[Zope] Apache, Rewrite rules and MS ISA server

Philip Kilner phil at xfr.co.uk
Fri Jul 9 04:53:09 EDT 2004


Hi Guys,

I have an Apache rewrite configuration issue which I could do with some 
pointers on.

Scenario: -

Zope is on a Windows box, running multiple sites - an Intranet and an 
Extranet, and some other stuff. On the LAN these are at 
http://www.intranet.domain.com and http://www.extranet.domain.com, and 
Apache (IBM, 1.3) is in front of Zope and using rewrite rules perfectly 
happily.

Current rewrite rule is of the pattern: -

NameVirtualHost *
<VirtualHost *>
ServerName www.example.com
RewriteEngine On
RewriteRule ^/(.*) 
http://127.0.0.1:8080/VirtualHostBase/http/www.example.com:80/example/VirtualHostRoot/$1 
[L,P]
</VirtualHost>


Problem: -

We now need to serve the Extranet pages through MS ISA server, which 
will forward an incoming HTTPS request on 
https://public.extranet.domain.com to Apache over HTTP - IOW, the 
inbound link is SSL, the LAN hop to the server is not.

If I simply point it at the server at http://www.extranet.domain.com, 
pages are served, *BUT* both the host name and the protocol in the 
served pages are in the "internal" form, e.g. with the private host name 
and no encryption.

It seems to me that what I need here is two rewrite rules - one to 
rewrite /inbound/ requests to serve the pages, another to rewrite 
outbound requests to modify the absolute URLs in them to use HTTPS and 
the "public" host name. Needless to say, I'd like to avoid using SSL on 
the LAN if possible, or spoofing name resolution...

If I was just working with Apache, this would be easy - but the 
additional step of MS ISA server forwarding requests from the public to 
the private URL, and from SSL to non-SSL, is making my head spin!

All pointers gratefully received. If I need to google more, hints as to 
search terms would help, too!

-- 

Regards,

PhilK

Email: phil at xfr.co.uk / Voicemail & Facsimile: 07092 070518

"The lyf so short, the craft so long to learne" - Chaucer




More information about the Zope mailing list