You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Christian Gilmore <cg...@tivoli.com> on 2000/11/14 17:54:19 UTC

[RFC] Apache::ProxyRewrite

I've completed work on a proxying module we needed here at work. I intend
to release it to the community, but first I want to get comments on its
current name  and design. Perhaps there is a direction for it to grow
before initial release?

The Problem I Needed to Solve:

We need to proxy our external web services, but secure and insecure, to
our internal personnel while also doing authentication on the personnel's
behalf behind the scenes. In order to minimize muddying of customer data,
only a single "group" userid exists. This userid is to be used for the
purpose of authenticating and authorizing internal personnel to certain
areas of our external site.

The Solution:

Apache::ProxyRewrite will proxy content, rewriting arbitrary URLs embedded
in the content (if HTML) per run-time configuration. A configuration
example for the host www-internal.tivoli.com:

<Location          />
SetHandler         perl-script
PerlHandler        ProxyRewrite

RProxyTo           http://www.tivoli.com
RProxyAuthInfo     "BASIC dG32cvVwcnQ6amF4MzhfYXS="
RProxyAuthRedirect On
RProxyRewrite      https://www.tivoli.com/secure /secure
</Location>

<Location          /secure>
SetHandler         perl-script
PerlHandler        ProxyRewrite

RProxyTo           https://www.tivoli.com/secure
RProxyAuthInfo     "BASIC dG32cvVwcnQ6amF4MzhfYXS="
RProxyAuthRedirect On
RProxyRewrite      http://www.tivoli.com/        /
RProxyRewrite      http://foo.bar.com/           /secure/foo
</Location>

Requests for "/" will first be proxied to http://www.tivoli.com. The
content at the URL will be parsed (quickly via a single pass through the
code, not with HTML::Parser and its variants). There will be an implicit
rule that references to relative path of the argument to RProxyTo ("/" in
this case) in the document will be rewritten to the relative URI in the
current <Location> (also "/" in this case). Further, references to
https://www.tivoli.com/secure on the backend will be rewritten to /secure.

The RProxyAuthInfo directive allows for automatic authentication and
authorization for a predetermined userid. The RProxyAuthRedirect directive
allows the server to receive backend 401 responses and redirect the client
directly to that backend URI. I don't anticipate this directive having
much value to the general community, but it was a requirement of our
installation.

Please send comments, questions, flames (hopefully none of these!) back to
the list. I attempted to contact the owner of the Apache::RewritingProxy
package to no avail. His package, though, seems designed to rewrite
content, not URIs, so I think there's room for both.

Thanks,
Christian

-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
Tivoli Systems, Inc.