|
Thanks for the quick reply Joshua. It is a link.
The problem is that I do not have access to the server or the source. The
website is written in DEC basic compiled as CGI executables on a VMS box. I’ve tried the ProxyPreserveHost on and off with no
difference. I am running mod_proxy_html so I will look into that. The really puzzling part of this and the reason that I
think I should be able to find this is that there are two ways to get to this
site: The customer’s LAN (where the VMS box lives) lets
you access the site non SSL on port 80 ACL for only the 10 network and now for
the 192 (Reverse proxy) and everything works for the 10 network fine. (It seems
like the main webserver thinks that the proxy is on the 10 network as well
maybe due to the NATing? The NATing is set up as: 12.3.8.3 443 (Outside compliant) -> 192.168.2.2 443 (DMZ
Reverse Proxy) -> 10.2.1.2 80 (Internal webserver) From outside but you can only get there on 443 and there
is an SSLRequired access any directive. The NATing doesn’t go thru the
DMZ (Correcting this and putting mod_security on the RP is the end goal) and is: 12.3.8.3 443 -> 10.2.1.2 443 So the links are being written based on what I would hope
was in httpd.conf ssl.conf or some other place that allows the webserver to know
where you are coming from so that it knows how to write the link. I feel like am I just missing something here since the
reverse proxy should do this. I do have all of the Apache hardening turned off
so the URL size, etc. is not an issue. Thanks, Jeff On 7/14/07, Jeff Murch <jmurch@xxxxxxx>
wrote: > > > > > I am running into a problem with a reverse proxy
where dynamic links to > detail records are showing up referring to the main
webserver on a 10 > network instead of the NAT'd public address of the
proxy. > > > > An example would be a link showing up from the proxy
to the end user's > browser as http://10.2.1.2/cgi-bin/
obviously won't work and needs a rule so > that any occurrence of 10.2.1.2 is replaced with
205.145.160.12 with the > remainder of the URL left unchanged. > > > > From my understanding the most appropriate way to do
this would be with > mod_rewrite? mod_rewrite is not likely the right tool, since it only
deals with meta-data (request and response headers) and not the
content of your pages. You should start by asking where this internal IP is
coming from. Is it hard-coded in your application someplace? Can you configure
your application to use the public IP? If the application is
reading the IP from the Host: request header, then you could consider
using the ProxyPreserveHost directive to fool it into thinking it
has a different name. Alternatively, if you really need to rewrite links inside
html pages, the only real solution is mod_proxy_html. Google for it. Finally, it may be that when you refer to
"links", you really mean "redirects". If this is so, you should make
sure you have properly configured your ProxyPassReverse directive. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache
HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html>
for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.10.6/900 - Release
Date: 7/14/2007 3:36 PM |
|