You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mik F <mi...@gmail.com> on 2007/03/22 13:44:04 UTC
[users@httpd] Advice on Migrating from Netscape to Apache
Hi,
we're (finally) looking to migrate from Netscape to Apache but there
are a couple of areas that I'm having problems with that I'm hoping
someone can give me some gentle guidance on.
We use Netscape Proxy Server 3.5 to manage requests from client
applications (rather than client browser) to external 3rd party sites,
sometime over https.
Netscape Proxy Server has a simple interface for managing URL mappings
so that, for instance, URL Prefix (from client) http://foo maps to
(proxy will use this) https://prefix.foo.suffix
I've been digging around and I think I need to do two things to
replicate this behaviour using Apache:
(eg from Apache Documentation:)
Forward Proxy
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from internal.example.com
</Proxy>
This should allow the client applications to get out through the
firewall, but the addresses they use will fail, so ...
first thoughts were that ProxyPass would be my friend but it looks
like this is for mapping internal paths to fully qualified URI
_incoming_ from external clients to the _Reverse_ Proxy?
Second thoughts were that I should then use mod_rewrite to trap and
handle the outbound requests but I'm at a oss how this would fit
within the ProxyRequests directive, or how I would the resolve the
responses from the target server.
I'm not averse to do doing some legwork but a few pointers to set me
down the correct path would be higely appreciated,
cheers,
Mik
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Advice on Migrating from Netscape to Apache
Posted by Mik F <mi...@gmail.com>.
Folks,
still scratching my head over this one so any assistance appreciated.
Got the forward proxy running fine and secured, although ideally I'd like to
have an 'Order Deny, Allow' type directive to block all but a few define
external sites.
All 'standard' requests work but it's still the items that need URL
transforms that are killing me :(
I'm currently pondering whether I could set up separate Virtual Hosts (as
per comment in Nick Kew's "Running a Reverse Proxy in Apache" guide, one
forward proxy and one 'webserver'.
I'm theorising that the 'webserver' VH could listen on a particular port for
a defined address, eg
<VirtualHost www.foo.com:8999>
DocumentRoot /www/foo
ServerName www.foo.com
# Other directives here, presumably either a RewriteRule or a Redirect?
</VirtualHost>
However, I'm unsure as to whether the above VH could then use the 'forward'
VH to get to its intended destination?
I'm working through scenarios as carefully as I can but I'm new to Apache
and I'm not sure whether the theory is wrong or whether I'm just getting the
syntax and implementation wrong.
Any help appreciated!
Thanks,
Mik
On 22/03/07, Nick Kew <ni...@webthing.com> wrote:
>
> On Thu, 22 Mar 2007 14:31:21 +0000
> "Mik F" <mi...@gmail.com> wrote:
>
>
> > Any ideas?
>
> I'm sure you could harness the reverse proxying capabilities.
> But I'm not going to think through how just now.
>
> --
> Nick Kew
>
> Application Development with Apache - the Apache Modules Book
> http://www.apachetutor.org/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Quis custodiet ipsos custodes?
Re: [users@httpd] Advice on Migrating from Netscape to Apache
Posted by Nick Kew <ni...@webthing.com>.
On Thu, 22 Mar 2007 14:31:21 +0000
"Mik F" <mi...@gmail.com> wrote:
> Any ideas?
I'm sure you could harness the reverse proxying capabilities.
But I'm not going to think through how just now.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Advice on Migrating from Netscape to Apache
Posted by Mik F <mi...@gmail.com>.
On 22/03/07, Nick Kew <ni...@webthing.com> wrote:
> On Thu, 22 Mar 2007 12:44:04 +0000
> "Mik F" <mi...@gmail.com> wrote:
>
> > Netscape Proxy Server has a simple interface for managing URL mappings
> > so that, for instance, URL Prefix (from client) http://foo maps to
> > (proxy will use this) https://prefix.foo.suffix
>
> As does Apache. But that's connected to reverse proxying.
> See http://www.apachetutor.org/admin/reverseproxies
>
> > (eg from Apache Documentation:)
> >
> > Forward Proxy
>
> Can you explain why you need to remap URLs in a forward proxy?
> Where do the bad URLs originate?
>
>
> --
> Nick Kew
>
> Application Development with Apache - the Apache Modules Book
> http://www.apachetutor.org/
>
Nick,
it's historical really. We have a series of back end appliactions
which need to get 3rd party authorisation, eg for transactions / user
authentication.
When first written it was't possible to do this directly via https so
the proxy was put in place to manage all (https) connections from the
applications to and from the 3rd party sites.
There is also some hard coding (wince...) of URLS which it has been
possible to manage by using the mapping functionality within Netscape
Proxy Server.
Whilst I'm working on the migration of the servers and can flag 'bad
practice' elsewhere I effectively have to replace like for like so
can't go to the app support team to get them to 'fix' their 'broken'
code :)
Not ideal, but that's the situation I'm in.
Any ideas?
Cheers,
Mik
--
Quis custodiet ipsos custodes?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Advice on Migrating from Netscape to Apache
Posted by Nick Kew <ni...@webthing.com>.
On Thu, 22 Mar 2007 12:44:04 +0000
"Mik F" <mi...@gmail.com> wrote:
> Netscape Proxy Server has a simple interface for managing URL mappings
> so that, for instance, URL Prefix (from client) http://foo maps to
> (proxy will use this) https://prefix.foo.suffix
As does Apache. But that's connected to reverse proxying.
See http://www.apachetutor.org/admin/reverseproxies
> (eg from Apache Documentation:)
>
> Forward Proxy
Can you explain why you need to remap URLs in a forward proxy?
Where do the bad URLs originate?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org