I'm just keeping notes about mod_proxy as it's always difficult to remember or finding the configuration again on Internet. So that could be useful to some other…
In a large scale internal network, you could have limitation to access a http server because you need a specific network routing path, you have colliding internal networks or specific limitation to access the remote http server. mod_proxy is a nice way to solve such issues to access a http server. mod_proxy is very flexible in use with additional modules provided with httpd.
Here is a simple configuration for a proxified site :
<VirtualHost *:80> ServerAdmin someone@somewhere.network ServerName theserver.name.network ProxyPass / http://thedestserver.name.network/ ProxyPassReverse / http://thedestserver.name.network/ ErrorLog logs/proxy-theserver.name.network-error_log CustomLog logs/proxy-theserver.name.network-access_log combined ProxyRequests on </VirtualHost>
A common issue is to do an authentication on the destination server. An easy way is to use mod_header to add a specific authentication header like that (RequestHeader? has been introduced in Apache httpd 2.0 so won't work on previous version) :
<VirtualHost *:80> ServerAdmin someone@somewhere.network ServerName theserver.name.network ProxyPass / http://thedestserver.name.network/ ProxyPassReverse / http://thedestserver.name.network/ ErrorLog logs/proxy-theserver.name.network-error_log CustomLog logs/proxy-theserver.name.network-access_log combined RequestHeader set Authorization "Basic base64encodedlogin:password" Header unset WWW-Authenticate RequestHeader unset WWW-Authenticate ProxyRequests on </VirtualHost>
Don't forget to construct the authentication string (for Basic authentication) using the format username:password and encoded in Base64. Of course, the mod_header permits also to remove or update specific headers (like caching or date for bad http server implementation like IIS)
When dealing with internal http server, you have often a lot of internal urls with some absolute reference that your http client can't access. You can use the IO Filtering part introduced in Apache 2.0 with the mod_ext_filter module. In the example, we just use 'sed'. But any external software could do the job (Python or Perl script). The use of an external program can be resource intensive… so be aware. You can also list multiple filters in different orders.
ExtFilterDefine fixtext mode=output intype=text/html cmd="/bin/sed s/somethingcrappya/somethingok/g" ExtFilterDefine fixtext2 mode=output intype=text/html cmd="/bin/sed s/somethingcrappyb/somethingok2/g" <VirtualHost *:80> ServerAdmin someone@somewhere.network ServerName theserver.name.network ProxyPass / http://thedestserver.name.network/ ProxyPassReverse / http://thedestserver.name.network/ ErrorLog logs/proxy-theserver.name.network-error_log CustomLog logs/proxy-theserver.name.network-access_log combined RequestHeader set Authorization "Basic base64encodedlogin:password" Header unset WWW-Authenticate RequestHeader unset WWW-Authenticate ProxyRequests on SetOutputFilter fixtext;fixtext2 </VirtualHost>