Apache, Rewrite rules and MS ISA server
Hi Guys, I have an Apache rewrite configuration issue which I could do with some pointers on. Scenario: - Zope is on a Windows box, running multiple sites - an Intranet and an Extranet, and some other stuff. On the LAN these are at http://www.intranet.domain.com and http://www.extranet.domain.com, and Apache (IBM, 1.3) is in front of Zope and using rewrite rules perfectly happily. Current rewrite rule is of the pattern: - NameVirtualHost * <VirtualHost *> ServerName www.example.com RewriteEngine On RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/www.example.com:80/example/Virtua... [L,P] </VirtualHost> Problem: - We now need to serve the Extranet pages through MS ISA server, which will forward an incoming HTTPS request on https://public.extranet.domain.com to Apache over HTTP - IOW, the inbound link is SSL, the LAN hop to the server is not. If I simply point it at the server at http://www.extranet.domain.com, pages are served, *BUT* both the host name and the protocol in the served pages are in the "internal" form, e.g. with the private host name and no encryption. It seems to me that what I need here is two rewrite rules - one to rewrite /inbound/ requests to serve the pages, another to rewrite outbound requests to modify the absolute URLs in them to use HTTPS and the "public" host name. Needless to say, I'd like to avoid using SSL on the LAN if possible, or spoofing name resolution... If I was just working with Apache, this would be easy - but the additional step of MS ISA server forwarding requests from the public to the private URL, and from SSL to non-SSL, is making my head spin! All pointers gratefully received. If I need to google more, hints as to search terms would help, too! -- Regards, PhilK Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 "The lyf so short, the craft so long to learne" - Chaucer
Hello Philip, Try to use VHM finctionality for URL generation: RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostbase/https/www.com:443/VirtualHostRoot/$1 [P] Here, you'll get links on you page to https-site. PK> Hi Guys, PK> I have an Apache rewrite configuration issue which I could do with some PK> pointers on. PK> Scenario: - PK> Zope is on a Windows box, running multiple sites - an Intranet and an PK> Extranet, and some other stuff. On the LAN these are at PK> http://www.intranet.domain.com and PK> http://www.extranet.domain.com, and PK> Apache (IBM, 1.3) is in front of Zope and using rewrite rules perfectly PK> happily. PK> Current rewrite rule is of the pattern: - PK> NameVirtualHost * PK> <VirtualHost *> PK> ServerName www.example.com PK> RewriteEngine On PK> RewriteRule ^/(.*) PK> http://127.0.0.1:8080/VirtualHostBase/http/www.example.com:80/example/Virtua... PK> [L,P] PK> </VirtualHost> PK> Problem: - PK> We now need to serve the Extranet pages through MS ISA server, which PK> will forward an incoming HTTPS request on PK> https://public.extranet.domain.com to Apache over HTTP - IOW, the PK> inbound link is SSL, the LAN hop to the server is not. PK> If I simply point it at the server at PK> http://www.extranet.domain.com, PK> pages are served, *BUT* both the host name and the protocol in the PK> served pages are in the "internal" form, e.g. with the private host name PK> and no encryption. PK> It seems to me that what I need here is two rewrite rules - one to PK> rewrite /inbound/ requests to serve the pages, another to rewrite PK> outbound requests to modify the absolute URLs in them to use HTTPS and PK> the "public" host name. Needless to say, I'd like to avoid using SSL on PK> the LAN if possible, or spoofing name resolution... PK> If I was just working with Apache, this would be easy - but the PK> additional step of MS ISA server forwarding requests from the public to PK> the private URL, and from SSL to non-SSL, is making my head spin! PK> All pointers gratefully received. If I need to google more, hints as to PK> search terms would help, too! -- Best regards, Eugene mailto:el-spam@yandex.ru
Hi Eugene, Eugene wrote:
Try to use VHM finctionality for URL generation:
RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostbase/https/www.com:443/VirtualHostRoot/$1 [P]
Here, you'll get links on you page to https-site.
Aargh! As is so often the case shortly after I ask for help, I'm now feeling quite stupid! I've spent so long staring at the rewrite rule, that I simply didn't get the "inbound" vs. "outbound" logic straight. I think I have it now - the rewrite rule formats a request to Zope, the VirtualHostMonster then parses that request for the VirtualHostBase to figure out how to create the Base URL, and the VirtualHostRoot to figure out where to serve the site from. So, the Apache Virtual Host and the VirtualHostRoot take care of handling the inbound logic and the VirtualHostBase does the URL rewriting in the served pages. Magic! (Even if I don't have that right, I'm now serving pages!) Thanks a bunch! -- Regards, PhilK Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 "The lyf so short, the craft so long to learne" - Chaucer
participants (2)
-
Eugene -
Philip Kilner