[Gllug] Seeking an Apache Guru...

Mike Brodbelt m.brodbelt at acu.ac.uk
Mon Jul 8 17:07:45 UTC 2002

I have an ...interesting... Apache problem, and I'm vainly hoping that
some Apache guru out there might have an answer.

The setup is like this - incoming requests are served by a httpd binary
that serves static html pages only. If a request is for a cgi, or other
dynamic content, the front end server uses a proxypass directive to hand
the request off to a mod_perl server on port 81. The mod_perl server is
firewalled from the outside world, and will only accept locally
originating requests.

This setup serves a number of vhosts. We now have a need to set up a
session based authentication system on one vhost, and have got
Apache::AuthTicket working to cookie users and track sessions. As
Apache::AuthTicket requires a mod_perl server, we've changed the config
of the front end "static" server to simply proxy *all* requests for that
vhost to the mod_perl server.

This setup almost works, but not quite. When I request a protected URL,
like http://frontendserver/foo, this is passed to the name based vhost
on the mod_perl server. This server notices that foo corresponds to a
directory, adds a trailing slash, and redirects the browser.
Unfortunately, it issues a redirect to http://backendserver:81/foo/ -
this of course fails, as the client is blocked from connecting to
http://backendserver:81 by the firewall.

I've tried various things, but to no avail. I have recompiled the front
end server with --permute-module=dir:END to put mod_dir processing in
with a higher priority than mod_proxy, in an attempt to to the trailing
slash rewriting before passing the request to the back-end proxy server,
but this is not having any effect, for reasons I can't fathom.

I've removed mod_dir from the back-end mod_perl server, and this cures
the redirection issues, but stops Apache from serving index.html pages
when the URL specifies just a directory, so that's not an acceptable

I need the processing that mod_dir is doing, but can't see how to force
it to be applied before the ProxyPass directive is acted on. I'm stuck,
and I'd appreciate any help/comments anyone out there might have.


Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list