httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Hiding directory from the browser address field
Date Fri, 04 Aug 2006 09:09:26 GMT
 

> -----Original Message-----
> From: José Euclides Silva Junior [mailto:euclidesjr2005@gmail.com] 
> Sent: Thursday, August 03, 2006 7:23 PM
> To: Boyle Owen

Please stay on-list.

> Subject: Re: [users@httpd] Hiding directory from the browser 
> address field
> 
> Thank you, Boyle. But, even if i use Proxypass then the 
> browser's address bar will  show the app directory, since the 
> target app is there. Am i right?

No. The server gets the content from the back-end and sends it to the client. The client doesn't
know the content is proxied.

Why don't you try the experiment instead of worrying about the theory?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> Euclides.
> 
> 
>  
> 2006/8/3, Boyle Owen <Owen.Boyle@swx.com>: 
> 
> 
> 
> 	> -----Original Message-----
> 	> From: José Euclides Silva Junior [mailto: 
> euclidesjr2005@gmail.com <mailto:euclidesjr2005@gmail.com> ]
> 	> Sent: Thursday, August 03, 2006 4:51 PM
> 	> To: users@httpd.apache.org; Boyle Owen
> 	> Subject: Re: [users@httpd] Hiding directory from the browser 
> 	> address field
> 	>
> 	> Are you really sure? As you have written, there isnt anyway
> 	> to forward a http request? I thought that i could try
> 	> something like "mod_rewrite"that would forward the request to 
> 	> the destination(same Web Server but another directory)
> 	> without browser's notification.
> 	
> 	Then you're talking about proxying, not redirecting... 
> (I can only answer the question you ask, not the question you 
> meant to ask). 
> 	
> 	Read 
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
> 	
> 	NB - you can proxy to the same server... ie, the 
> front-end can be its own back-end. 
> 	
> 	Rgds,
> 	Owen Boyle
> 	Disclaimer: Any disclaimer attached to this message may 
> be ignored.
> 	
> 	> Thanks Boyle.
> 	>
> 	>
> 	>
> 	> 2006/8/3, Boyle Owen <Owen.Boyle@swx.com >:
> 	>
> 	>       > -----Original Message-----
> 	>       > From: José Euclides Silva Junior [mailto:
> 	> euclidesjr2005@gmail.com <mailto: 
> euclidesjr2005@gmail.com <mailto:euclidesjr2005@gmail.com> > ]
> 	>       > Sent: Wednesday, August 02, 2006 10:42 PM
> 	>       > To: users@httpd.apache.org
> 	>       > Subject: [users@httpd ] Hiding directory from the
> 	> browser address field
> 	>       >
> 	>       >
> 	>       >
> 	>       > ---------- Forwarded message ----------
> 	>       > From: José Euclides Silva Junior < 
> euclidesjr2005@gmail.com>
> 	>       > Date: 02/08/2006 17:17
> 	>       > Subject: Hiding directory from the browser 
> address field
> 	>       > To: users-info@httpd.apache.org 
> <mailto:users-info@httpd.apache.org> 
> 	>       >
> 	>       >
> 	>       > Hi guys,
> 	>       > i need to hide the application(Java) root 
> directory from the
> 	>       > browser, as you can see at these steps example: 
> 	>       > 1) Http request: www.xxxx.com <http://www.xxxx.com/>
> 	>       > 2) Apache runs module Alias: redirect 
> www.xxxx.com <http://www.xxxx.com> 
> 	>       > <http://www.xxxx.com/>  to www.xxxx.com/somedir/
> 	>       > < http://www.xxxx.com/somedir/ 
> <http://www.xxxx.com/somedir/> 
> 	> <http://www.xxxx.com/somedir/> >
> 	>       > 3) App runs and Apache returns www.xxxx.com/somedir/ 
> 	> to the browser
> 	>
> 	>       You are a bit confused about the relationship between
> 	> what the browser display in its location bar and what apache
> 	> sends. Apache doesn't send the contents of the location bar - 
> 	> the browser just displays the URL it requested from the
> 	> server. Here's how it works:
> 	>
> 	>       1) User types in http://server/
