httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Petr Hracek <phrac...@gmail.com>
Subject My own module and catching Proxy Request
Date Fri, 23 Apr 2010 14:49:46 GMT
Authorization is based on username/password stored in database.
First of all I authenticate user and afterwards redirection is done.

I have following RewriteRule but it does not work at all.

RewriteRule ^/([^/]+)$              ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)  ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
which is used for my module and
in location is:
<Location "/PAC/">
    ProxyPass   http://192.168.187.150:8080/PACCBAdmin
    ProxyPassReverse    http://192.168.187.150:8080/PACCBAdmin/

    ProxyPassReverseCookiePath  /PACCBAdmin    /PAC
        Order Allow,Deny
        Allow from all
</Location>

I hope that it is correct.
BR

Petr

2010/4/23 Jeffrey E Burgoyne <burgoyne@keenuh.com>

> I think that would require two modules as the authorization and redirect
> hooks happen at different phases. I've actually written modules for both
> of these phases, it is pretty easy as far as modules go. And remember, the
> authorization module will ALWAYS be called before the redirection modules,
> so you already know if you hit your redirection module that authorization
> was correct.
>
> You may not, however, have to write a module. You may be able to use one
> of the already provided auth modules plus mod_rewrite to do this.
>
> Now your authorization, is it based on a username/password, or some other
> restriction (i.e. connecting IP)?
>
> If username/password, is it basic authentication controlled? If not, I've
> no experience in that area. If it is, then what is the DB used?
>
>
> > Thanks but I forgott to mentioned that my module makes an authorization
> > against database and I would like to catch that if user access some proxy
> > than first of all he has to be authorized by my module and afterwards it
> > will be redirect to the proxy. Is it possible to do that somehow?
> >
> > Thanks
> >
> > 2010/4/23 Jeffrey E Burgoyne <burgoyne@keenuh.com>
> >
> >> I'm not using it in a specific module, although you easily could.
> >>
> >> I'm not at work today, but it goes something like this :
> >>
> >> I want to force all hits to go through our front end web server which
> >> acts
> >> as a reverse proxy to the back end apache server. The logic is if there
> >> is
> >> no X_FORWARDED_FOR (meaning it was not proxied), then redirect the hit
> >> to
> >> the front end reverse proxy server. I used the logic that if the
> >> X_FORWARDED_FOR did not start with 1-9 then it was not a valid proxied
> >> request :
> >>
> >> RewriteCond   %{X_FORWARDED_FOR} !^[1-9]
> >> RewriteRule   /(.*) http://proxiedhost.ca/$1 [R,L]
> >>
> >>
> >> For your module you can access the headers from the request pool and
> >> look
> >> for X_FORWARDED_FOR.
> >>
> >> Note it may be more complicated depending on your setup. Some load
> >> balancers put that value into the HTTP stream, so you may have to
> >> account
> >> for that. If it runs through multiple proxies (perhaps including a load
> >> balancer), the IP's will be list form comma seperated.
> >>
> >> Note too I have DNS lookups off, so if you have them on I suspect you
> >> would get the DNS name, not the IP, but I cannot say with 100%
> >> certainty.
> >>
> >>
> >> for example,
> >>
> >> if a client from 192.168.2.10 access 10.10.10.10, the web server sees :
> >>
> >> connecting IP - 192.168.2.10
> >> X_FORWARDED_HEADER - blank
> >>
