perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Moyer <f...@redhotpenguin.com>
Subject Re: custom proxy setup with mod_perl
Date Fri, 23 Nov 2012 19:26:06 GMT
You might want to take a look at a mod_perl based proxy module I wrote
- https://metacpan.org/module/Apache2::Proxy

It was used in conjunction with Perlbal and a couple other tricks, but
was pretty speedy given the crude nature of how I implemented it.

On Fri, Nov 23, 2012 at 9:39 AM, André Warnier <aw@ice-sa.com> wrote:
> Hi.
>
> I am trying to solve an unconventional (I think) issue with mod_perl (or
> even without it).
> Environment : Apache 2.2/mod_perl 2 under Linux.
>
> The issue :
> A number of workstations are in a LAN, using a local DNS server under my
> control.
> In the same LAN (192.168.45.0), I have a Linux host running Apache
> 2.2/mod_perl 2, also under my full control (IP 192.168.45.100).
>
> Currently, the LAN workstations access external websites such as (for the
> sake of example) :
> 1) http://www.site-1.com  (IP 1.2.3.4)
> 2) http://www.site-2.biz  (IP 2.3.4.5)
> 3) http://www.site-3.org  (IP 3.4.5.6)
> 4) http://www.site-4.co.uk (IP 4.5.6.7)
> (all these IP's being supposedly real public Internet IP addresses)
>
> In the future, I would like that when the workstations try to access
> websites (2) and (4) above, they access them through my Apache/mod_perl
> host.
> The reason for this is that
> a) I need to authenticate the users
> b) I need to allow some users to access these external servers, and deny
> other users (and for those, I need to return a nice page explaining why)
>
> I already do the authentication/authorization using custom PerlAuth*
> handlers.
> I also know how to write PerlFixupHandler and PerlTransHandler modules, and
> how to "push" other Perl "HTTP cycle" handlers when needed.
>
> My basic scheme is as follows :
> - the DNS server configuration is modified so that when resolving the
> hostnames (2) and (4) above, it returns the IP address of the internal
> Apache host (192.168.45.100).
> When a workstation thus wants to connect to webserver (2) above, in reality
> it connects to the internal Apache host, where I want to perform my mod_perl
> magic.
> - on the Apache host, there is a virtual host configured with
>   ServerAlias www.site-2.biz
>   ServerAlias www.site-4.co.uk
> so it responds to these requests.
>
> The Apache host has access to the "real" IP addresses of the above external
> webservers.
> (For example, in its own "hosts" file; or it has itself an "uncorrupted" DNS
> server which delivers the original IP addresses).
>
> In the Apache host, I have the following configuration section :
> <Location />
>   AuthType MyOwn
>   AuthName CheckProxy
>   PerlAuthenHandler my:AuthHandler->get_id
>   PerlAuthzHandler my:AuthHandler->allow_or_not
>   Require valid-user
>   PerlFixupHandler ????
>   PerlTransHandler ????
>   ProxyPass http://(corresponding hostname)/(path and query as received)
> </Location>
>
> Now my questions are : if I do something at the level of the
> PerlFixupHandler or PerlTransHandler,
> 1) is that "early enough" to be before the Apache ProxyPass step ?
> 2) can I set the "(corresponding hostname)" above in such a Perl handler, or
> otherwise manipulate the URI before it gets proxy-ed ?
> 3) do I need this ProxyPass directive in my configuration, or can I just set
> the Apache response handler to be mod_proxy_http, in one of the Perl
> handlers ? and if yes, how ?
>
> I'd be thankful for any answer or tip, even about a solution which does not
> involve mod_perl at all. (But in reality, I do need to do a bit more in my
> handlers than I allude to above).
>
>
>
>
>
>
>
>
>
>

Mime
View raw message