Hi.
I am trying to solve an unconventional (I think) issue with mod_perl (or even
without it).
Environment : Apache 2.2/mod_perl 2 under Linux.
The issue :
A number of workstations are in a LAN, using a local DNS server under my
control.
In the same LAN (192.168.45.0), I have a Linux host running Apache 2.2/mod_perl 2, also
under my full control (IP 192.168.45.100).
Currently, the LAN workstations access external websites such as (for the sake
of example) :
1) http://www.site-1.com (IP 1.2.3.4)
2) http://www.site-2.biz (IP 2.3.4.5)
3) http://www.site-3.org (IP 3.4.5.6)
4) http://www.site-4.co.uk (IP 4.5.6.7)
(all these IP's being supposedly real public Internet IP addresses)
In the future, I would like that when the workstations try to access websites (2) and (4)
above, they access them through my Apache/mod_perl host.
The reason for this is that
a) I need to authenticate the users
b) I need to allow some users to access these external servers, and deny other users (and
for those, I need to return a nice page explaining why)
I already do the authentication/authorization using custom PerlAuth* handlers.
I also know how to write PerlFixupHandler and PerlTransHandler modules, and how to "push"
other Perl "HTTP cycle" handlers when needed.
My basic scheme is as follows :
- the DNS server configuration is modified so that when resolving the hostnames (2) and
(4) above, it returns the IP address of the internal Apache host (192.168.45.100).
When a workstation thus wants to connect to webserver (2) above, in reality it connects to
the internal Apache host, where I want to perform my mod_perl magic.
- on the Apache host, there is a virtual host configured with
ServerAlias www.site-2.biz
ServerAlias www.site-4.co.uk
so it responds to these requests.
The Apache host has access to the "real" IP addresses of the above external
webservers.
(For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS server which
delivers the original IP addresses).
In the Apache host, I have the following configuration section :
<Location />
AuthType MyOwn
AuthName CheckProxy
PerlAuthenHandler my:AuthHandler->get_id
PerlAuthzHandler my:AuthHandler->allow_or_not
Require valid-user
PerlFixupHandler ????
PerlTransHandler ????
ProxyPass http://(corresponding hostname)/(path and query as received)
</Location>
Now my questions are : if I do something at the level of the PerlFixupHandler or
PerlTransHandler,
1) is that "early enough" to be before the Apache ProxyPass step ?
2) can I set the "(corresponding hostname)" above in such a Perl handler, or otherwise
manipulate the URI before it gets proxy-ed ?
3) do I need this ProxyPass directive in my configuration, or can I just set the Apache
response handler to be mod_proxy_http, in one of the Perl handlers ? and if yes, how ?
I'd be thankful for any answer or tip, even about a solution which does not involve
mod_perl at all. (But in reality, I do need to do a bit more in my handlers than I allude
to above).