trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leif Hedstrom <zw...@apache.org>
Subject Re: Remap http to https with non-standard por
Date Mon, 25 Feb 2019 21:28:45 GMT


> On Feb 25, 2019, at 11:26 AM, Eric Chaves <eric@uolet.com> wrote:
> 
> Hi Folks,
> 
> With the help of this community I was able to setup an ATS instance to work on. Now I'm
trying to write some remap rules in order to work with ATS as ssl terminator (in forward proxy
mode) so my clients (ie my applications) request their URL over HTTP but ATS perform an HTTPS
to the origin.
> 
> For that I wrote pretty stupid regex remap rule: 
> regex_map http://(.*) https://$1.
> 
> This rule works when the url does not have a port declared (ie http://somesite/somepage?q=.
<http://somesite/somepage?q=.>.) but it does not work when the source url uses a non
standard por (ie http://somesite:8443/somepage?q=. <http://somesite:8443/somepage?q=.>.)
> 
> I've tried to add a specific map as my first rule for this specific host but no success
either. 
> map http://somesite:8443 <http://somesite:8443/> https://somesite:8443 <https://somesite:8443/>

> regex_map http://(.*) https://$1.


If I recall, regex_map only matches on the host name … That much said, you could likely
write a trivial plugin in C/C++ or Lua, that just changes the scheme, and then do something
like

	map  /  https://whatever_doesnt_matter @plugin=…


Alternatively, if you truly want to be an open proxy, make it a global plugin, remove the
requirement for remap ((proxy.config.url_remap.remap_required=0), and just always make the
change. Seems unlikely that such a mapping would always work though, I mean, not every http://
URL has a matching https:// destination (so, you still need some sort of whitelist).

— Leif





Mime
View raw message