perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject custom proxy setup with mod_perl
Date Fri, 23 Nov 2012 17:39:58 GMT

I am trying to solve an unconventional (I think) issue with mod_perl (or even without it).
Environment : Apache 2.2/mod_perl 2 under Linux.

The issue :
A number of workstations are in a LAN, using a local DNS server under my control.
In the same LAN (, I have a Linux host running Apache 2.2/mod_perl 2, also 
under my full control (IP

Currently, the LAN workstations access external websites such as (for the sake of example)
1)  (IP
2)  (IP
3)  (IP
4) (IP
(all these IP's being supposedly real public Internet IP addresses)

In the future, I would like that when the workstations try to access websites (2) and (4)

above, they access them through my Apache/mod_perl host.
The reason for this is that
a) I need to authenticate the users
b) I need to allow some users to access these external servers, and deny other users (and

for those, I need to return a nice page explaining why)

I already do the authentication/authorization using custom PerlAuth* handlers.
I also know how to write PerlFixupHandler and PerlTransHandler modules, and how to "push"

other Perl "HTTP cycle" handlers when needed.

My basic scheme is as follows :
- the DNS server configuration is modified so that when resolving the hostnames (2) and 
(4) above, it returns the IP address of the internal Apache host (
When a workstation thus wants to connect to webserver (2) above, in reality it connects to

the internal Apache host, where I want to perform my mod_perl magic.
- on the Apache host, there is a virtual host configured with
so it responds to these requests.

The Apache host has access to the "real" IP addresses of the above external webservers.
(For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS server which

delivers the original IP addresses).

In the Apache host, I have the following configuration section :
<Location />
   AuthType MyOwn
   AuthName CheckProxy
   PerlAuthenHandler my:AuthHandler->get_id
   PerlAuthzHandler my:AuthHandler->allow_or_not
   Require valid-user
   PerlFixupHandler ????
   PerlTransHandler ????
   ProxyPass http://(corresponding hostname)/(path and query as received)

Now my questions are : if I do something at the level of the PerlFixupHandler or 
1) is that "early enough" to be before the Apache ProxyPass step ?
2) can I set the "(corresponding hostname)" above in such a Perl handler, or otherwise 
manipulate the URI before it gets proxy-ed ?
3) do I need this ProxyPass directive in my configuration, or can I just set the Apache 
response handler to be mod_proxy_http, in one of the Perl handlers ? and if yes, how ?

I'd be thankful for any answer or tip, even about a solution which does not involve 
mod_perl at all. (But in reality, I do need to do a bit more in my handlers than I allude

to above).

View raw message