Any changes made in the Administration page triggers a redirect to the log in page (Apache proxy)

Hello,
I’m running SonarQube 9.7.0.61563 with Apache reverse proxy in front that is also configured for https, the problem is that anything that I change it automatically redirects to the log in page.

Note:

For example sending a test email.

192.168.200.155 - - [02/Dec/2022:13:58:15 +0200] "POST /api/emails/send HTTP/1.1" 401 - "https://sonar.xxx.yyy.com/admin/settings" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" "AYTSnnjK36t4epkpAAF+" 192.168.200.155 - - [02/Dec/2022:13:58:15 +0200] "GET /sessions/new?return_to=%2Fadmin%2Fsettings HTTP/1.1" 200 - "https://sonar.xxx.yyy.com/admin/settings" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" "AYTSnnjK36t4epkpAAF/" 192.168.200.155 - - [02/Dec/2022:13:58:15 +0200] "GET /api/l10n/index?locale=en-US HTTP/1.1" 200 - "https://sonar.xxx.yyy.com/sessions/new?return_to=%2Fadmin%2Fsettings" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" "AYTSnnjK36t4epkpAAGA" 192.168.200.155 - - [02/Dec/2022:13:58:16 +0200] "GET /api/users/identity_providers HTTP/1.1" 200 120 "https://sonar.xxx.yyy.com/sessions/new?return_to=%2Fadmin%2Fsettings" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" "AYTSnnjK36t4epkpAAGB"

the config from apache
<VirtualHost *:80>
ServerName sonar.xxx.yyy.com

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

<VirtualHost *:443>

ServerName sonar.xxx.yyy.com
ServerAdmin admin@somecompany.com
ProxyRequests Off
ProxyPass / http://192.168.200.155:9000/
ProxyPassReverse / http://192.168.200.155:9000/
ErrorLog logs/sonar/error.log
CustomLog logs/sonar/access.log common

SSLEngine on
SSLCertificateFile      /etc/httpd/cert/STAR.crt
SSLCertificateChainFile /etc/httpd/cert/STAR.ca-bundle
SSLCertificateKeyFile /etc/httpd/cert/STAR.key

# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"

intermediate configuration

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLSessionTickets off

ServerTokens Prod
ServerSignature Off
TraceEnable off
FileETag None
Header set X-XSS-Protection “1; mode=block”
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure`

Hey there.

These cookies are automatically set when appropriate by SonarQube – you should remove this configuration. It is probably causing the login/logout behavior.

Thank you Colin for the solution

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.