

Martin.

1 Like