I've had to do something similar a while back, and ended up doing this without
modperl. I might end up switching to modperl one of these days.
It looks something like:
----- ---- ---------------------- -------------------------
|SSL| -> |FW| -> |proxy.internaldom.dk| -> |somehost.internaldom.dk|
----- ---- ---------------------- -------------------------
The frontend SSL server is set up with mod_proxy and has an entry
for each internal host that looks like:
ProxyPass /intra/somehost/ http://somehost.internaldom.dk/
ProxyPassReverse /intra/somehost/ http://somehost.internaldom.dk/
And then making sure that all is handled through the proxy:
ProxyRemote http http://proxy.internaldom.dk:12345/
The internal proxy is quite simply set up to push all html through one
simple regexp: s|http://(\w+).internaldom.dk|/intra/$1|g
Currently my proxy is based on http://muffin.doit.org/ NoThanks, but
will probably end up as some kind of Apache/mod_perl once I get my
new proxy machine.
There is two obvious advantages about this approach - only one regexp,
which means only one pass of the html is needed and that the connection
from the external machine through the firewall is restricted to one
simple rule in the FW machine and that it can be easily protected with
encryption/authentication.
This probably doesn't answer your question ;-) But I hope that at least
the idea is useful.
vh
Mads Toftum, QDPH
