httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John king" <johnkin...@gmail.com>
Subject Re: [users@httpd] Apache 2 mod_proxy & mod_rewrite questions
Date Thu, 28 Sep 2006 21:14:14 GMT
Where is your server cert installed? If it is installed on the reverse proxy
server, do you decrypte the incoming HTTPS
traffic and re-encrypte it again in the proxy server before sending it to
the next host?

On 9/28/06, Jeff DeFord <jeff.deford@gmail.com> wrote:
>
> Not sure if that would work since all requests are HTTPS...
> Can you elaborate?
>
> Here are the modules I compiled in when I built Apache:
> # ./httpd -l
> Compiled in modules:
>   core.c
>   mod_access.c
>   mod_auth.c
>   mod_log_config.c
>   mod_headers.c
>   mod_setenvif.c
>   mod_proxy.c
>   proxy_connect.c
>   proxy_ftp.c
>   proxy_http.c
>   mod_ssl.c
>   prefork.c
>   http_core.c
>   mod_mime.c
>   mod_status.c
>   mod_dir.c
>   mod_rewrite.c
>   mod_so.c
>
>
> On 9/27/06, Jim BAO <JXB6@nrc.gov> wrote:
> > Did you try HTTP Connect?
> >
> > >>> jeff.deford@gmail.com 9/27/2006 10:35 AM >>>
> > All:
> >
> > I have some questions regarding the way to implement
> > Apache as a reverse proxy server using mod_rewrite in order to mask the
> > real
> > URLs. Users will connect to the proxy, then the proxy will connect to
> > the real server that is listening on port 8050 (SSL)
> >
> >
> > So far this is what I have working:
> >
> > Proxy server listining on port 80 and on 443 and I am
> > using a rewrite rule to force a rediect to 443 only as shown below:
> >
> >  ## Redirect all incoming HTTP requests to HTTPS locally before
> > proxying.
> >  RewriteRule ^/(.*) https://proxy.server.com/$1 [R,L]
> >
> > This works just as expected as my initial http connection gets forced
> > to https.
> >
> > Then I have the following proxy statements set up as shown below for
> > the default SSL virtual host on the proxy server:
> >
> >  ProxyRequests     Off
> >  SSLProxyEngine    On
> >  SSLProxyCACertificateFile conf/cacerts.crt
> >  ProxyPreserveHost On
> >  ProxyPass         / https://real.server.com:8050/
> >  ProxyPassReverse  / https://real.server.com:8050/
> >
> > This all works great for all of the base URLs on the root level. The
> > home
> > page URLs on the real server get rewritten and appear to have
> > originated from the proxy server when I mouse over or
> > click on a root-level URL.
> >
> > However, any URL with a subdirectory below the root level on the real
> > server does not get rewritten and the real URL (the complete URL on
> > the real server including the port number 8050) is visible on the
> > proxied web page.
> >
> > Now, how do go I about getting this to work for all of the URLs with
> > subdirectories? I have read through the documentation and I am stuck.
> >
> > Do I need rewrite rules for each URL that has a subdirectly below the
> > root with a subsequent ProxyPass and ProxyPassReverse statement?
> >
> > Do my rewrite rules need to use the proxy flag [P]? Or will they work
> > once written to mimic the root-level rules?
> >
> > Many thanks in advance for any help that you may provide....
> >
> >
> > -=jeff
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message