httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Forward port 443 requests, but use mod_rewrite on port 80 requests
Date Wed, 19 Apr 2006 06:25:39 GMT
 

> -----Original Message-----
> From: Browne, Anthony A [mailto:aabrowne@widernet.org] 
> Sent: Dienstag, 18. April 2006 18:29
> 
> No, I am trying to figure out how to separate the two 
> different request streams.

I did read your description below and I think I get it:

if (HTTP)
	if (mirrored)
		serve from cache
	else
		fetch from web
else if (HTTPS)
	fetch from web

Is that right? Your problem is that you have only a main config that is handling all requests
through the same ruleset. HTTPS requests can't be rewritten because you can't decrypt them
- you can only proxy HTTPS traffic using the CONNECT method and in this case the packets are
passed through the proxy untouched (apache routes them using only their TCP/IP attributes
so you can't see the URI or hostname or whatever).

I think splitting your traffic between two port-based VHs should work, something like:

# HTTPS
<VirtualHost *:443> 
	ProxyRequests on
</VirtualHost>

#HTTP
<VirtualHost *:80> 
	... mod_rewrite stuff
</VirtualHost>

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> My config is as follows:
> 
> 1) 	The workstations on our LAN have IE configured to use the Apache
> 	Server as a proxy
> 2)	The Apache listens on 80
> 3) 	The workstations request items from hosts they believe 
> are valid,
> 	but are actually in a folder on the Apache server 
> (several million 	sites are mirrored by our company to 
> save bandwidth and to monitor 
> 	ALL outgoing requests-- workstations have only been 
> allowed to receive 	this mirrored content). We implement 
> this using mod_rewrite and 	rewriting all requests to 
> /webfolder/servername/requesturi.
> 4)	Our specification changed and now, we need to support 
> workstation 	requests for items not in our mirrored web 
> content folder (i.e., we 	now want to let our 
> workstations be able to surf the Internet using 	our proxy).
> 5)	However, we need requests that we have a mirror for to 
> be served, 
> 	rather than proxied. This means we must check to see if 
> they exist in 	our web content folder BEFORE WE TRY TO 
> PROXY THEM. This is what the 	specification is.
> 6)	So far, we have been rewriting the request back to its 
> original form,
> 	if it doesn't exist in the web content folder, and 
> trying to use the 	[P] flag to proxy it, but this does not 
> work for https. It 	works for 	port 80 content, but 
> mod_rewrite does't correctly store the uri for 	https. 
> For example, trying:
> 
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
> RewriteRule ^/(.*)$ - [S=2]
> 
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
> RewriteCond %{SERVER_PORT} 80
> RewriteRule ^(.*)$ 
> http://${lowercase:%{SERVER_NAME}}%{REQUEST_URI}%{QUERY_STRING
} [P,S=1]	
> 
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
> RewriteCond %{SERVER_PORT} 443
> RewriteRule ^/(.*) 
> https://%{SERVER_NAME}%{REQUEST_URI}%{QUERY_STRING}  [P] 
> 
> 	always proxies 'https://serverName/' with no uri or qs.
> 
> So, this is why we wanted to just pass through port 443 
> requests so that we didn't have to deal with this issue. 
> Using 'ProxyRequests on' works, but then you can't use 
> mod_rewrite. Any suggestions would be helpful.
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> Sent: Tuesday, April 18, 2006 4:14 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Forward port 443 requests, but use 
> mod_rewrite on port 80 requests
> 
> > -----Original Message-----
> > From: Anthony Browne [mailto:aabrowne@widernet.org] 
> > Sent: Montag, 17. April 2006 21:59
> > 
> > Is there a way to use ProxyPass to forward items based on the 
> > port number of the request? I want to forward all requests 
> > that use port 443 with ProxyPass (so that I can use 
> > mod_rewrite on all port 80 requests). Is this possible, or do 
> > I need to implement this in mod_rewrite?
> 
> Do you not already have two port-based VHs? One on port 80 
> and one on port 443? If so, there is no problem since the two 
> VHs clearly separate the two request streams.
> 
> If this isn't clear to you, post back some more details of 
> your config... Specifically, how do you separate HTTP and 
> HTTPS traffic?
>  
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> > 
> > Also, I can't use 'ProxyRequests on' because this won't let 
> > me use mod_rewrite when a port 80 request comes in 
> > (mod_rewrite is always applied last). If I need to do this 
> > with mod_rewrite, does anyone have any suggestions as to what 
> > I need to do? 
> > 
> >                         
> > 
> >                         Thanks
> > 
> >  
> > 
> > 
> 
> Diese E-mail ist eine private und persönliche Kommunikation. 
> Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der 
> SWX Gruppe. This e-mail is of a private and personal nature. 
> It is not related to the exchange or business activities of 
> the SWX Group. Le présent e-mail est un message privé et 
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
>  
>  
> This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message