First of all, I would like to introduce myself. My name is
Martijn Schoemaker and I so programming/systemadmin/everything
*nix as my daytime job.
I am currently working at a big customer with a pretty complex
(too complex imho) proxy environment. This constists of
netscape proxies, ssl accelerators, netcache appliances, layer-4
switched and ofcourse apache proxies. In this environment we
use https at the frontend which is 'converted' to http requests
on the inside which are handled by the apache proxies. The problem
is that mod_proxy (as in apache 1.3.26) cannot reverse map to
urls outside it's own apache configuration. Because at different
places after the proxy, redirects are sent which need to be
rewritten to : https://fontend-address.com/<things> but because
mod_proxy uses the apache URL construction routines is not
possible (it will always map to http://<ServerName>/<rest>).
For this to be possible I created a small patch which does a
check on the 'fake' url if it contains a '://' and if so it
will use that as the first part and only pastes the additional
uri to that. If not, it just uses the apache url construction
routine as its default.
i.e. instead of a mapping like:
ProxyPassReverse /app/ http://internal-host:567/app
which will map to : http://<ServerName>/app/
it uses :
ProxyPassReverse https://frontend-address/app/ http://internal-host:567/app
which will map to the fixed URL supplied (the first part that is)
My question to you all is : am I making sense ? Can this be
incorporated in future releases ? As far as I can see this is
only added value and no other fake url will contain '://' unless
it is meant as fixed anyway.
I'd greatly appreciate any comments :)
Greetings,
Martijn Schoemaker
-- ------ WARNING: This signature contains a VIRUS ! ------- - SHLRUIOHUIOWHLNNMSKHKDLWINDOWSJHFHKJLLUIHEKJLNDHKKJHL - ---------------------------------------------------------
*** proxy_http.c.orig Thu Jul 25 17:23:00 2002
--- proxy_http.c Fri Jul 26 13:38:59 2002
***************
*** 129,139 ****
ent = (struct proxy_alias *)conf->raliases->elts;
for (i = 0; i < conf->raliases->nelts; i++) {
l2 = strlen(ent[i].real);
if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
! return ap_construct_url(r->pool, u, r);
}
}
return url;
}
--- 129,146 ----
ent = (struct proxy_alias *)conf->raliases->elts;
for (i = 0; i < conf->raliases->nelts; i++) {
l2 = strlen(ent[i].real);
if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
! /* If a :// is in the fake URL (i.e to be reversed URL)
! * we trust that the fake is a complete URL and we pass
! * it as-is. This allows reverse mapping for other hosts
! * that are upwards in the proxy-chain.
! */
! if (strstr(ent[i].fake, "://"))
! return u;
! else return ap_construct_url(r->pool, u, r);
}
}
return url;
}