> 	>       2) browser looks up server in DNS, sends request "GET 
> 	> /", location bar reads http://server/.
> 	>       3) server gets request, sees it has a redirect rule so
> 	> responds 301 Redirect to http://server/dir 
> 	>       4) browser gets redirect, makes new request "GET /dir",
> 	> location bar now reads http://server/dir.
> 	>       5) server gets this request, fetches content, 
> sends it back 
> 	>       6) browser gets content and displays it
> 	>       7) location bar still reads http:/server/dir since
> 	> that's the last thing browser requested.
> 	>
> 	>       So there is no way to do exactly what you want - the 
> 	> server can't control what the browser displays.
> 	>
> 	>       However, you may have visited a site that seemed to do
> 	> that and are wondering how it worked? It cheated and used
> 	> frames. You basically have a single page at http://server/
> 	> that contains a big frame and the frame URL is for the
> 	> internal content ( http://server/dir). So as you navigate
> 	> through the site, the top level URL doesn't change and all 
> 	> the navigation is handled in the frame (and usually some
> 	> javascript). The details are out-of-scope on this list (check
> 	> a frames how-to if you want more info).
> 	>
> 	>       Note that this "solution" only prevents the URLs 
> 	> appearing in the location bar. They are still visible to the
> 	> user if he happens to "view-source" and read the HTML... So
> 	> this isn't any form of security and is only cosmetic.
> 	>
> 	>       Rgds,
> 	>       Owen Boyle
> 	>       Disclaimer: Any disclaimer attached to this message may
> 	> be ignored.
> 	>
> 	>       >
> 	>       > But, at this thime(step 3) i need to alter 
> some http header 
> 	>       > field, because Apache must JUST return " www.xxxx.com
> 	>       > <http://www.xxxx.com/> " to the browser, instead of " 
> 	>       > www.xxxx.com/somedir 
> <http://www.xxxx.com/somedir> ". How
> 	>       > coud i do it? Any alias ou rewrite directive 
> available? 
> 	>       > Thanks in advance, Euclides.
> 	>       >
> 	>
> 	>
> 	>       This message is for the named person's use only. It may
> 	> contain confidential, proprietary or legally privileged
> 	> information. No confidentiality or privilege is waived or
> 	> lost by any mistransmission. If you receive this message in
> 	> error, please notify the sender urgently and then immediately
> 	> delete the message and any copies of it from your system. 
> 	> Please also immediately destroy any hardcopies of the
> 	> message. You must not, directly or indirectly, use, disclose,
> 	> distribute, print, or copy any part of this message if you
> 	> are not the intended recipient. The sender's company reserves 
> 	> the right to monitor all e-mail communications through their
> 	> networks. Any views expressed in this message are those of
> 	> the individual sender, except where the message states
> 	> otherwise and the sender is authorised to state them to be 
> 	> the views of the sender's company.
> 	>
> 	>
> 	> 
> ---------------------------------------------------------------------
> 	>       The official User-To-User support forum of the Apache
> 	> HTTP Server Project. 
> 	>       See <URL:http://httpd.apache.org/userslist.html 
> > for more info.
> 	>       To unsubscribe, e-mail: 
> users-unsubscribe@httpd.apache.org 
> <mailto:users-unsubscribe@httpd.apache.org> 
> 	>         "   from the digest:
> 	> users-digest-unsubscribe@httpd.apache.org
> 	> <mailto: users-digest-unsubscribe@httpd.apache.org 
> <mailto:users-digest-unsubscribe@httpd.apache.org> >
> 	>       For additional commands, e-mail: 
> users-help@httpd.apache.org
> 	>
> 	>
> 	>
> 	>
> 	>
> 	
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message