Unusual proxying, CONNECT munging.

[Chris Lewis <cl...@nortelnetworks.com>]

We have a rather unusual proxying scheme.

In normal operation, our server has all of the slave applications' DNS
pointing to itself. Browsers are not configured to proxy. After
authentication and access control, it converts the "local" reference to
a proxy to the real server (like the wAMPC example in the section on:
"Invoking mod_proxy for Nonproxy requests").  We have this working
rather well.

In one particular instance, we need to have this server acting as a real
proxy (browsers are configured to have it as a proxy), and fall through
the rest of the code to the back end applications.

I have this working for HTTP easily enough (just don't proxyify the
requests), but SSL seems to be a severe problem, because browsers use
the "CONNECT hostname:port" for https (and then blindly copy packets
bidirectionally), rather than "GET http://host.../file".

I believe I can get this to work if, after detecting a "CONNECT" method
connection, I change the effective "hostname:port" to be localhost:443,
and force the Apache proxy to redirect to itself.  Then I can handle it
through the stuff we already use.

Does anybody know how to alter the CONNECT's parameters in mod_perl so
that mod_proxy will do the right thing with it? I can "see" the CONNECT
parameter by examining $r-uri, but setting it ala
$r->uri("localhost:443") appears to be ignored.

I can't even seem to find official documentation for CONNECT.  The links
(netscape and elsewhere) appear dead.  I've been playing around with
some simple stand-alone proxies to test out whether the back-end stuff
will work out, but, I don't seem to be able to get them to interoperate
with CONNECT requests quite yet.

Thanks muchly.