httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] mod_rewrite, mod_proxy and AAA
Date Mon, 26 Oct 2009 08:56:53 GMT
Krist,

I tried to find examples in mod_rewrite and mod_proxy, but did not quite 
find anything that really fit my issue.
But this nicely fills in the blanks, and is exactly what I needed.

And about
 > "When used inside a <Location> section, the first argument is omitted
 > and the local directory is obtained from the <Location>."

Yep. I looked, but missed the last 2 phrases of that ProxyPass section..
Enhancement suggestion : <b>...</b>

Thanks, a lot.
André

Krist van Besien wrote:
> On Sun, Oct 25, 2009 at 12:12 PM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Similarly, the doc. for ProxyPass indicates :
>> Context:        server config, virtual host, directory
>>
>> Does the above mean that they apply also to a <Location> section ?
> 
> You can use Proxy and ProxyPass directives in a <Location> container,
> but the syntax changes. As the docs mention:
> 
> "When used inside a <Location> section, the first argument is omitted
> and the local directory is obtained from the <Location>."
> 
> So this:
> 
> ProxyPass /getit http://another-host.com/getit
>  ProxyPassReverse /getit http://another-host.com/getit
> 
> And this:
> 
> <Location /getit>
> ProxyPass http://another-host.com/getit
> ProxyPassReverse  http://another-host.com/getit
> </Location>
> 
> Are both equivalent...
> 
> 
>> I would like however, that *before* the above proxying to the back-end takes
>> place, such requests would be subject to AAA on the front-end server.  For
>> this, I would define a <Location> as follows :
> 
> If you want to use a <Location> block to protect proxied content you
> will need to use the url you're proxying too.
>  So this would have to be:
> 
> <Location http://another-host.com/getit>
> # AAA directives
> </Location>
> 
> So you can't really combine them with your Proxy directive...
> 
> In your case though I would use a <Proxy> block. Makes it easier for
> the next person reading your config to understand what is going on.
> 
> So then your config would become something like:
> 
> RewriteRule ^/cgi-bin/script.pl$ /getit [P]
> ProxyPass /getit http://another-host.com/getit
> ProxyPassReverse /getit http://another-host.com/getit
> 
> <Proxy http://another-host.com/getit>
> # Your AAA directives go here...
> </Proxy>
> 
> This aproach has the advantage that you are actually protecting the
> _target_ of your rewrite (which is what I asume you want), and not the
> original URL. So even if you proxy other URLs to your backend they
> will also require authentication.
> 
> BTW, you could combine your rewrite and your proxypass statements:
> 
> RewriteRule ^/cgi-bin/script.pl$ /getit http://another-host.com/getit [P]
> 
> HTH,
> 
> Krist
> 
> 
> 
> 
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message