httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ernst Jan Plugge <>
Subject Re: connection level filter that redirects to internal SSL site
Date Tue, 30 Jan 2007 17:56:37 GMT
On Tue, 30 Jan 2007, Bogdan Ribic wrote:

> Hi all,

>  I have a question - would it be possible to intercept an incomming 
>request, figure out if it is a proxy CONNECT request for remote https 
>server and then redirect to a local SSL site.

>  Specifically, can this be accomplished through a connection level 
>filter, for example by pulling enough data from user request to figure out 
>if it was a CONNECT request to an https url and if it is pull the request 
>header, then make a sub-request to local https site.

Yes, it's possible, but probably not the best approach. I needed something 
similar, and I did it by replacing proxy_connect.c with a customized 
version that can redirect CONNECT requests to other hosts. I'm guessing 
that's the best approach to do what you need.

Attached is a diff against 2.0.54 of my new module. Should apply cleanly 
to any recent 2.0.x, and with a little work to 2.2.x as well.

It introduces a new server configuration directive "ConnectRedirect":

ConnectRedirect <hostname> <hostname> <port>

For example, "ConnectRedirect localhost 4443" will 
redirect CONNECT requests for to localhost, on port 4443.
Using * for the first hostname implements a wildcard redirect.

Hope this is useful.

Ernst Jan
View raw message