You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Phil Lello <ph...@dunlop-lello.uk> on 2015/07/17 23:24:31 UTC
Injecting HTTP request without using standard socket
Hi all,
I'm currently developing a pseudo-VPN service, and would like to be able to
inject requests (and process responses) without going through the stock
HTTP/HTTPS endpoints.
Is this possible purely as a module, or would I need to have a custom
HTTPD? I think this touches on the proxy enhancements which I believe are
on this list.
What I'm trying to achieve at the pseudo-VPN layer is server selection
based on purely the first line of the HTTP request, or in the case of
HTTPS, by picking a server from SNI. I want to prefix a small header
(probably just the sockaddr struct) on requests coming out of the VPN, then
send that plus the request payload on to apache. This will then be used to
set the REMOTE_HOST. X-Forwarded-For isn't an option as I want to pass
encrypted traffic on for processing by the normal httpd code.
I am considering using one of UNIX-domain sockets, TCP/IP sockets, or an
API binding to the VPN as the transport layer for requests, so want to
inject packets/consume responses somewhere just after the normal apache
listen, once the REMOTE_HOST has been decoded.
Thanks for any pointers on this - I'm currently too buried in the VPN code
to learn the HTTPD API at the moment, but want get an idea for if my
current architecture can work the way I want - I'm also trying to avoid
taking on more code maintenance that I need to.
Phil
Re: Injecting HTTP request without using standard socket
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
I'd fork the event or worker MPM module. Sadly, we have never decoupled
transport from the MPM model, but the solution would just work.
On Jul 17, 2015 16:25, "Phil Lello" <ph...@dunlop-lello.uk> wrote:
> Hi all,
>
> I'm currently developing a pseudo-VPN service, and would like to be able
> to inject requests (and process responses) without going through the stock
> HTTP/HTTPS endpoints.
>
> Is this possible purely as a module, or would I need to have a custom
> HTTPD? I think this touches on the proxy enhancements which I believe are
> on this list.
>
> What I'm trying to achieve at the pseudo-VPN layer is server selection
> based on purely the first line of the HTTP request, or in the case of
> HTTPS, by picking a server from SNI. I want to prefix a small header
> (probably just the sockaddr struct) on requests coming out of the VPN, then
> send that plus the request payload on to apache. This will then be used to
> set the REMOTE_HOST. X-Forwarded-For isn't an option as I want to pass
> encrypted traffic on for processing by the normal httpd code.
>
> I am considering using one of UNIX-domain sockets, TCP/IP sockets, or an
> API binding to the VPN as the transport layer for requests, so want to
> inject packets/consume responses somewhere just after the normal apache
> listen, once the REMOTE_HOST has been decoded.
>
> Thanks for any pointers on this - I'm currently too buried in the VPN code
> to learn the HTTPD API at the moment, but want get an idea for if my
> current architecture can work the way I want - I'm also trying to avoid
> taking on more code maintenance that I need to.
>
> Phil
>