How to change HTTP headers in Apache 2.0.53?

Hi everyone,

Does anyone know of a way to edit HTTP Header variables as they are
passed to a CGI being executed? Here's the background: we're adding a
reverse proxy to secure a Web application. This application makes use
of several HTTP headers (REMOTE_ADDR, HTTPS, SSL_CIPHER_KEYSIZE and
many others) and uses this information not only inside the CGI code
running on the web server but all the way back to the back-end.
Rewriting the application to look in new headers (X-Forwaded-for, for
example) is not an option at this time.

The architecture we have is:
- Apache 2.0.53 on Linux (Debian)
- "OUTSIDE" web server is SSL-enabled and listens for connections from
browsers The server is configured to provide static content but use
Apache's reverse proxy features to send CGI requests to a back-end
server (either via the Proxy directive or via RewriteRule and Proxy).
- "INSIDE" web server receives connection from outside server over
regular HTTP and executes the CGIs as needed.

The issue we are having is that some of the variables the INSIDE
server is passing to the CGI actually reflect the intermediary
connection from the OUTSIDE server and not the data from the client.
For example, REMOTE_ADDR may be 127.0.0.1 (both Web instances are
running on same
server) instead of a remote client address. This is, of course,
"proper" behaviour for a Web server, but we need a way of tricking it
into responding with the information from the 'original' request. I
know we can pass the 'original' information in temporary headers by
using 'RequestHeader' on the OUTSIDE server, but I can't find a way of
configuring the INSIDE server to overwrite the variables with the data
we need...

Ideally, what I'd do is I would configure the OUTSIDE server to pass
the variables we need in HTTP_* variables and have the INSIDE server
overwrite the "real" variables (REMOTE_ADDR, HTTPS, etc...) with the
values from those HTTP_* variables.

Writing an intermediary CGI that would take the headers and modify
before sending to the customer's CGI is not something we want to do,
as performance in this environment is critical.

Any suggestions? I looked at mod_rewrite, but that is for URL
rewriting, not for modifying the variables.

Thanks!!!

Cheers,
Fernando
--
Fernando Montenegro, CISSP - fsmontenegro@gmail.com
Markham, ON, Canada

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to change HTTP headers in Apache 2.0.53?

On Sun, 20 Mar 2005 23:07:22 -0500, Fernando Montenegro
wrote:
> Does anyone know of a way to edit HTTP Header variables as they are
> passed to a CGI being executed? Here's the background: we're adding a
> reverse proxy to secure a Web application. This application makes use
> of several HTTP headers (REMOTE_ADDR, HTTPS, SSL_CIPHER_KEYSIZE and
> many others) and uses this information not only inside the CGI code
> running on the web server but all the way back to the back-end.
> Rewriting the application to look in new headers (X-Forwaded-for, for
> example) is not an option at this time.

I see three possible solutions. One you have already ruled out:

> Writing an intermediary CGI that would take the headers and modify
> before sending to the customer's CGI is not something we want to do,
> as performance in this environment is critical.

Have you actually benchmarked the performance hit? I'd be surprised
if this was actually the factor make or break your application.

A second possibility is the RequestHeader directive, but I believe you
would need to use the "early" keyword to make it work early enough in
the request processing phase, and that isn't available in version 2.0;
it is only in the development version, 2.1.

A third possibility is to write a simple module that would rewrite the
request_rec for you.

That's all the ideas I have.

Joshua.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to change HTTP headers in Apache 2.0.53?

On Mon, Mar 21, 2005 at 12:20:08PM -0500, Joshua Slive wrote:
> > Writing an intermediary CGI that would take the headers and modify
> > before sending to the customer's CGI is not something we want to do,
> > as performance in this environment is critical.
>
> Have you actually benchmarked the performance hit? I'd be surprised
> if this was actually the factor make or break your application.

Depends; if it's a perl script (and there's no mod_perl involved) it can
definitely be a make/break. Wanna see pictures of melted servers? *whips
out wallet*

=)

> A third possibility is to write a simple module that would rewrite the
> request_rec for you.

I've not tried this (and don't honestly have the time right this second;
today's shaping up to be an interesting one), but if mod_perl were an
option, you may be able to use it to craft a module that did this. Of
course, if you're not already running it, installing it at this point
may be more trouble than it's worth. Additionally, if performance is
such a consideration, then a I'd agree that a small apache module would
probably be the way to go here.

--n

--
dd of=/dev/fd0 if=/dev/flippy bs=1024
^^^ Making Flippy Floppy


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to change HTTP headers in Apache 2.0.53?

