Also take a look at this http://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html It can be used for writing an output filter.
On 9/29/06, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
If I'm right about absolute links the best way to fix that is make your backend server to produce relative links only, i.e. without server name. Other way is writing a special handler that would parse all aoutgoing data and strip the name of backend servere from the links. Of course it will lead into a huge performance lose. On 9/29/06, Jeff DeFord <[EMAIL PROTECTED]> wrote: > Hmmm, interesting. So how do I get around this? I am perplexed to say > the least... > > On 9/29/06, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > > I've tested kind of your configuration and everything works all right > > in mine test environment. So I still think that your real server > > (Oracle Application Server) somehow generates absolute (not realive) > > links. I'm almost sure in that. > > > > On 9/29/06, Jeff DeFord <[EMAIL PROTECTED]> wrote: > > > AFAIK, it is all static content with some jsp pages. No CGI/PHP/Etc... > > > The real server is an Oracle application server, so all of the web > > > content was derived from the installation process script "AutoConfig". > > > > > > My confusion is in trying to get the URL's rewritten and proxied that > > > go beyond the root level. I have tried various combinations of > > > ProxyPass and ProxyPassReverse statements, Rewrite Rules, etc and so > > > far I can only get the root-level HTML to proxy and rewrite. > > > > > > so the real url > > > https://realserver:8050/some_page.html > > > > > > appears to be > > > https://proxyserver/some_page.html > > > > > > Just as it should. > > > > > > But mousing over or clicking any url with a directory path beyond "/" > > > shows that the URL does not get rewritten or proxied and I have tried > > > a myriad of combinations iwth ProxyPass/Reverse and RewriteRule > > > directives all to no avail. > > > > > > Here are the important bits of the httpd.conf file: > > > > > > <VirtualHost *:80> > > > ServerName proxy_server > > > RewriteEngine On > > > RewriteLogLevel 9 > > > RewriteLog logs/rewrite_log > > > ## Redirect all incoming HTTP requests to HTTPS locally before proxying. > > > RewriteRule ^/(.*) https://proxy_server/$1 [R,L] > > > </VirtualHost> > > > > > > > > > <VirtualHost _default_:443> > > > # General setup for the virtual host > > > ServerName proxy_server > > > SSLEngine on > > > SSLOptions +StrictRequire > > > SSLProtocol -all +TLSv1 +SSLv3 > > > SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM > > > > > > # Server Certificate: > > > SSLCertificateFile conf/ssl.crt/server.crt > > > # Server Private Key: > > > SSLCertificateKeyFile conf/ssl.key/server.key > > > # SSL Protocol Adjustments: > > > SetEnvIf User-Agent ".*MSIE.*" \ > > > nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 > > > # Per-Server Logging: > > > #CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x > > > %{SSL_CIPHER}x \"%r\" %b" > > > CustomLog logs/ssl_request_log common > > > > > > RewriteEngine On > > > RewriteLogLevel 9 > > > RewriteLog logs/rewrite_log > > > > > > ProxyRequests Off > > > SSLProxyEngine On > > > SSLProxyCACertificateFile conf/cacerts.crt > > > ProxyPreserveHost On > > > ProxyPass / https://real_server:8050/ > > > ProxyPassReverse / https://real_server:8050/ > > > </VirtualHost> > > > > > > > > > I have tried putting proxy rules in the 443 virtual host > > > I have tried putting proxy rules in the IfModule mod_proxy.c section > > > I have tried rewrite rules in all kinds of places and all kinds of > > > combinations of proxy and rewrite directives... > > > But somehow I can't get the combination right. > > > > > > I want URLs from the real server like this one > > > https://real_server:8050/dir1/dir2/jsp/some_page.jsp > > > > > > to get proxied and appear as if they came from the proxy server > > > https://proxy_server/dir1/dir2/jsp/some_page.jsp > > > > > > I just don't know where to put the rules and if I need both porxy and > > > rewrite rules for every possible URL/directory structure combination > > > that exists on the real server. > > > > > > Any help or direction would be greatly appreciated. > > > > > > -=jeff > > > > > > > > > On 9/28/06, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > > > > What kind of "real" server do you have on backend? Does it have static > > > > content or dynamic? Could it be that your wrong links are generated on > > > > backend by PHP/ASP/CGI or any other dynamic application that uses > > > > $SEVER_NAME or some other variable to build absolute links? > > > > > > > > On 9/28/06, Jeff DeFord <[EMAIL PROTECTED]> wrote: > > > > > For testing purposes, I'm using a self-signed sert on the proxy server > > > > > for the initial redirection, then the proxy server acts as a SSL > > > > > client for all proxied requests that are handed off to the app server > > > > > which is listening on port 8050 (SSL) using a real certificate. > > > > > > > > > > I copied the real cert file to the proxy server and put it in a file > > > > > called cacerts.crt and added the directive shown below to the > > > > > httpd.conf file: > > > > > > > > > > SSLProxyCACertificateFile conf/cacerts.crt > > > > > > > > > > In this configuration, the proxy server can be configured to be a SSL > > > > > client for many sites each having their own cert. > > > > > > > > > > My problem is getting the proxy server configured so that mod_proxy > > > > > and mod_rewrite do their job for the URLs on the app server that are > > > > > below the root level and incorporate multiple levels of directories in > > > > > the URL. It all works great for foor-level URL's. > > > > > > > > > > I hope I answered your question. Now if someone could help me answer