You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Richard Bishop <ap...@uchange.co.uk> on 2010/08/03 23:35:24 UTC

[users@httpd] Help with CONNECT method rewriting

Hi,

I'm hoping you can help me with something that I've been struggling with
for a couple of days.

I'm using mod_proxy to forward proxy requests between one network and
another.  I'm attempting to combine this with mod_rewrite to rewrite
CONNECT requests for certain (SSL) servers.  Note that I'm only trying to
rewrite the HTTP connect request, not the SSL data itself (which is
encrypted and I have no access to).

What I'm hoping to achieve is that "CONNECT server.example.org:443
HTTP/1.0" gets rewritten to "CONNECT server.example.com:443 HTTP/1.0" - an
upstream proxy then gets the request "CONNECT server.example.com:443
HTTP/1.0".  Having played around with mod_rewrite for several hours I'm
having trouble getting it working.

I've enabled RewriteLogLevel 9 and I'm seeing log entries that indicate
things are working as I intend:

rewrite 'proxy:example.org:443' -> 'proxy:example.com:443'

Though the upstream proxy is still seeing "CONNECT server.example.org:443"
rather than the rewritten version.

The relevant parts of my httpd.conf file are:

----
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ProxyRequests On
ProxyVia On
AllowConnect 443

<Proxy *>
        Order allow,deny
        Allow from all
</Proxy>

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^CONNECT$
RewriteRule ^(.*)server\.example\.org(.*)$ $1server.example.com$2
----

I've noted that mod_rewrite has a [P] flag that forces the request to be
proxied to another server, though this doesn't appear to work with https
(SSL) servers - or am I missing something?

Any advice would be gratefully received.


Many thanks



Richard



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org