You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Erik Parker <ep...@mindsec.com> on 2002/01/15 02:08:39 UTC
mod_rewrite and apache
Greetings Apache Users,
I bring before you today, a mod_rewrite question..
I have a cluster of web servers.. I'm working on getting the images them
selves served off of a new cluster, that are squid servers running
everything from cache.
The problem is, we can't change the website code, because parts of the
site are SSL, and parts at non-SSL, but calling the same files.. All using
the same headers (Design flaw that can't be fixed right now).
So, my thought was.. I'd use mod_rewrite to rewrite the URL's in each
Vhost (the SSL vhost and the non-ssl vhost).. to redirect:
http://www.domain.com/images/*
to
http://content.domain.com/images/*
Well, it comes down to a few things.. I don't want to use the "P" flag,
because I don't want that apache instance to serve the images at all.. I
want it to actually rewrite the code it serves to the client.. So a
reference to:
<img src="/images/foo.jpg"> is re-written as <img src="http://content.domain.com/images.foo.jpg">
I could use the [R] flag, but that just redirects them.. and I don't want
people to make a request, get a redirect, and make another request.. I
need it to actually re-write the code..
I've read, and re-read the multiple mod_rewrite faqs on the apache site,
and I just don't see what I need. Can it be done, and does anyone know
how? A good pointer would be great.
Thanks!
-Erik
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_rewrite and apache
Posted by Owen Boyle <ob...@bourse.ch>.
-bill- wrote:
>
> That is an interesting piece of info, but why would you want to encrypt/decrpyt
> an image ?
I can think of a few reasons:
The Obvious One: You don't want anyone except the recipient to see it.
The Devious One: Imagine you have a snooper on the line, intercepting
all your traffic and trying to crack it (this is what SSL protects
against). If you encrypt all the files served from your SSL site, all he
sees is a unbroken stream of encrypted data - he hasn't a clue where to
start, so has to record it in huge chunks then try to crack them using
brute force.
However if, for example, you decide to save computing resources in the
server by not encrypting images and only encrypting text data, then now
he sees lots of GIF and JPG data flying past en clair - interspersed
with small nuggets of encrypted stuff. Sneering to himself, he grabs
those and bends all his resources to cracking these much smaller blocks
of data with his super-computer. He is encouraged by the knowledge that,
since these are the only things you bothered to encrypt, they must be
REALLY important...
SSL isn't only about encryption, there's also the wheat and chaff aspect
too.
Rgds,
Owen Boyle.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_rewrite and apache
Posted by -bill- <bi...@TechServSys.com>.
darren chamberlain wrote:
>
> Erik Parker <ep...@mindsec.com> said something to this effect on 01/15/2002:
> > JS> Can't be done with any standard Apache module. You want apache to scan
> > JS> through each document as it is served and do a search/replace. Mod_rewrite
> > JS> acts only on the URL that is actually requested, not on the document
> > JS> contents.
> >
> > After you said that, it became very clear :)
> >
> > I guess for now, I'm going to use SSI and do an if $SSL == on, write out
> > img src="https:/foo
> > else
> > img src="http://foo
>
> Did you know that you can just use src="//..." without specifying
> a protocol? The browser will use the protocol it is currently
> using, so a https request will request that image using https.
>
> (darren)
>
> --
That is an interesting piece of info, but why would you want to encrypt/decrpyt
an image ?
--
- bill -
bill@TechServSys.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_rewrite and apache
Posted by darren chamberlain <dl...@users.sourceforge.net>.
Erik Parker <ep...@mindsec.com> said something to this effect on 01/15/2002:
> JS> Can't be done with any standard Apache module. You want apache to scan
> JS> through each document as it is served and do a search/replace. Mod_rewrite
> JS> acts only on the URL that is actually requested, not on the document
> JS> contents.
>
> After you said that, it became very clear :)
>
> I guess for now, I'm going to use SSI and do an if $SSL == on, write out
> img src="https:/foo
> else
> img src="http://foo
Did you know that you can just use src="//..." without specifying
a protocol? The browser will use the protocol it is currently
using, so a https request will request that image using https.
(darren)
--
You know the great thing about TV? If something important happens
anywhere at all in the world, no matter what time of the day or
night, you can always change the channel.
-- Jim Ignatowski
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: mod_rewrite and apache
Posted by Erik Parker <ep...@mindsec.com>.
JS> Can't be done with any standard Apache module. You want apache to scan
JS> through each document as it is served and do a search/replace. Mod_rewrite
JS> acts only on the URL that is actually requested, not on the document
JS> contents.
After you said that, it became very clear :)
I guess for now, I'm going to use SSI and do an if $SSL == on, write out
img src="https:/foo
else
img src="http://foo
It's not ideal, but it will work until this client can get their code
split apart into seperate sections. It's not too bad though, these systems
lack memory, and speed, not processor.. so I think short term, they shoul
dbe ok with the SSI's.
Thanks,
-Erik
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: mod_rewrite and apache
Posted by Joshua Slive <jo...@slive.ca>.
> From: Erik Parker [mailto:eparker@mindsec.com]
> Well, it comes down to a few things.. I don't want to use the "P" flag,
> because I don't want that apache instance to serve the images at all.. I
> want it to actually rewrite the code it serves to the client.. So a
> reference to:
>
> <img src="/images/foo.jpg"> is re-written as <img
> src="http://content.domain.com/images.foo.jpg">
Can't be done with any standard Apache module. You want apache to scan
through each document as it is served and do a search/replace. Mod_rewrite
acts only on the URL that is actually requested, not on the document
contents.
JOshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org