httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Redirect host
Date Tue, 21 Jan 2003 08:34:54 GMT
A word about terminology first: If you "Redirect" from A to B, this
means that when the client requests A, the server replies with a 301 or
302 message which contains a new URL to B. The client then requests B
and gets a 200 OK along with whatever content is in B. The significant
thing is that the client is *aware* that the URL has changed and,
indeed, the location bar will show the new URL. A prerequisite for
redirecting to work is that both A and B are accessible from the client.
Now, you state that your secure server is "inside" your network. Does
that mean the client cannot access it directly? If he cannot, then you
cannot redirect to it.

However, you can make a proxy connection to it.  In this case, the
server is told that when asked for resource A, it should fetch resource
B and return it to the client directly. Thus the client asks for A and
immediately gets a 200 OK and a bunch of content which, as far as it
knows, is A. Only the server knows that the content really came from B.
Obviously, the URL in the location window doesn't change.

Maybe you already knew that, but I just wanted to be clear that
redirecting and proxying are different things. Anyway, back to your
problem (I assume that we are talking about proxying):

The idea is you define a URL path which points to another host which
your server can access, e.g.

ProxyPass		/site http://www.insidesite.com
ProxyPassReverse	/site http://www.insidesite.com

N.B. The ProxyPassReverse directive is needed to allow self-referential
URLS from the insidesite.

This will now map http://outsidesite/site to insidesite.

For the other domain-name, you need to make a separate virtual host and
map its document root to insidesite, e.g.

<VirtualHost ip-addr>
  ServerName		myinsidesite.mydomain.com
  ProxyPass			/	http://www.insidesite.com
  ProxyPassReverse	/	http://www.insidesite.com
</VirtualHost>

CAVEAT:

You mentioned the word "secure" below... It wasn't clear if you meant
that insidesite is a normal HTTP site which is secure because it is not
accessible from the Internet or if you meant it is an SSL site. If it is
HTTP then what I've said so far is accurate.

However, if it's an SSL site, all bets are off! Technically, you can
proxy an SSL site via HTTP but it's pointless since the SSL channel will
only exist between the proxy server and the SSL server. The channel
between the client and the proxy will be plain HTTP. You can proxy SSL
all the way, but then you need the proxy server to be SSL-aware as well.
Rgds,

Owen Boyle
-----Original Message-----
From: Marc Sivak [mailto:msivak@lopezfoods.com]
Sent: Montag, 20. Januar 2003 18:03
To: users@httpd.apache.org
Subject: [users@httpd] Redirect host


This has probably been brought up before, big surprise, but I am unable
to find anything in the archives that matches my setup

I am a newbie, so please bear with me

I have set up an apache webserver to server our basic web pages to the
outside world, no real issues there.
www.mydomain.com

What I want to do is to redirect a virtual server content to a secure
server inside of my network such as:

www.mydomain.com/site  needs to go to www.insidesite.com
as well as by host record:
myinsidesite.mydomain.com

I have reviewed the reverse proxy configs, but seem to keep getting
lost, any suggestions?


Marc Sivak
Lopez Foods, Inc.
Network Engineer

MSivak@LopezFoods.Com
405-789-7500 ext 105

9500 NW 4th st
Oklahoma City OK 73127

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message