Hi.

I am trying to solve an unconventional (I think) issue with mod_perl (or even 
without it).
Environment : Apache 2.2/mod_perl 2 under Linux.

The issue :
A number of workstations are in a LAN, using a local DNS server under my 
control.
In the same LAN (192.168.45.0), I have a Linux host running Apache 2.2/mod_perl 2, also under my full control (IP 192.168.45.100).

Currently, the LAN workstations access external websites such as (for the sake 
of example) :
1) http://www.site-1.com  (IP 1.2.3.4)
2) http://www.site-2.biz  (IP 2.3.4.5)
3) http://www.site-3.org  (IP 3.4.5.6)
4) http://www.site-4.co.uk (IP 4.5.6.7)
(all these IP's being supposedly real public Internet IP addresses)

In the future, I would like that when the workstations try to access websites (2) and (4) above, they access them through my Apache/mod_perl host.
The reason for this is that
a) I need to authenticate the users
b) I need to allow some users to access these external servers, and deny other users (and for those, I need to return a nice page explaining why)

I already do the authentication/authorization using custom PerlAuth* handlers.
I also know how to write PerlFixupHandler and PerlTransHandler modules, and how to "push" other Perl "HTTP cycle" handlers when needed.

My basic scheme is as follows :
- the DNS server configuration is modified so that when resolving the hostnames (2) and (4) above, it returns the IP address of the internal Apache host (192.168.45.100). When a workstation thus wants to connect to webserver (2) above, in reality it connects to the internal Apache host, where I want to perform my mod_perl magic.
- on the Apache host, there is a virtual host configured with
  ServerAlias www.site-2.biz
  ServerAlias www.site-4.co.uk
so it responds to these requests.

The Apache host has access to the "real" IP addresses of the above external 
webservers.
(For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS server which delivers the original IP addresses).

In the Apache host, I have the following configuration section :
<Location />
  AuthType MyOwn
  AuthName CheckProxy
  PerlAuthenHandler my:AuthHandler->get_id
  PerlAuthzHandler my:AuthHandler->allow_or_not
  Require valid-user
  PerlFixupHandler ????
  PerlTransHandler ????
  ProxyPass http://(corresponding hostname)/(path and query as received)
</Location>

Now my questions are : if I do something at the level of the PerlFixupHandler or PerlTransHandler,
1) is that "early enough" to be before the Apache ProxyPass step ?
2) can I set the "(corresponding hostname)" above in such a Perl handler, or otherwise manipulate the URI before it gets proxy-ed ? 3) do I need this ProxyPass directive in my configuration, or can I just set the Apache response handler to be mod_proxy_http, in one of the Perl handlers ? and if yes, how ?

I'd be thankful for any answer or tip, even about a solution which does not involve mod_perl at all. (But in reality, I do need to do a bit more in my handlers than I allude to above).










Reply via email to