On Mon, 21 Mar 2005 14:43:33 -0500, Noah wrote:
> On Mon, Mar 21, 2005 at 12:20:08PM -0500, Joshua Slive wrote:
> > > Writing an intermediary CGI that would take the headers and modify
> > > before sending to the customer's CGI is not something we want to do,
> > > as performance in this environment is critical.
> >
> > Have you actually benchmarked the performance hit? I'd be surprised
> > if this was actually the factor make or break your application.
>
> Depends; if it's a perl script (and there's no mod_perl involved) it can
> definitely be a make/break. Wanna see pictures of melted servers? *whips
> out wallet*

But the thing is, the cost of the perl script is already sunk. The
script to do the variable substitution could be a simple shell script
or a compiled executable. All it costs is one extra program call.

Joshua.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to change HTTP headers in Apache 2.0.53?

On Mon, Mar 21, 2005 at 03:15:55PM -0500, Joshua Slive wrote:
> On Mon, 21 Mar 2005 14:43:33 -0500, Noah wrote:
> > On Mon, Mar 21, 2005 at 12:20:08PM -0500, Joshua Slive wrote:
> > > > Writing an intermediary CGI that would take the headers and modify
> > > > before sending to the customer's CGI is not something we want to do,
> > > > as performance in this environment is critical.
> > >
> > > Have you actually benchmarked the performance hit? I'd be surprised
> > > if this was actually the factor make or break your application.
> >
> > Depends; if it's a perl script (and there's no mod_perl involved) it can
> > definitely be a make/break. Wanna see pictures of melted servers? *whips
> > out wallet*
>
> But the thing is, the cost of the perl script is already sunk. The
> script to do the variable substitution could be a simple shell script
> or a compiled executable. All it costs is one extra program call.

I got the impression that the thought to add a CGI into the execution
stream which would muck with the headers prior to the request being
sent to the customer's (read: a different) CGI. If this is the case, a
second CGI would be getting called, (obviously =) ) reducing performance. If the plan was to incorporate the headermunging into an existing CGI, I'd agree with you; it's just not the impression I got from the original email.

--n

--
dd of=/dev/fd0 if=/dev/flippy bs=1024
^^^ Making Flippy Floppy


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to change HTTP headers in Apache 2.0.53?

Hi everyone,

Thanks for the info. Looks like an apache filter is the way to go.

Noah, you're right. Adding a CGI would mean an additional CGI in front
of the existing one. We have not checked performance there, but I
don't see it being pretty.

Rewriting the existing CGI is tricky, but I can see how it would be
the only other way to do it (other than writing an apache filter).
I'll look into the filter option for a while.

Thanks for the help!

Cheers,
Fernando

On Mon, 21 Mar 2005 18:13:01 -0500, Noah wrote:
> On Mon, Mar 21, 2005 at 03:15:55PM -0500, Joshua Slive wrote:
> > On Mon, 21 Mar 2005 14:43:33 -0500, Noah wrote:
> > > On Mon, Mar 21, 2005 at 12:20:08PM -0500, Joshua Slive wrote:
> > > > > Writing an intermediary CGI that would take the headers and modify
> > > > > before sending to the customer's CGI is not something we want to do,
> > > > > as performance in this environment is critical.
> > > >
> > > > Have you actually benchmarked the performance hit? I'd be surprised
> > > > if this was actually the factor make or break your application.
> > >
> > > Depends; if it's a perl script (and there's no mod_perl involved) it can
> > > definitely be a make/break. Wanna see pictures of melted servers? *whips
> > > out wallet*
> >
> > But the thing is, the cost of the perl script is already sunk. The
> > script to do the variable substitution could be a simple shell script
> > or a compiled executable. All it costs is one extra program call.
>
> I got the impression that the thought to add a CGI into the execution
> stream which would muck with the headers prior to the request being
> sent to the customer's (read: a different) CGI. If this is the case, a
> second CGI would be getting called, (obviously =) ) reducing performance. If the plan was to incorporate the headermunging into an existing CGI, I'd agree with you; it's just not the impression I got from the original email.
>
> --n
>
> --
> dd of=/dev/fd0 if=/dev/flippy bs=1024
> ^^^ Making Flippy Floppy
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


--
Fernando Montenegro, CISSP - fsmontenegro@gmail.com
Markham, ON, Canada

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache -2.0.52 for Redhat linux

Hi,

I am looking for apache-2.0.52 binary for RedHat linux.

Can I download the httpd-2.0.52.tar.gz(Unix version)
Or I need to download the linux tars from
http://www.apache.org/dist/httpd/binaries/linux/?

I am not sure which of those is suited for my server?

Any help?

Thks,
-Deepa



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache -2.0.52 for Redhat linux

> Hi,
>
> I am looking for apache-2.0.52 binary for RedHat linux.
>

which redhat ?

> Can I download the httpd-2.0.52.tar.gz(Unix version)
> Or I need to download the linux tars from
> http://www.apache.org/dist/httpd/binaries/linux/?
>
> I am not sure which of those is suited for my server?
>

You better look at some rpm's repository


> Any help?
>
> Thks,
> -Deepa
>
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org