Re: [Vyatta-users] dynamic NAT redirection for HTTP based on host header rather than IP

Thu, 04 Oct 2007 18:07:37 -0700 

Its been a while since I've done it, but I think this should get you  
started... You can contact me off-list if you need any more assistance.

ProxyRequests Off
ProxyPreserveHost On

<VirtualHost www.foo.com>
   ServerName www.foo.com
   <Location />
     ProxyPass http://192.168.1.50/
     ProxyPassReverse http://192.168.1.50/
   </Location>
</VirtualHost>

<VirtualHost www.bar.com>
   ServerName www.bar.com
   <Location />
     ProxyPass http://192.168.1.51/
     ProxyPassReverse http://192.168.1.51/
   </Location>
</VirtualHost>

The ProxyRequests Off line is important, if you don't turn it off  
then you're an open proxy and spammers will love you and bring your  
server to its knees. Note that turning this off will not stop your  
proxy from working. The ProxyPreserveHost line will preserve the Host  
header field in the request and pass it through to the destination  
proxy host (192.168.1.50/51 in my example above). The idea is that  
you create a virtual host for every domain you want to proxy and  
point it to the internal ip of the server hosting the site. The  
original host header is passed through, so you don't have to use one  
ip per domain. The ProxyPass directive sends requests through, and  
ProxyPassReverse modifies server responses to prevent breakage from  
redirects (ie: the internal server might send a 302 with Location:  
192.168.1.51 in it which wont work... the Reverse directive will  
rewrite that back to www.bar.com in the header sent to the browser).  
This can be modified to work with ssl hosts and cacheing with other  
modules. Note that this can break cookies but there are other modules  
to fix that.


------------------
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com




On Oct 4, 2007, at 7:02 PM, Jeff Stockett wrote:

> ----- "Aubrey Wells" <[EMAIL PROTECTED]> wrote:
>> I can't think of a way to do this. The HTTP protocol establishes a
>> TCP session on port 80 before any payload data is sent (including the
>>
>> HOST: header) so the NATing would occur before the HOST header is
>> ever sent. What you need is a non-caching (or caching if you want)
>> HTTP proxy server. Look in to Apache's mod_proxy_http module.
>
> That makes sense - I will explore options along those lines.
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users

_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to