Patch to mod_proxy for fixed reverse mapping support
am 29.07.2002 14:37:57 von Martijn SchoemakerThis is a multi-part message in MIME format. First of all, I would like to introduce myself. My name is I am currently working at a big customer with a pretty complex For this to be possible I created a small patch which does a i.e. instead of a mapping like: which will map to : <ServerName>/app/ ProxyPassReverse which will map to the fixed URL supplied (the first part that is) My question to you all is : am I making sense ? Can this be I'd greatly appreciate any comments :) Greetings,
--------------602A59ACBD86B39B01DB1037
Content-Type: multipart/alternative;
boundary="------------316AD6FC050DE2639C278E4A"
--------------316AD6FC050DE2639C278E4A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
First of all, I would like to introduce myself. My name is
Martijn Schoemaker and I so programming/systemadmin/everything
*nix as my daytime job.
I am currently working at a big customer with a pretty complex
(too complex imho) proxy environment. This constists of
netscape proxies, ssl accelerators, netcache appliances, layer-4
switched and ofcourse apache proxies. In this environment we
use https at the frontend which is 'converted' to http requests
on the inside which are handled by the apache proxies. The problem
is that mod_proxy (as in apache 1.3.26) cannot reverse map to
urls outside it's own apache configuration. Because at different
places after the proxy, redirects are sent which need to be
rewritten to : https://fontend-address.com/
mod_proxy uses the apache URL construction routines is not
possible (it will always map to http://
For this to be possible I created a small patch which does a
check on the 'fake' url if it contains a '://' and if so it
will use that as the first part and only pastes the additional
uri to that. If not, it just uses the apache url construction
routine as its default.
i.e. instead of a mapping like:
ProxyPassReverse /app/ http://internal-host:567/app
which will map to : http://
it uses :
ProxyPassReverse https://frontend-address/app/
http://internal-host:567/app
which will map to the fixed URL supplied (the first part that is)
My question to you all is : am I making sense ? Can this be
incorporated in future releases ? As far as I can see this is
only added value and no other fake url will contain '://' unless
it is meant as fixed anyway.
I'd greatly appreciate any comments :)
Greetings,
Martijn Schoemaker
--
------ WARNING: This signature contains a VIRUS ! -------
- SHLRUIOHUIOWHLNNMSKHKDLWINDOWSJHFHKJLLUIHEKJLNDHKKJHL -
---------------------------------------------------------
--------------316AD6FC050DE2639C278E4A
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Martijn Schoemaker and I so programming/systemadmin/everything
*nix as my daytime job.
(too complex imho) proxy environment. This constists of
netscape proxies, ssl accelerators, netcache appliances, layer-4
switched and ofcourse apache proxies. In this environment we
use https at the frontend which is 'converted' to http requests
on the inside which are handled by the apache proxies. The problem
is that mod_proxy (as in apache 1.3.26) cannot reverse map to
urls outside it's own apache configuration. Because at different
places after the proxy, redirects are sent which need to be
rewritten to : <things> but because
mod_proxy uses the apache URL construction routines is not
possible (it will always map to <ServerName>/<rest>).
check on the 'fake' url if it contains a '://' and if so it
will use that as the first part and only pastes the additional
uri to that. If not, it just uses the apache url construction
routine as its default.
ProxyPassReverse /app/
it uses :
incorporated in future releases ? As far as I can see this is
only added value and no other fake url will contain '://' unless
it is meant as fixed anyway.
Martijn Schoemaker
--
------ WARNING: This signature contains a VIRUS ! -------
- SHLRUIOHUIOWHLNNMSKHKDLWINDOWSJHFHKJLLUIHEKJLNDHKKJHL -
---------------------------------------------------------
--------------316AD6FC050DE2639C278E4A--
--------------602A59ACBD86B39B01DB1037
Content-Type: text/plain; charset=us-ascii;
name="full_revproxy.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="full_revproxy.patch"
*** proxy_http.c.orig Thu Jul 25 17:23:00 2002
--- proxy_http.c Fri Jul 26 13:38:59 2002
***************
*** 129,139 ****
ent = (struct proxy_alias *)conf->raliases->elts;
for (i = 0; i < conf->raliases->nelts; i++) {
l2 = strlen(ent[i].real);
if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
! return ap_construct_url(r->pool, u, r);
}
}
return url;
}
--- 129,146 ----
ent = (struct proxy_alias *)conf->raliases->elts;
for (i = 0; i < conf->raliases->nelts; i++) {
l2 = strlen(ent[i].real);
if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
! /* If a :// is in the fake URL (i.e to be reversed URL)
! * we trust that the fake is a complete URL and we pass
! * it as-is. This allows reverse mapping for other hosts
! * that are upwards in the proxy-chain.
! */
! if (strstr(ent[i].fake, "://"))
! return u;
! else return ap_construct_url(r->pool, u, r);
}
}
return url;
}
--------------602A59ACBD86B39B01DB1037--