On 13/09/2007, gb1071nx <gb1071nx@xxxxxxxxxxxxxxxxxxxxx> wrote: > > I've just recently compiled and installed the mod_rewrite and mod_proxy > modules. My specific reason for doing so is that I wanted to use AJAX > calls between two internal (intranet) domains, but due to 'same origin' > policy, could not. Google told me that I can get around this by > proxying. All sorts of PHP examples abounded, but 1) I'm a java > programmer and 2) I don't want to write my own proxy code so 3) let's > just use mod_rewrite! > > I've now got that all set up and working. My one domain successfully > makes AJAX calls to the second, all through mod_rewrite. But now I'm > wanting to make absolutely certain of something: > > The *only* references I have to mod_proxy or mod_rewrite are the > LoadModule commands, and my one mod_rewrite section: Are you using apache 1.3? If not, you'll need mod_proxy_http loaded too. If so, upgrade to 2.2 as the proxy module in 1.3 is obsolete and missing several major features available in 2.x. > RewriteEngine On > RewriteRule ^/myproxy/(.*)/(.*)$ http://$1/foo/bar.jsp?x=$2 [P] > > > I see this commented-out section as well: > > #<IfModule mod_proxy.c> > #ProxyRequests On > # > #<Proxy *> > # Order deny,allow > # Deny from all > # Allow from .example.com > #</Proxy> > > > I'm just worried/wondering if my server is "secure", and that it's not > acting as an open proxy? Am I right in thinking that unless I > explicitly turn on ProxyRequests, that merely loading the module does > not cause it to become a proxy server? You're correct that ProxyRequests defaults to off. However, your rewrite rule has effectively created an open proxy, albeit one that will always request /foo/bar.jsp?x= > Secondly, could I use the <Proxy *> control block to limit even the > reverse proxy to *only* accept requests from that single internal host? > Or have I effectively done this, by making my RewriteEngine and > RewriteRule directives within a virtual host block? Yes and no. You can use a <Proxy block to restrict which host addresses apache can make proxy requests to, and you can use <Location to determine which clients can make requests to it. -- noodl --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|