Recent Events for foo.be MainPageDiary (Blog)

Apache ModProxy Config

Difference between revision 2 and current revision

Changed:

< I'm just keeping notes about mod_proxy as it's always difficult to remember or finding the configuration again on Internet. So that could be useful to someother...

to

> I'm just keeping notes about mod_proxy as it's always difficult to remember or finding the configuration again on Internet. So that could be useful to some other...


I'm just keeping notes about mod_proxy as it's always difficult to remember or finding the configuration again on Internet. So that could be useful to some other…

mod_proxy flexibility

In a large scale internal network, you could have limitation to access a http server because you need a specific network routing path, you have colliding internal networks or specific limitation to access the remote http server. mod_proxy is a nice way to solve such issues to access a http server. mod_proxy is very flexible in use with additional modules provided with httpd.

Here is a simple configuration for a proxified site :

<VirtualHost *:80>
   ServerAdmin someone@somewhere.network
   ServerName theserver.name.network
   ProxyPass / http://thedestserver.name.network/
   ProxyPassReverse / http://thedestserver.name.network/
   ErrorLog logs/proxy-theserver.name.network-error_log
   CustomLog logs/proxy-theserver.name.network-access_log combined
   ProxyRequests on
</VirtualHost>

Authentication against the proxified web site

A common issue is to do an authentication on the destination server. An easy way is to use mod_header to add a specific authentication header like that (RequestHeader? has been introduced in Apache httpd 2.0 so won't work on previous version) :

<VirtualHost *:80>
   ServerAdmin someone@somewhere.network
   ServerName theserver.name.network
   ProxyPass / http://thedestserver.name.network/
   ProxyPassReverse / http://thedestserver.name.network/
   ErrorLog logs/proxy-theserver.name.network-error_log
   CustomLog logs/proxy-theserver.name.network-access_log combined
   RequestHeader set Authorization "Basic base64encodedlogin:password"
   Header unset WWW-Authenticate
   RequestHeader unset WWW-Authenticate
   ProxyRequests on
</VirtualHost>

Don't forget to construct the authentication string (for Basic authentication) using the format username:password and encoded in Base64. Of course, the mod_header permits also to remove or update specific headers (like caching or date for bad http server implementation like IIS)

Cleanup crappy web site

When dealing with internal http server, you have often a lot of internal urls with some absolute reference that your http client can't access. You can use the IO Filtering part introduced in Apache 2.0 with the mod_ext_filter module. In the example, we just use 'sed'. But any external software could do the job (Python or Perl script). The use of an external program can be resource intensive… so be aware. You can also list multiple filters in different orders.

ExtFilterDefine fixtext mode=output intype=text/html cmd="/bin/sed
s/somethingcrappya/somethingok/g"
ExtFilterDefine fixtext2 mode=output intype=text/html cmd="/bin/sed
s/somethingcrappyb/somethingok2/g"
<VirtualHost *:80>
   ServerAdmin someone@somewhere.network
   ServerName theserver.name.network
   ProxyPass / http://thedestserver.name.network/
   ProxyPassReverse / http://thedestserver.name.network/
   ErrorLog logs/proxy-theserver.name.network-error_log
   CustomLog logs/proxy-theserver.name.network-access_log combined
   RequestHeader set Authorization "Basic base64encodedlogin:password"
   Header unset WWW-Authenticate
   RequestHeader unset WWW-Authenticate
   ProxyRequests on
   SetOutputFilter fixtext;fixtext2
</VirtualHost>