perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject custom proxy setup with mod_perl
Date Fri, 23 Nov 2012 17:39:58 GMT
Hi.

I am trying to solve an unconventional (I think) issue with mod_perl (or even without it).
Environment : Apache 2.2/mod_perl 2 under Linux.

The issue :
A number of workstations are in a LAN, using a local DNS server under my control.
In the same LAN (192.168.45.0), I have a Linux host running Apache 2.2/mod_perl 2, also 
under my full control (IP 192.168.45.100).

Currently, the LAN workstations access external websites such as (for the sake of example)
:
1) http://www.site-1.com  (IP 1.2.3.4)
2) http://www.site-2.biz  (IP 2.3.4.5)
3) http://www.site-3.org  (IP 3.4.5.6)
4) http://www.site-4.co.uk (IP 4.5.6.7)
(all these IP's being supposedly real public Internet IP addresses)

In the future, I would like that when the workstations try to access websites (2) and (4)

above, they access them through my Apache/mod_perl host.
The reason for this is that
a) I need to authenticate the users
b) I need to allow some users to access these external servers, and deny other users (and

for those, I need to return a nice page explaining why)

I already do the authentication/authorization using custom PerlAuth* handlers.
I also know how to write PerlFixupHandler and PerlTransHandler modules, and how to "push"

other Perl "HTTP cycle" handlers when needed.

My basic scheme is as follows :
- the DNS server configuration is modified so that when resolving the hostnames (2) and 
(4) above, it returns the IP address of the internal Apache host (192.168.45.100).
When a workstation thus wants to connect to webserver (2) above, in reality it connects to

the internal Apache host, where I want to perform my mod_perl magic.
- on the Apache host, there is a virtual host configured with
   ServerAlias www.site-2.biz
   ServerAlias www.site-4.co.uk
so it responds to these requests.

The Apache host has access to the "real" IP addresses of the above external webservers.
(For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS server which

delivers the original IP addresses).

In the Apache host, I have the following configuration section :
<Location />
   AuthType MyOwn
   AuthName CheckProxy
   PerlAuthenHandler my:AuthHandler->get_id
   PerlAuthzHandler my:AuthHandler->allow_or_not
   Require valid-user
   PerlFixupHandler ????
   PerlTransHandler ????
   ProxyPass http://(corresponding hostname)/(path and query as received)
</Location>

Now my questions are : if I do something at the level of the PerlFixupHandler or 
PerlTransHandler,
1) is that "early enough" to be before the Apache ProxyPass step ?
2) can I set the "(corresponding hostname)" above in such a Perl handler, or otherwise 
manipulate the URI before it gets proxy-ed ?
3) do I need this ProxyPass directive in my configuration, or can I just set the Apache 
response handler to be mod_proxy_http, in one of the Perl handlers ? and if yes, how ?

I'd be thankful for any answer or tip, even about a solution which does not involve 
mod_perl at all. (But in reality, I do need to do a bit more in my handlers than I allude

to above).











Mime
View raw message