On Sun, Oct 25, 2009 at 12:12 PM, André Warnier <aw@xxxxxxxxxx> wrote: > Similarly, the doc. for ProxyPass indicates : > Context: server config, virtual host, directory > > Does the above mean that they apply also to a <Location> section ? You can use Proxy and ProxyPass directives in a <Location> container, but the syntax changes. As the docs mention: "When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location>." So this: ProxyPass /getit http://another-host.com/getit ProxyPassReverse /getit http://another-host.com/getit And this: <Location /getit> ProxyPass http://another-host.com/getit ProxyPassReverse http://another-host.com/getit </Location> Are both equivalent... > I would like however, that *before* the above proxying to the back-end takes > place, such requests would be subject to AAA on the front-end server. For > this, I would define a <Location> as follows : If you want to use a <Location> block to protect proxied content you will need to use the url you're proxying too. So this would have to be: <Location http://another-host.com/getit> # AAA directives </Location> So you can't really combine them with your Proxy directive... In your case though I would use a <Proxy> block. Makes it easier for the next person reading your config to understand what is going on. So then your config would become something like: RewriteRule ^/cgi-bin/script.pl$ /getit [P] ProxyPass /getit http://another-host.com/getit ProxyPassReverse /getit http://another-host.com/getit <Proxy http://another-host.com/getit> # Your AAA directives go here... </Proxy> This aproach has the advantage that you are actually protecting the _target_ of your rewrite (which is what I asume you want), and not the original URL. So even if you proxy other URLs to your backend they will also require authentication. BTW, you could combine your rewrite and your proxypass statements: RewriteRule ^/cgi-bin/script.pl$ /getit http://another-host.com/getit [P] HTH, Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|