Creating a proxy using mod_perl
I have a site that does secure credit card transactions on behalf of
merchants. As soon as a cardholder on the merchant site is ready to pay,
the merchant redirects the cardholder to my site, and I pick up payment
details from the cardholder directly over SSL.
When the cardholder is accessing my site, I retrieve certain elements
from the merchant site and present them to the cardholder while he is
completing the purchase on my site. Since the merchants do not pick up
any payment sensitive information, quite a few of them do not have SSL
certificates themselves.
Typically, when the cardholder is on my payment site, I will fetch the
company logo and various other certain elements from the merchant site.
If the merchant site does not have SSL himself, these items will be
fetched using normal http (and not https) requests. In Internet
Explorer, if you are visiting a site using https that refers to img src
links or similar from a non-ssl site (through normal http) the user will
get annoying dialog boxes warning him about this.
To avoid this situation, I allow merchants to proxy the non-SSL stuff
through my site, where they actually refer to an local url with a
parameter to where the item can be retrieved from the non-SSL site. My
script will retrieve the page from the http link and return it through a
local https link, which makes the Internet Explorer warnings go away.
The way I am currently doing this is as follows:
I have a handler module which is activated through the following in
httpd.conf:
Location /proxy
SetHandler perl-script
PerlHandler Proxy
/Location
The Proxy.pm module looks as follows:
package Proxy;
use strict;
use warnings;
use Apache::Constants qw (REDIRECT OK);
use LWP::UserAgent;
sub handler {
my $r = shift;
my $ua = new LWP::UserAgent;
$ua-timeout (30);
my $uri = $ENV{REQUEST_URI};
$uri =~ /proxy\?url=(.*)$/;
$uri = $1;
my $request = new HTTP::Request (GET = $uri);
my $response = $ua-request ($request);
if ($response-is_success) {
$r-content_type ($response-headers-header ('Content-type'));
$r-send_http_header;
print $response-content;
} else {
print $response-error_as_HTML;
}
return OK;
}
1;
In short, it takes a request such as
https://my.secure.site/proxy?url=http://from.unsecure.site/someimg.gif
and retrieves the data from the unsecure site and return it through the
secure site at my end.
This works _mostly_ ok, but on what seems like random occations the
httpd process will die (segmentation fault). I can not be sure that the
proxy module is to blame, but I log process id the access log as well
and it seems the last request to be served always seem to be such a
proxy request (my server servers other stuff as well).
Any ideas on why this is so?
Any other ways of accomplishing the same without the added overhead of
my perl module?
Thanks in advance,
Marius Kjeldahl
Re: Creating a proxy using mod_perl
Marius Kjeldahl wrote: Any other ways of accomplishing the same without the added overhead of my perl module? There was an example in the eagle-book, AFAIR, you need to build a custom PerlTranslateHandler and rewrite the filename to the url of your customer and use $r-handler(mod-proxy), (or maybe proxy or mod_proxy, just check the docs and look for the needed AddHandler directive) ciao -- Mit freundlichen Grüßen - Nico Erfurth Headlight Housingfactory GmbH Email: [EMAIL PROTECTED] -
Re: Creating a proxy using mod_perl
On Fri, 15 Mar 2002, Marius Kjeldahl wrote: Any other ways of accomplishing the same without the added overhead of my perl module? You can use 1. mod_proxy: ProxyPass /images/http://image.site/image/ 2. mod_accel: AccelPass /images/http://image.site/image/ 3. default-handler - images must be on the same host: Location /images/ SetHandler default-handler /Location Igor Sysoev
Re: Creating a proxy using mod_perl
I guess these all suffer from the fact that the parameters have to be specified in httpd.conf, which makes it impossible to pass a url to fetch from in a parameter, right? Marius K. Igor Sysoev wrote: On Fri, 15 Mar 2002, Marius Kjeldahl wrote: Any other ways of accomplishing the same without the added overhead of my perl module? You can use 1. mod_proxy: ProxyPass /images/http://image.site/image/ 2. mod_accel: AccelPass /images/http://image.site/image/ 3. default-handler - images must be on the same host: Location /images/ SetHandler default-handler /Location Igor Sysoev
Re: Creating a proxy using mod_perl
On Fri, 15 Mar 2002, Igor Sysoev wrote: On Fri, 15 Mar 2002, Marius Kjeldahl wrote: Any other ways of accomplishing the same without the added overhead of my perl module? You can use 1. mod_proxy: ProxyPass /images/http://image.site/image/ I'd go for this, perhaps with mod_rewrite or a PerlTransHandler since you'll want to proxy for more than one company's site. -- steven 1;
Re: Creating a proxy using mod_perl
On Fri, 15 Mar 2002, Marius Kjeldahl wrote: I guess these all suffer from the fact that the parameters have to be specified in httpd.conf, which makes it impossible to pass a url to fetch from in a parameter, right? So mod_rewite with mod_proxy or mod_accel: RewriteRule /proxy_url=http://(.+)$http://$1 [L,P] Note that 'proxy?url=' is changed to 'proxy_url='. Igor Sysoev
Re: Creating a proxy using mod_perl
At 05:11 PM 3/15/2002 +0300, Igor Sysoev wrote: On Fri, 15 Mar 2002, Marius Kjeldahl wrote: I guess these all suffer from the fact that the parameters have to be specified in httpd.conf, which makes it impossible to pass a url to fetch from in a parameter, right? So mod_rewite with mod_proxy or mod_accel: RewriteRule /proxy_url=http://(.+)$http://$1 [L,P] Note that 'proxy?url=' is changed to 'proxy_url='. Any concern about being an open proxy there? I'd want to only proxy the sites I'm working with. I'd rather cache the images locally, just in case you are working with a slow site or if they do something silly like check referer on requests. Bill Moseley mailto:[EMAIL PROTECTED]
Re: Creating a proxy using mod_perl
On Fri, 15 Mar 2002, Bill Moseley wrote: At 05:11 PM 3/15/2002 +0300, Igor Sysoev wrote: On Fri, 15 Mar 2002, Marius Kjeldahl wrote: I guess these all suffer from the fact that the parameters have to be specified in httpd.conf, which makes it impossible to pass a url to fetch from in a parameter, right? So mod_rewite with mod_proxy or mod_accel: RewriteRule /proxy_url=http://(.+)$http://$1 [L,P] Note that 'proxy?url=' is changed to 'proxy_url='. Any concern about being an open proxy there? I'd want to only proxy the sites I'm working with. I'd rather cache the images locally, just in case you are working with a slow site or if they do something silly like check referer on requests. My prefrence is using static parameters in httpd.conf: AccelPass /mercant1/http://mercant1/umages/ AccelPass /mercant2/http://mercant2/umages/ ... AccelPass /mercant3/http://mercant3/umages/ And of course proxied images can be cached. Igor Sysoev
