Hi everyone, Does anyone know of a way to edit HTTP Header variables as they are passed to a CGI being executed? Here's the background: we're adding a reverse proxy to secure a Web application. This application makes use of several HTTP headers (REMOTE_ADDR, HTTPS, SSL_CIPHER_KEYSIZE and many others) and uses this information not only inside the CGI code running on the web server but all the way back to the back-end. Rewriting the application to look in new headers (X-Forwaded-for, for example) is not an option at this time. The architecture we have is: - Apache 2.0.53 on Linux (Debian) - "OUTSIDE" web server is SSL-enabled and listens for connections from browsers The server is configured to provide static content but use Apache's reverse proxy features to send CGI requests to a back-end server (either via the Proxy directive or via RewriteRule and Proxy). - "INSIDE" web server receives connection from outside server over regular HTTP and executes the CGIs as needed. The issue we are having is that some of the variables the INSIDE server is passing to the CGI actually reflect the intermediary connection from the OUTSIDE server and not the data from the client. For example, REMOTE_ADDR may be 127.0.0.1 (both Web instances are running on same server) instead of a remote client address. This is, of course, "proper" behaviour for a Web server, but we need a way of tricking it into responding with the information from the 'original' request. I know we can pass the 'original' information in temporary headers by using 'RequestHeader' on the OUTSIDE server, but I can't find a way of configuring the INSIDE server to overwrite the variables with the data we need... Ideally, what I'd do is I would configure the OUTSIDE server to pass the variables we need in HTTP_* variables and have the INSIDE server overwrite the "real" variables (REMOTE_ADDR, HTTPS, etc...) with the values from those HTTP_* variables. Writing an intermediary CGI that would take the headers and modify before sending to the customer's CGI is not something we want to do, as performance in this environment is critical. Any suggestions? I looked at mod_rewrite, but that is for URL rewriting, not for modifying the variables. Thanks!!! Cheers, Fernando -- Fernando Montenegro, CISSP - fsmontenegro@xxxxxxxxx Markham, ON, Canada --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|