Using Apache as proxy in port-forwarding role (inward to misbehaving NATted devices)

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Jun 20 00:58:42 UTC 2008


Matthew J. Roth wrote:
> Cameron Simpson wrote:
>> It does help if the internal device doesn't embed absolute URLs in its
>> web page output (which it may not, even if it looks like it
>> superficially).
>>
>> ...
>>
>> If the internal devices are embedding absolute URLs in their HREF links
>> you may need to run, additionally, a squid on your _local_ box, that
>> intercepts outbound URLs with the bad links and rewrites them (using the
>> http_redirect plugin), and then use that squid as your proxy.
>
> This problem can also be solved using the Apache module mod_proxy_html.
>
> From 'http://apache.webthing.com/mod_proxy_html/':
>
>  mod_proxy_html is an output filter to rewrite HTML links in a proxy 
> situation,
>  to ensure that links work for users outside the proxy. It serves the 
> same
>  purpose as Apache's ProxyPassReverse directive does for HTTP headers, 
> and is
>  an essential component of a reverse proxy.
>
> Depending on your application, there are several Apache modules that 
> you may need to get the proxy working correctly.  Here are a couple of 
> references to help you sort things out:
>
>  * http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
>  * http://www.apachetutor.org/admin/reverseproxies
>
> Good luck,
>
> Matthew Roth
> InterMedia Marketing Solutions
> Software Engineer and Systems Developer
>

Thanks for the pointer, Matthew.  It helped a lot.

I grabbed the module (3.0.0), and wrapped it in an .rpm, and I've posted 
it to fedora-devel if anyone is interested.

I'm running it on a FC7 system w/ httpd-2.2.8-1.fc7

However, there seem to be some issues.

Doing:

% wget -q -S -O - http://www.redfish-solutions.com/xxx/default

gets me:

returns:

HTTP/1.1 200 OK
Date: Fri, 20 Jun 2008 00:08:37 GMT
Server: Boa/0.94.14rc18
Accept-Ranges: bytes
Connection: close
Content-type: text/html

<!-- Copyright 2006 In2 Networks - All rights reserved -->
<html>
<head>
<script LANGUAGE="JavaScript1.2" >
function redirectme()
{
       parent.location.href = "/get?file=control.htm";
}
</script>
</head>
<body onLoad="redirectme()">
<center>
<br>
<br>
<br>
<h3>Loading control page</h3>
<p> Please Wait </p>
</center>
</body>
</html>


Apparently, Honeywell (who developed my environmental controller) were 
unaware of the Location: response in HTTP.  sigh.

I'm using the config:

LoadFile        /usr/lib64/libxml2.so.2
LoadModule      proxy_html_module       modules/mod_proxy_html.so
...
ProxyHTMLLinks  a               href
ProxyHTMLLinks  area            href
ProxyHTMLLinks  link            href
ProxyHTMLLinks  img             src longdesc usemap
ProxyHTMLLinks  object          classid codebase data usemap
ProxyHTMLLinks  q               cite
ProxyHTMLLinks  blockquote      cite
ProxyHTMLLinks  ins             cite
ProxyHTMLLinks  del             cite
ProxyHTMLLinks  form            action
ProxyHTMLLinks  input           src usemap
ProxyHTMLLinks  head            profile
ProxyHTMLLinks  base            href
ProxyHTMLLinks  script          src for
...
ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
                onmouseover onmousemove onmouseout onkeypress \
                onkeydown onkeyup onfocus onblur onload \
                onunload onsubmit onreset onselect onchange
...
# Local stuff, added by philipp on 6/19/2008

<IfModule mod_proxy.c>
  ProxyRequests Off
</IfModule>

<Proxy *>
  Order deny,allow
  Allow from all
</Proxy>

ProxyPass       /xxx/  http://192.168.1.13/
ProxyHTMLURLMap         http://192.168.1.13 /xxx

<Location /xxx/>
  ProxyPassReverse      /
  SetOutputFilter       proxy-html
  ProxyHTMLURLMap       /       /xxx/
  ProxyHTMLURLMap       /xxx   /xxx
  RequestHeader         unset   Accept-Encoding
</Location>

# for debugging
ProxyHTMLLogVerbose     On
LogLevel                Debug



So what am I missing?

Thanks,

-Philip




More information about the fedora-list mailing list