> >> If the server at 10.10.10.10 proxies to 10.20.20.20 the web server at
> >> the
> >> .20 address sees :
> >>
> >> connecting IP - 10.10.10.01
> >> X_FORWARDED_HEADER - 192.168.2.10
> >>
> >>
> >>
> >>
> >>
> >>
> >> > How do you have configured RewriteRule together with your own module?
> >> > Could you please send me more details or example?
> >> >
> >> > Thanks
> >> > Petr
> >> >
> >> > 2010/4/23 Jeffrey E Burgoyne <burgoyne@keenuh.com>
> >> >
> >> >> I use the environment variable X_FORWARDED_FOR
> >> >>
> >> >>
> >> >> http://en.wikipedia.org/wiki/X-Forwarded-For
> >> >>
> >> >>
> >> >> with mod_rewrite to determine if it came via a proxy or not.
> >> >>
> >> >> It may be of use to you.
> >> >>
> >> >>
> >> >>
> >> >> > 2010/4/22 Petr Hracek <phracek2@gmail.com>
> >> >> >
> >> >> >> Hello *,
> >> >> >>
> >> >> >> I hope that I am sending those question to the correct discussion
> >> >> list.
> >> >> >>
> >> >> >> In my Apache2 (2.2.3) configuration file I have:
> >> >> >> <VirtualHost _default_:443>
> >> >> >> SSLEngine on
> >> >> >> DocumentRoot "/opt/apache/htdocs/ssldocs"
> >> >> >> ProxyPass       /PAC/   http://192.168.187.101:8080/PACCBAdmin
> >> >> >> ProxyPassReverse    /PAC/
> >> >> http://192.168.187.150:8080/PACCBAdmin/
> >> >> >> RewriteEngine on
> >> >> >> RewriteCond %{REQUEST_METHOD} ^TRACE
> >> >> >> RewriteRule .* - [F]
> >> >> >> RewriteMap unity txt:/opt/apache/conf/unity.map
> >> >> >> RewriteRule ^/([^/]+)$              ${unity:$1|/$1} [L]
> >> >> >> RewriteRule ^/([^/]+)/(.*)
> >> >> ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> >> >> >> [L]
> >> >> >> RewriteLog "/var/log/apache2/rewrite_log"
> >> >> >> RewriteLogLevel 3
> >> >> >>
> >> >> >> <Location "/PAC/">
> >> >> >>     ProxyPassReverseCookiePath /PACCBAdmin /PAC
> >> >> >>     Order Allow,Deny
> >> >> >>     Allow from all
> >> >> >> </Location>
> >> >> >>
> >> >> >> </VirtualHost>
> >> >> >>
> >> >> >> In the my modules which takes care about AAA, Security issues,
> >> etc.
> >> >> >> I would like to catch in my module when URL contains /PAC/
(which
> >> >> means
> >> >> >> that this is proxy) than it tell to module that this request
is
> >> not a
> >> >> >> bussiness for them.
> >> >> >> Is it possible to do that somehow?
> >> >> >> I have found that r->proxyreq contains if the Request is
Proxy or
> >> >> not.
> >> >> >>
> >> >> >> Thank you in advance
> >> >> >> --
> >> >> >> Best Regards / S pozdravem
> >> >> >> Petr Hracek
> >> >> >>
> >> >> >
> >> >> > Hello *,
> >> >> >
> >> >> > May be I have asked wrongly.
> >> >> >
> >> >> > How can I detect if the request from browser if Proxy or not?
> >> >> > How should I configure apache for that case?
> >> >> >
> >> >> > --
> >> >> > Best Regards / S pozdravem
> >> >> > Petr Hracek
> >> >> >
> >> >>
> >> >>
> >> >> --
> >> >> Jeffrey Burgoyne
> >> >> Chief Technology Officer
> >> >> KCSI Keenuh Consulting Services Inc
> >> >> www.keenuh.com
> >> >> burgoyne@keenuh.com
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > Best Regards / S pozdravem
> >> > Petr Hracek
> >> >
> >>
> >>
> >> --
> >> Jeffrey Burgoyne
> >> Chief Technology Officer
> >> KCSI Keenuh Consulting Services Inc
> >> www.keenuh.com
> >> burgoyne@keenuh.com
> >>
> >>
> >>
> >
> >
> > --
> > Best Regards / S pozdravem
> > Petr Hracek
> >
>
>
> --
> Jeffrey Burgoyne
> Chief Technology Officer
> KCSI Keenuh Consulting Services Inc
> www.keenuh.com
> burgoyne@keenuh.com
>
>
>


-- 
Best Regards / S pozdravem
Petr Hracek



-- 
Best Regards / S pozdravem
Petr Hracek

Mime
View raw message