> -----Original Message-----
> From: Browne, Anthony A [mailto:aabrowne@xxxxxxxxxxxx]
> Sent: Dienstag, 18. April 2006 18:29
>
> No, I am trying to figure out how to separate the two
> different request streams.
I did read your description below and I think I get it:
if (HTTP)
if (mirrored)
serve from cache
else
fetch from web
else if (HTTPS)
fetch from web
Is that right? Your problem is that you have only a main config that is handling all requests through the same ruleset. HTTPS requests can't be rewritten because you can't decrypt them - you can only proxy HTTPS traffic using the CONNECT method and in this case the packets are passed through the proxy untouched (apache routes them using only their TCP/IP attributes so you can't see the URI or hostname or whatever).
I think splitting your traffic between two port-based VHs should work, something like:
# HTTPS
<VirtualHost *:443>
ProxyRequests on
</VirtualHost>
#HTTP
<VirtualHost *:80>
... mod_rewrite stuff
</VirtualHost>
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
> My config is as follows:
>
> 1) The workstations on our LAN have IE configured to use the Apache
> Server as a proxy
> 2) The Apache listens on 80
> 3) The workstations request items from hosts they believe
> are valid,
> but are actually in a folder on the Apache server
> (several million sites are mirrored by our company to
> save bandwidth and to monitor
> ALL outgoing requests-- workstations have only been
> allowed to receive this mirrored content). We implement
> this using mod_rewrite and rewriting all requests to
> /webfolder/servername/requesturi.
> 4) Our specification changed and now, we need to support
> workstation requests for items not in our mirrored web
> content folder (i.e., we now want to let our
> workstations be able to surf the Internet using our proxy).
> 5) However, we need requests that we have a mirror for to
> be served,
> rather than proxied. This means we must check to see if
> they exist in our web content folder BEFORE WE TRY TO
> PROXY THEM. This is what the specification is.
> 6) So far, we have been rewriting the request back to its
> original form,
> if it doesn't exist in the web content folder, and
> trying to use the [P] flag to proxy it, but this does not
> work for https. It works for port 80 content, but
> mod_rewrite does't correctly store the uri for https.
> For example, trying:
>
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
> RewriteRule ^/(.*)$ - [S=2]
>
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
> RewriteCond %{SERVER_PORT} 80
> RewriteRule ^(.*)$
> http://${lowercase:%{SERVER_NAME}}%{REQUEST_URI}%{QUERY_STRING
} [P,S=1]
>
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-s
> RewriteCond %{SERVER_PORT} 443
> RewriteRule ^/(.*)
> https://%{SERVER_NAME}%{REQUEST_URI}%{QUERY_STRING} [P]
>
> always proxies 'https://serverName/' with no uri or qs.
>
> So, this is why we wanted to just pass through port 443
> requests so that we didn't have to deal with this issue.
> Using 'ProxyRequests on' works, but then you can't use
> mod_rewrite. Any suggestions would be helpful.
>
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx]
> Sent: Tuesday, April 18, 2006 4:14 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] Forward port 443 requests, but use
> mod_rewrite on port 80 requests
>
> > -----Original Message-----
> > From: Anthony Browne [mailto:aabrowne@xxxxxxxxxxxx]
> > Sent: Montag, 17. April 2006 21:59
> >
> > Is there a way to use ProxyPass to forward items based on the
> > port number of the request? I want to forward all requests
> > that use port 443 with ProxyPass (so that I can use
> > mod_rewrite on all port 80 requests). Is this possible, or do
> > I need to implement this in mod_rewrite?
>
> Do you not already have two port-based VHs? One on port 80
> and one on port 443? If so, there is no problem since the two
> VHs clearly separate the two request streams.
>
> If this isn't clear to you, post back some more details of
> your config... Specifically, how do you separate HTTP and
> HTTPS traffic?
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >
> > Also, I can't use 'ProxyRequests on' because this won't let
> > me use mod_rewrite when a port 80 request comes in
> > (mod_rewrite is always applied last). If I need to do this
> > with mod_rewrite, does anyone have any suggestions as to what
> > I need to do?
> >
> >
> >
> > Thanks
> >
> >
> >
> >
>
> Diese E-mail ist eine private und persönliche Kommunikation.
> Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der
> SWX Gruppe. This e-mail is of a private and personal nature.
> It is not related to the exchange or business activities of
> the SWX Group. Le présent e-mail est un message privé et
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
>
>
> This message is for the named person's use only. It may
> contain confidential, proprietary or legally privileged
> information. No confidentiality or privilege is waived or
> lost by any mistransmission. If you receive this message in
> error, please notify the sender urgently and then immediately
> delete the message and any copies of it from your system.
> Please also immediately destroy any hardcopies of the
> message. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you
> are not the intended recipient. The sender's company reserves
> the right to monitor all e-mail communications through their
> networks. Any views expressed in this message are those of
> the individual sender, except where the message states
> otherwise and the sender is authorised to state them to be
> the views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|