httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fernando Montenegro <fsmontene...@gmail.com>
Subject [users@httpd] How to change HTTP headers in Apache 2.0.53?
Date Mon, 21 Mar 2005 04:07:22 GMT
Hi everyone,

Does anyone know of a way to edit HTTP Header variables as they are
passed to a CGI being executed? Here's the background: we're adding a
reverse proxy to secure a Web application. This application makes use
of several HTTP headers (REMOTE_ADDR, HTTPS, SSL_CIPHER_KEYSIZE and
many others) and uses this information not only inside the CGI code
running on the web server but all the way back to the back-end.
Rewriting the application to look in new headers (X-Forwaded-for, for
example) is not an option at this time.

The architecture we have is:
- Apache 2.0.53 on Linux (Debian)
- "OUTSIDE" web server is SSL-enabled and listens for connections from
browsers The server is configured to provide static content but use
Apache's reverse proxy features to send CGI requests to a back-end
server (either via the Proxy directive or via RewriteRule and Proxy).
- "INSIDE" web server receives connection from outside server over
regular HTTP and executes the CGIs as needed.

The issue we are having is that some of the variables the INSIDE
server is passing to the CGI actually reflect the intermediary
connection from the OUTSIDE server and not the data from the client.
For example, REMOTE_ADDR may be 127.0.0.1 (both Web instances are
running on same
server) instead of a remote client address. This is, of course,
"proper" behaviour for a Web server, but we need a way of tricking it
into responding with the information from the 'original' request. I
know we can pass the 'original' information in temporary headers by
using 'RequestHeader' on the OUTSIDE server, but I can't find a way of
configuring the INSIDE server to overwrite the variables with the data
we need...

Ideally, what I'd do is I would configure the OUTSIDE server to pass
the variables we need in HTTP_* variables and have the INSIDE server
overwrite the "real" variables (REMOTE_ADDR, HTTPS, etc...) with the
values from those HTTP_* variables.

Writing an intermediary CGI that would take the headers and modify
before sending to the customer's CGI is not something we want to do,
as performance in this environment is critical.

Any suggestions? I looked at mod_rewrite, but that is for URL
rewriting, not for modifying the variables.

Thanks!!!

Cheers,
Fernando
-- 
Fernando Montenegro, CISSP - fsmontenegro@gmail.com
Markham, ON, Canada

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message