mine... > > > > > > > > > > -=jeff > > > > > > > > > > > > > > > On 9/28/06, John king <[EMAIL PROTECTED]> wrote: > > > > > > Where is your server cert installed? If it is installed on the reverse proxy > > > > > > server, do you decrypte the incoming HTTPS > > > > > > traffic and re-encrypte it again in the proxy server before sending it to > > > > > > the next host? > > > > > > > > > > > > > > > > > > On 9/28/06, Jeff DeFord <[EMAIL PROTECTED]> wrote: > > > > > > > Not sure if that would work since all requests are HTTPS... > > > > > > > Can you elaborate? > > > > > > > > > > > > > > Here are the modules I compiled in when I built Apache: > > > > > > > # ./httpd -l > > > > > > > Compiled in modules: > > > > > > > core.c > > > > > > > mod_access.c > > > > > > > mod_auth.c > > > > > > > mod_log_config.c > > > > > > > mod_headers.c > > > > > > > mod_setenvif.c > > > > > > > mod_proxy.c > > > > > > > proxy_connect.c > > > > > > > proxy_ftp.c > > > > > > > proxy_http.c > > > > > > > mod_ssl.c > > > > > > > prefork.c > > > > > > > http_core.c > > > > > > > mod_mime.c > > > > > > > mod_status.c > > > > > > > mod_dir.c > > > > > > > mod_rewrite.c > > > > > > > mod_so.c > > > > > > > > > > > > > > > > > > > > > On 9/27/06, Jim BAO <[EMAIL PROTECTED]> wrote: > > > > > > > > Did you try HTTP Connect? > > > > > > > > > > > > > > > > >>> [EMAIL PROTECTED] 9/27/2006 10:35 AM >>> > > > > > > > > All: > > > > > > > > > > > > > > > > I have some questions regarding the way to implement > > > > > > > > Apache as a reverse proxy server using mod_rewrite in order to mask the > > > > > > > > real > > > > > > > > URLs. Users will connect to the proxy, then the proxy will connect to > > > > > > > > the real server that is listening on port 8050 (SSL) > > > > > > > > > > > > > > > > > > > > > > > > So far this is what I have working: > > > > > > > > > > > > > > > > Proxy server listining on port 80 and on 443 and I am > > > > > > > > using a rewrite rule to force a rediect to 443 only as shown below: > > > > > > > > > > > > > > > > ## Redirect all incoming HTTP requests to HTTPS locally before > > > > > > > > proxying. > > > > > > > > RewriteRule ^/(.*) https://proxy.server.com/$1 [R,L] > > > > > > > > > > > > > > > > This works just as expected as my initial http connection gets forced > > > > > > > > to https. > > > > > > > > > > > > > > > > Then I have the following proxy statements set up as shown below for > > > > > > > > the default SSL virtual host on the proxy server: > > > > > > > > > > > > > > > > ProxyRequests Off > > > > > > > > SSLProxyEngine On > > > > > > > > SSLProxyCACertificateFile conf/cacerts.crt > > > > > > > > ProxyPreserveHost On > > > > > > > > ProxyPass / https://real.server.com:8050/ > > > > > > > > ProxyPassReverse / https://real.server.com:8050/ > > > > > > > > > > > > > > > > This all works great for all of the base URLs on the root level. The > > > > > > > > home > > > > > > > > page URLs on the real server get rewritten and appear to have > > > > > > > > originated from the proxy server when I mouse over or > > > > > > > > click on a root-level URL. > > > > > > > > > > > > > > > > However, any URL with a subdirectory below the root level on the real > > > > > > > > server does not get rewritten and the real URL (the complete URL on > > > > > > > > the real server including the port number 8050) is visible on the > > > > > > > > proxied web page. > > > > > > > > > > > > > > > > Now, how do go I about getting this to work for all of the URLs with > > > > > > > > subdirectories? I have read through the documentation and I am stuck. > > > > > > > > > > > > > > > > Do I need rewrite rules for each URL that has a subdirectly below the > > > > > > > > root with a subsequent ProxyPass and ProxyPassReverse statement? > > > > > > > > > > > > > > > > Do my rewrite rules need to use the proxy flag [P]? Or will they work > > > > > > > > once written to mimic the root-level rules? > > > > > > > > > > > > > > > > Many thanks in advance for any help that you may provide.... > > > > > > > > > > > > > > > > > > > > > > > > -=jeff > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > The official User-To-User support forum of the Apache HTTP Server > > > > > > > > Project. > > > > > > > > See <URL: http://httpd.apache.org/userslist.html> for > > > > > > more info. > > > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > " from the digest: > > > > > > [EMAIL PROTECTED] > > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > The official User-To-User support forum of the Apache HTTP Server > > > > > > Project. > > > > > > > > See <URL: http://httpd.apache.org/userslist.html> for > > > > > > more info. > > > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > " from the digest: > > > > > > [EMAIL PROTECTED] > > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > The official User-To-User support forum of the Apache HTTP Server Project. > > > > > > > See <URL: http://httpd.apache.org/userslist.html> for > > > > > > more info. > > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > " from the digest: > > > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > The official User-To-User support forum of the Apache HTTP Server Project. > > > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > " from the digest: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > The official User-To-User support forum of the Apache HTTP Server Project. > > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > " from the digest: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > The official User-To-User support forum of the Apache HTTP Server Project. > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > " from the digest: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > " from the digest: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
