1

I'm using java and apache and I'm hosting non secure 3rd party content on my secure page and when I share my page on facebook, facebooks tab doesn't display the insecure content. I ran across an article that describes this behavior and I'm looking to correct the issue. https://www.tabsite.com/blog/chrome-and-other-browsers-not-showing-insecure-content/

Since my content providers are not providing secure content, my thought was to use apache to proxy my secure URL to the third parties non secure URL.

How would I go about making my proxy dynamic so that I wouldn't have to consistently modify my server image? My initial thought was to prepend the 3rd party URL with my domain 

https://images.example.com?url=http://content-provider.com/image/1234.jpg

and parse it with apache rewrite or something, however I'm not sure that is an appropriate solution. I'm looking for some thoughts and suggestions.

How do I use mod_rewrite to rewrite the url to the query parameter?

I tried something writing the following code with no success

https://images.example.com?url=http://content-provider.com/image/1234.jpg

RewriteCond %{QUERY_STRING} ^url=(.*)$ [NC]
RewriteRule (.*)$ %1 [NC,L,R=301]

I was hoping for http://content-provider.com/image/1234.jpg

George
  • 145
  • 1
  • 8

1 Answers1

2

To do it in a completely generic way would be difficult. In your example you could change the "R=301" flag to "P" (for proxy) and it should work (use the rewritelog to debug if not).

Otherwise you have to have 'some way' of mapping the request URI to a back end server, possibly a rewritemap could help here, but it would depend on how much you know about the real location of the underlying proxied files.

One possible (but very simple) solution, you could split the servers and assign them a letter.

ProxyPass /a/ http://content-provider-a.example.com/
ProxyPass /b/ http://content-provider-b.example.com/
...

And then general URI paths /a/path/to/file/on/provider-a/ etc. But again you have to know all the locations in advance.

If you explain a bit more, then more suggestions may be forthcoming.

Addition information after discussion. First there is some good informatin on mod_rewrite here: Redirect, Change URLs or Redirect HTTP to HTTPS in Apache - Everything You Ever Wanted to Know About Mod_Rewrite Rules but Were Afraid to Ask

You should also spend time learning about PCRE.

Using the following as our base configuration, here is some explanation:

RewriteMap myquery "fastdbd:SELECT externalURL FROM photo WHERE id = %s"
RewriteRule ^/images/(.*) ${myquery:$1} [P,L]

$1 is a back reference to the string matched in the RewriteRule, the .* inside the brackets. The %s is the argument passed to the RewriteMap, which in this case is the same thing as $1.

A note of caution. Mod_rewrite is not for the fainthearted. It is very complex and you should expect to spend some time working on this.

Community
  • 1
Unbeliever
  • 2,286
  • 1
  • 9
  • 17
  • We run an automotive portal where we receive millions of photo urls from car dealerships across the country. These photos come to us in a csv file with varying domains. Rather than download and store the photos on our servers, we only store the urls in the database. When a user views the listing, we just load the photo from the partner server. We discovered today that facebook tabs are not showing any of the insecure photos and I'm unable to get them sent secured. I'm looking to dynamically proxy those photos to https and the only solution that came to mind is what I presented in my question. – George Sep 07 '16 at 20:04
  • OK, so you so know all the image locations, great. You could create a text file that maps between a URI path (that you decide upon) and the underlying image location, and then use a rewritemap to proxy to the correct location – Unbeliever Sep 08 '16 at 07:06
  • Disclosure, I'm not a Linux expert, so please don't mind my questions. Would I need to manually create and upload this text file to the server? Or is there a way to automate the process? I keep url references to all the images in my database, but over the past year we've had over 600 million photos from many difference sources, so it would be nearly impossible to manage manually. – George Sep 08 '16 at 12:38
  • OK, 600 million is a *lot* of images. You'd almost certainly have to leave the mapping in the database and query it directly with the rewritemap. I can be done, but is quite new: https://httpd.apache.org/docs/current/rewrite/rewritemap.html#dbd – Unbeliever Sep 08 '16 at 13:18
  • Seems promising. Again I'm no expert in this, but perhaps you could help me to refine the logic. I've started with this RewriteMap myquery "fastdbd:SELECT externalURL FROM photo WHERE id = %s" RewriteRule "^/images/(.*)" "${myquery :$1}" [p] – George Sep 08 '16 at 13:40
  • Looks like a good starting point. I've never used a rewritemap direct to a DB before myself. In fact its the only type of rewritemap I've not done :) Use the rewritelog to debug is necessary. – Unbeliever Sep 08 '16 at 13:48
  • Could you help me to understand where the variables are getting their values from? Where is the %s in the query getting it's value from? Does it get it from $1 in the rewrite rule? If so, where does $1 get it's value from? Is that the first parameter after ^/images/? I think if I understood that piece a little better, it would help me to resolve this issue quicker. Thanks – George Sep 08 '16 at 13:53
  • Will add details in the original answer – Unbeliever Sep 09 '16 at 06:39