Article delegate-en/4249 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: HTTPS to HTTPS Rewriting
01 Dec 2008 17:23:09 GMT Geeosor <>

Hi Yutaka,

Yutaka Sato wrote:
> Guy,
> In message <_A4247@delegate-en.ML_> on 12/02/08(01:11:09)
> you Guy Zuercher <> wrote:
>  |> Sorry but I don't know anything about the configuration syntax of Apache,
>  |> I don't know why you need DeleGate between Apaches, and I don't know
>  |> why you seem to use DeleGate as a proxy.
> Can I get answers for these?
> Rewriting URLs in the body in a HTTP response message is not supported 
> in Apache ? (in mod_xxx or so?)

Oh, of course, didn't saw the questions.

Apache2 mod_proxy only supports rewriting the HTTP headers, but not the
content. Altough there is an external apache module mod_proxy_html
capable of doing that:

But i prefer the Delegate approach...

>  |> Anyway you seem like to do mapping like this:
>  |> 
>  |>   1) https://secure/support/  <-->  http://support/
>  |>   2) https://secure/support/  <---  https://support/
>  |> 
>  |> Am I right?
>  |
>  |Infact we want to make https://support also available under the 2nd url
>  |https://secure/support/. In order to reduce complexity we decided that
>  |there is no need to have https between host2 and delegate.
> Maybe you can do it with STLS=-fcl STLS=fsv:https if necessary.

I tried something similar, but had no success. If i am right, this
combination should decrypt traffic between delegate and host2 in order
to provide it to host1? If so, i would certainly need to accept the
certificate for host2 (support...)?

>  |> I'm not so sure on your requirement but it might be configured like this:
>  |> 
>  |>   1) https://secure/support/ <--> http://delegate/ <--> http://support/
>  |>   2) https://secure/support/ <--- http://delegate/ <--- https://support/
>  |> 
>  |> Here I supposed DeleGate is to get reqest forwarded from Apache as
>  |> a usual origin HTTP server.
>  |> 
>  |>   MOUNT="/* http://support/* direction=fo"
>  |>   MOUNT="https://secure/support/* http://support/*  direction=bo"
>  |>   MOUNT="https://secure/support/* https://support/* direction=bo"
>  |> 
>  |> The first MOUNT parameter forward any requests to http://support and
>  |> it is not used for rewriting URLs in responses.
>  |> The second and the third one rewrites URLs in responses from
>  |> http://support or https://support to https://secure/support.
>  |
>  |That works! I was not aware the MOUNTs may be combined. Great, thanks a
>  |lot :-)
> It will be helpful for other users to show how you configured
> Apache to do it.

The complete configuration would be:

Global config:
        <ProxyMatch http://localhost:70[0-9][0-9]/.*>
              Order deny,allow
              Allow from all

        ProxyRequests On
        ProxyPass /support/kb/ http://localhost:8888/kb/
        ProxyPassReverse /support/kb/ http://localhost:8888/kb/

Obviously localhost:8888 would be the Delegate as proxy to host2.

Hope this is enough info. Otherwise just drop me a mail.



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]