>From what I understand you proxy to an application that generates HTML or other contents where there are absolute references to other resources on the same server. What you should convince your dev team about is to generate links that do not contain scheme://server:port but only the url-path. The day you decide for example to change the scheme to https and do SSL termination at the reverse proxy or on an appliance upstrean, you will have the same problem. One possibility is to parse and rewrite the contents of pages returned to the client in order to modify the links... I believe the name of the module is mod_proxy_html. Been there, done that; works well if you use standard-compliant HTML. -ascs -----Original Message----- From: Shane Smith [mailto:safarishane@xxxxxxxxx] Sent: Wednesday, May 10, 2006 1:46 AM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] ProxyPreserve... Port? Hey Folks, I'm using the proxy module, and I've run into one of those weird cases as described in the documentation where the ProxyPreserveHost Directive needs to be set true. (voicexml app) What it doesn't seem to do (nor should it on it's own) is preserve the correct port address on the request. Is there any way to fake a ProxyPreservePort Directive, or accomplish the same thing a different way? Here's the skinny: browser on 192.168.x.x network is requesting through a firewall, and making it's http requests to a 192.168.x.x address. The firewall NAT's that to a 10.10.x.x address. That 10.10.x.x address (my dev desktop) answers the http request with an apache reverse proxy, making it seem as if it's really a different server. (in this case, it's just a different port) So requests come in to my desktop on port 9980, which has the apache reverse proxy set to pull from 9080. Here is what's in my conf: <VirtualHost *:9980> <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests On #ProxyPreserveHost On ProxyPass /pizza/ http://10.10.1.1:9080/pizza/ ProxyPassReverse /pizza/ http://10.10.1.1:9080/pizza/ </VirtualHost> So 9980 in effect is pretending to be 9080, and everything works great. That is until, the application (that i don't have source for) uses the http request to hardcode the server IP/Port address in the http response body (untouchable by httpd) Of course, the next fetch from the browser will fail, since it's trying to access a 10.x address instead of the correct 192.168 address. Well, ProxyPreserveHost does the trick, and gets the correct IP address to come thru in the response body, but not the correct port. What ends up happing is this: http://192.168.1.1:9080 When it should be http://192.168.1.1:9980. I hope I didn't lose everyone with the ports and numbers jargon. The reverse proxy functionality is very useful, so long as you are using the same port number on both sides of the proxy. If you change this port (which you have to for localhost) then applications that insist on specifying it's ip/port with absolute url's instead of using relative url's will fail. (i've flogged that dev team) Any chance I can get a proxypreservePORT directive functionality, or convince this dev team that this needs to be added? Thanks, Shane Smith --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|