httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Browne, Anthony A" <aabro...@widernet.org>
Subject RE: [users@httpd] Forward port 443 requests, but use mod_rewrite on port 80 requests
Date Tue, 18 Apr 2006 16:28:36 GMT
> Do you not already have two port-based VHs? One on port 80 and one on port > 443? If
so, there is no problem since the two VHs clearly separate the two > request streams.
> 
> If this isn't clear to you, post back some more details of your config... > Specifically,
how do you separate HTTP and HTTPS traffic?

No, I am trying to figure out how to separate the two different request streams.

My config is as follows:

1) 	The workstations on our LAN have IE configured to use the Apache
	Server as a proxy
2)	The Apache listens on 80
3) 	The workstations request items from hosts they believe are valid,
	but are actually in a folder on the Apache server (several million 	sites are mirrored by
our company to save bandwidth and to monitor 
	ALL outgoing requests-- workstations have only been allowed to receive 	this mirrored content).
We implement this using mod_rewrite and 	rewriting all requests to /webfolder/servername/requesturi.
4)	Our specification changed and now, we need to support workstation 	requests for items not
in our mirrored web content folder (i.e., we 	now want to let our workstations be able to
surf the Internet using 	our proxy).
5)	However, we need requests that we have a mirror for to be served, 
	rather than proxied. This means we must check to see if they exist in 	our web content folder
BEFORE WE TRY TO PROXY THEM. This is what the 	specification is.
6)	So far, we have been rewriting the request back to its original form,
	if it doesn't exist in the web content folder, and trying to use the 	[P] flag to proxy it,
but this does not work for https. It 	works for 	port 80 content, but mod_rewrite does't correctly
store the uri for 	https. For example, trying:

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^/(.*)$ - [S=2]

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ http://${lowercase:%{SERVER_NAME}}%{REQUEST_URI}%{QUERY_STRING} [P,S=1]


RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
RewriteCond %{SERVER_PORT} 443
RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI}%{QUERY_STRING}  [P] 

	always proxies 'https://serverName/' with no uri or qs.

So, this is why we wanted to just pass through port 443 requests so that we didn't have to
deal with this issue. Using 'ProxyRequests on' works, but then you can't use mod_rewrite.
Any suggestions would be helpful.

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: Tuesday, April 18, 2006 4:14 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Forward port 443 requests, but use mod_rewrite on port 80 requests

> -----Original Message-----
> From: Anthony Browne [mailto:aabrowne@widernet.org] 
> Sent: Montag, 17. April 2006 21:59
> 
> Is there a way to use ProxyPass to forward items based on the 
> port number of the request? I want to forward all requests 
> that use port 443 with ProxyPass (so that I can use 
> mod_rewrite on all port 80 requests). Is this possible, or do 
> I need to implement this in mod_rewrite?

Do you not already have two port-based VHs? One on port 80 and one on port 443? If so, there
is no problem since the two VHs clearly separate the two request streams.

If this isn't clear to you, post back some more details of your config... Specifically, how
do you separate HTTP and HTTPS traffic?
 
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> Also, I can't use 'ProxyRequests on' because this won't let 
> me use mod_rewrite when a port 80 request comes in 
> (mod_rewrite is always applied last). If I need to do this 
> with mod_rewrite, does anyone have any suggestions as to what 
> I need to do? 
> 
>                         
> 
>                         Thanks
> 
>  
> 
> 

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message