Eric Jacobs wrote:
We were trying to add an extra layer of security in front of some financial apps with a reverse proxy (which required a login). It worked until we tried restricting access to financial apps only to proxy server. Turns out, after the initial connection, browsers downloaded applets which then tried to connect directly to financial servers. Is there a way (perhaps through mod_proxy_html) to rewrite the URL in the applet?
mod_proxy_html won't touch applet contents. You'd be in with a chance if your applet works by fetching text contents in HTML, but that's not very likely. A similar filtering approach could deal with XML or (subject to a small risk of false positives) plain text, but not if the data are embedded in the applet. I should read the applet's documentation: does it allow you to set a base URL (to the proxy), or stick to relative URLs? If not, talk to your developer. Come to think of it, a java class could rewrite URLs in the same way as mod_proxy_html. You'd have to figure out whether that'll work within the applet sandbox (most likely for signed applets), but that looks like an approach you could consider (and maybe google for an existing class) if you don't have the applet source. Or a firefox plugin could easily do the job if restricting your users is an option. -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|