httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject cvs commit: httpd-docs-1.3/htdocs/manual/misc rewriteguide.html
Date Thu, 27 Sep 2001 16:49:16 GMT
martin      01/09/27 09:49:16

  Modified:    htdocs/manual/misc rewriteguide.html
  Log:
  An added paragraph about how to limit proxying to a given list of
  allowed target sites only. (Usually, the reverse case is shown:
  limit by client, or block access to certain target sites).
  
  Revision  Changes    Path
  1.12      +73 -1     httpd-docs-1.3/htdocs/manual/misc/rewriteguide.html
  
  Index: rewriteguide.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/rewriteguide.html,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- rewriteguide.html	2001/09/27 16:08:43	1.11
  +++ rewriteguide.html	2001/09/27 16:49:16	1.12
  @@ -1748,6 +1748,78 @@
   </DL>
   
   <P>
  +<H2>URL-Restricted Proxy</H2>
  +<P>
  +
  +<DL>
  +<DT><STRONG>Description:</STRONG>
  +<DD>
  +How can we restrict the proxy to allow access to a configurable set of
  +internet sites only? The site list is extracted from a prepared bookmarks file.
  +
  +<P>
  +<DT><STRONG>Solution:</STRONG>
  +<DD>
  +We first have to make sure mod_rewrite is below(!) mod_proxy in the
  +<CODE>Configuration</CODE> file when compiling the Apache webserver
  +(or in the <CODE>AddModule</CODE> list of <CODE>httpd.conf</CODE>
  +in the case of dynamically loaded modules), as it must get called
  +<em>_before_</em> mod_proxy.
  +<P>
  +For simplicity, we generate the site list as a textfile map (but see the
  +<a href="../mod/mod_rewrite.html#RewriteMap">mod_rewrite documentation</a>
  +for a conversion script to DBM format). A typical Netscape bookmarks file
  +can be converted to a list of sites with a shell script like this:
  +<P><TABLE BGCOLOR="#E0E5F5" BORDER="0" CELLSPACING="0" CELLPADDING="5"><TR><TD><PRE>
  +#!/bin/sh
  +cat ${1:-~/.netscape/bookmarks.html} |
  +tr -d '\015' | tr '[A-Z]' '[a-z]' | grep href=\" |
  +sed -e '/href="file:/d;' -e '/href="news:/d;' \
  +    -e 's|^.*href="[^:]*://\([^:/"]*\).*$|\1 OK|;' \
  +    -e '/href="/s|^.*href="\([^:/"]*\).*$|\1 OK|;' |
  +sort -u
  +</PRE></TD></TR></TABLE>
  +
  +<P>We redirect the resulting output into a text file called
  +<CODE>goodsites.txt</CODE>. It now looks similar to this:
  +<P><TABLE BGCOLOR="#E0E5F5" BORDER="0" CELLSPACING="0" CELLPADDING="5"><TR><TD><PRE>
  +www.apache.org OK
  +xml.apache.org OK
  +jakarta.apache.org OK
  +perl.apache.org OK
  +...
  +</PRE></TD></TR></TABLE>
  +
  +<P>We reference this site file within the configuration for the
  +<CODE>VirtualHost</CODE> which is responsible for serving as a proxy
  +(often not port 80, but 81, 8080 or 8008).
  +
  +<P><TABLE BGCOLOR="#E0E5F5" BORDER="0" CELLSPACING="0" CELLPADDING="5"><TR><TD><PRE>
  +&lt;VirtualHost *:8008&gt;
  +  ...
  +  RewriteEngine   On
  +  # Either use the (plaintext) allow list from goodsites.txt
  +  RewriteMap      ProxyAllow   txt:/usr/local/apache/conf/goodsites.txt
  +  # Or, for faster access, convert it to a DBM database:
  +  #RewriteMap     ProxyAllow   dbm:/usr/local/apache/conf/goodsites
  +  # Match lowercased hostnames
  +  RewriteMap      lowercase    int:tolower
  +  # Here we go:
  +  # 1) first lowercase the site name and strip off a :port suffix
  +  RewriteCond  ${lowercase:%{HTTP_HOST}}    ^([^:]*).*$
  +  # 2) next look it up in the map file.
  +  #    "%1" refers to the previous regex.
  +  #    If the result is "OK", proxy access is granted.
  +  RewriteCond  ${ProxyAllow:%1|DENY}        !^OK$          [NC]
  +  # 3) Disallow proxy requests if the site was _not_ tagged "OK":
  +  RewriteRule  ^proxy:                      -              [F]
  +  ...
  +&lt;/VirtualHost&gt;
  +</PRE></TD></TR></TABLE>
  +
  +</DL>
  +
  +<P>
   <H2>Proxy Deny</H2>
   <P>
   
  @@ -1762,7 +1834,7 @@
   <DD>
   We first have to make sure mod_rewrite is below(!) mod_proxy in the
   <CODE>Configuration</CODE> file when compiling the Apache webserver.  This
way it
  -gets called _before_ mod_proxy. Then we configure the following for a
  +gets called <em>_before_</em> mod_proxy. Then we configure the following for
a
   host-dependend deny...
   
   <P><TABLE BGCOLOR="#E0E5F5" BORDER="0" CELLSPACING="0" CELLPADDING="5"><TR><TD><PRE>
  
  
  

Mime
View raw message