You might want to take a look at a mod_perl based proxy module I wrote - https://metacpan.org/module/Apache2::Proxy
It was used in conjunction with Perlbal and a couple other tricks, but was pretty speedy given the crude nature of how I implemented it. On Fri, Nov 23, 2012 at 9:39 AM, André Warnier <a...@ice-sa.com> wrote: > Hi. > > I am trying to solve an unconventional (I think) issue with mod_perl (or > even without it). > Environment : Apache 2.2/mod_perl 2 under Linux. > > The issue : > A number of workstations are in a LAN, using a local DNS server under my > control. > In the same LAN (192.168.45.0), I have a Linux host running Apache > 2.2/mod_perl 2, also under my full control (IP 192.168.45.100). > > Currently, the LAN workstations access external websites such as (for the > sake of example) : > 1) http://www.site-1.com (IP 1.2.3.4) > 2) http://www.site-2.biz (IP 2.3.4.5) > 3) http://www.site-3.org (IP 3.4.5.6) > 4) http://www.site-4.co.uk (IP 4.5.6.7) > (all these IP's being supposedly real public Internet IP addresses) > > In the future, I would like that when the workstations try to access > websites (2) and (4) above, they access them through my Apache/mod_perl > host. > The reason for this is that > a) I need to authenticate the users > b) I need to allow some users to access these external servers, and deny > other users (and for those, I need to return a nice page explaining why) > > I already do the authentication/authorization using custom PerlAuth* > handlers. > I also know how to write PerlFixupHandler and PerlTransHandler modules, and > how to "push" other Perl "HTTP cycle" handlers when needed. > > My basic scheme is as follows : > - the DNS server configuration is modified so that when resolving the > hostnames (2) and (4) above, it returns the IP address of the internal > Apache host (192.168.45.100). > When a workstation thus wants to connect to webserver (2) above, in reality > it connects to the internal Apache host, where I want to perform my mod_perl > magic. > - on the Apache host, there is a virtual host configured with > ServerAlias www.site-2.biz > ServerAlias www.site-4.co.uk > so it responds to these requests. > > The Apache host has access to the "real" IP addresses of the above external > webservers. > (For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS > server which delivers the original IP addresses). > > In the Apache host, I have the following configuration section : > <Location /> > AuthType MyOwn > AuthName CheckProxy > PerlAuthenHandler my:AuthHandler->get_id > PerlAuthzHandler my:AuthHandler->allow_or_not > Require valid-user > PerlFixupHandler ???? > PerlTransHandler ???? > ProxyPass http://(corresponding hostname)/(path and query as received) > </Location> > > Now my questions are : if I do something at the level of the > PerlFixupHandler or PerlTransHandler, > 1) is that "early enough" to be before the Apache ProxyPass step ? > 2) can I set the "(corresponding hostname)" above in such a Perl handler, or > otherwise manipulate the URI before it gets proxy-ed ? > 3) do I need this ProxyPass directive in my configuration, or can I just set > the Apache response handler to be mod_proxy_http, in one of the Perl > handlers ? and if yes, how ? > > I'd be thankful for any answer or tip, even about a solution which does not > involve mod_perl at all. (But in reality, I do need to do a bit more in my > handlers than I allude to above). > > > > > > > > > >
