httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <>
Subject Re: [users@httpd] mod_rewrite, mod_proxy and AAA
Date Mon, 26 Oct 2009 06:58:40 GMT
On Sun, Oct 25, 2009 at 12:12 PM, André Warnier <> wrote:

> Similarly, the doc. for ProxyPass indicates :
> Context:        server config, virtual host, directory
> Does the above mean that they apply also to a <Location> section ?

You can use Proxy and ProxyPass directives in a <Location> container,
but the syntax changes. As the docs mention:

"When used inside a <Location> section, the first argument is omitted
and the local directory is obtained from the <Location>."

So this:

ProxyPass /getit
 ProxyPassReverse /getit

And this:

<Location /getit>

Are both equivalent...

> I would like however, that *before* the above proxying to the back-end takes
> place, such requests would be subject to AAA on the front-end server.  For
> this, I would define a <Location> as follows :

If you want to use a <Location> block to protect proxied content you
will need to use the url you're proxying too.
 So this would have to be:

# AAA directives

So you can't really combine them with your Proxy directive...

In your case though I would use a <Proxy> block. Makes it easier for
the next person reading your config to understand what is going on.

So then your config would become something like:

RewriteRule ^/cgi-bin/$ /getit [P]
ProxyPass /getit
ProxyPassReverse /getit

# Your AAA directives go here...

This aproach has the advantage that you are actually protecting the
_target_ of your rewrite (which is what I asume you want), and not the
original URL. So even if you proxy other URLs to your backend they
will also require authentication.

BTW, you could combine your rewrite and your proxypass statements:

RewriteRule ^/cgi-bin/$ /getit [P]



Bremgarten b. Bern, Switzerland
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message