Thanks for the quick reply Joshua. It is a link. The problem is that I do not have access to the server or the source. The website is written in DEC basic compiled as CGI executables on a VMS box.
I've tried the ProxyPreserveHost on and off with no difference. I am running mod_proxy_html so I will look into that. The really puzzling part of this and the reason that I think I should be able to find this is that there are two ways to get to this site: The customer's LAN (where the VMS box lives) lets you access the site non SSL on port 80 ACL for only the 10 network and now for the 192 (Reverse proxy) and everything works for the 10 network fine. (It seems like the main webserver thinks that the proxy is on the 10 network as well maybe due to the NATing? The NATing is set up as: 12.3.8.3 443 (Outside compliant) -> 192.168.2.2 443 (DMZ Reverse Proxy) -> 10.2.1.2 80 (Internal webserver) >From outside but you can only get there on 443 and there is an SSLRequired access any directive. The NATing doesn't go thru the DMZ (Correcting this and putting mod_security on the RP is the end goal) and is: 12.3.8.3 443 -> 10.2.1.2 443 So the links are being written based on what I would hope was in httpd.conf ssl.conf or some other place that allows the webserver to know where you are coming from so that it knows how to write the link. I feel like am I just missing something here since the reverse proxy should do this. I do have all of the Apache hardening turned off so the URL size, etc. is not an issue. Thanks, Jeff On 7/14/07, Jeff Murch <[EMAIL PROTECTED]> wrote: > > > > > I am running into a problem with a reverse proxy where dynamic links to > detail records are showing up referring to the main webserver on a 10 > network instead of the NAT'd public address of the proxy. > > > > An example would be a link showing up from the proxy to the end user's > browser as http://10.2.1.2/cgi-bin/ obviously won't work and needs a rule so > that any occurrence of 10.2.1.2 is replaced with 205.145.160.12 with the > remainder of the URL left unchanged. > > > > From my understanding the most appropriate way to do this would be with > mod_rewrite? mod_rewrite is not likely the right tool, since it only deals with meta-data (request and response headers) and not the content of your pages. You should start by asking where this internal IP is coming from. Is it hard-coded in your application someplace? Can you configure your application to use the public IP? If the application is reading the IP from the Host: request header, then you could consider using the ProxyPreserveHost directive to fool it into thinking it has a different name. Alternatively, if you really need to rewrite links inside html pages, the only real solution is mod_proxy_html. Google for it. Finally, it may be that when you refer to "links", you really mean "redirects". If this is so, you should make sure you have properly configured your ProxyPassReverse directive. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.10.6/900 - Release Date: 7/14/2007 3:36 PM
