0

I currently have a vendor web application that puts fully qualified domain names in response bodies (HTML, JavaScript, CSS). For example, requests made to "realserver.mycompany.com" will contain JavaScript with variables that are set to https://realserver.mycompany.com/path/to/something. I have set up an apache server as a reverse proxy. The proxy directives don't have any effect on the response bodies, so I have included mod_substitute to find instances of "realserver.mycompany.com" and replace it with "proxyserver.mycompany.com". Although this works, it causes the browser client to create requests that contain "proxyserver.mycompany.com" as part of the data when the backend expects to see "realserver.mycompany.com". So I need to be able to perform the reverse substitution on request content that I'm performing on response bodies. However, the documentation for mod_substitute specifically states it operates on response bodies.

Here is the configuration I'm currently using:

<Location "/">
RequestHeader unset Accept-Encoding
RequestHeader unset Accept
RequestHeader set Accept-Encoding "identity; q=1.0,*;q=0"

ProxyPass https://realserver.mycompany.com/
ProxyPassReverse https://realserver.mycompany.com/
Substitute "s|realserver.mycompany.com|proxyserver.mycompany.com|in"
FilterDeclare webtestOut
FilterProvider webtestOut SUBSTITUTE "%{Content_Type} = ~m|^application/.*|"
FilterProvider webtestOut SUBSTITUTE "%{Content_Type} =~ m|^text/.*|"
</Location>

I can't figure out how to change instances of "proxyserver.mycompany.com" to "realserver.mycompany.com" before passing the request on to the back end server. I'm not tied to apache. If there's a way to accomplish this using NGINX, I'm happy to change.

S. Gevers
  • 11
  • 2
  • have you tried with a single "ProxyPreserveHost on" most backend applications will use the host they receive instead of a fixed one. This would be the most "economic" way of dealing with this issue. – ezra-s Jan 24 '18 at 13:11
  • ProxyPreserveHost is the reverse of the problem. ProxyPreserveHost would send proxy server.mycompany.com to the backend in the request. I not only don't want it there, I want it swapped in the content as well. – S. Gevers Jan 25 '18 at 14:18
  • then mod_proxy_html is probably your only choice. – ezra-s Jan 25 '18 at 14:21
  • mod_proxy doesn't change request bodies. I suppose that means that nothing accomplishes that. – S. Gevers Jan 26 '18 at 14:24
  • Request bodies? Now they are request bodies? in the question you say "response bodies". – ezra-s Jan 27 '18 at 16:43
  • Maybe I didn't use clear enough language, but I never said I needed to perform the substitution on response bodies. I said I was already performing the substitution on response bodies. Then I said: " So I need to be able to perform the reverse substitution on request content that I'm performing on response bodies." Request Content == Request Bodies – S. Gevers Jan 29 '18 at 14:37
  • To clarify, I never said I needed help with performing substitutions on response bodies. I definitely need to perform the substitutions on response bodies. But that's already working fine. – S. Gevers Jan 29 '18 at 14:46

1 Answers1

1

If you need to rewrite the content, then look at the mod_proxy_html module.

If you have control of the backend content, it may be better to use relative links in the content. If a domain is required, then using the domain from the request eliminates the need for rewriting. Just pass the request back without modifying the Host header, and use that domain for links that include the domain.

BillThor
  • 27,354
  • 3
  • 35
  • 69
  • As this is a vendor application for which I'm trying to proxy, I don't have control of the backend content. According to the documentation for mod_proxy_html, the module provides an output filter to rewrite HTML links in a proxy situation. It's examples show converting href attributes of anchor tags. I've already solved this problem (plus hardcoded URLs in JavaScript) with mod_substitute. The problem is that requests coming in now have the proxy domain and are erring on the backend that expects the server domain. – S. Gevers Jan 22 '18 at 14:32
  • If it expects the server domain, try turning off all rewriting. I've used the proxy balancer configuration to pass traffic unmodified. External DNS should direct realserver traffic to the proxy. All traffic everywhere should have realserver.mycompany.com as the domain. If necessary, you can use the hosts file on the application server to make it believe it is running on realserver.mycompany.com. Try to avoid all substitutions. – BillThor Jan 22 '18 at 22:42
  • I appreciate you taking the time to consider solutions, but none of those are options for me. I was hoping that I didn't have to expose the entirety of the problem (not to mention the silly policies I have to adhere to). The application runs on our intranet. It has a name like "app.internal.company.com". The name is hardcoded in configuration files, and the silly application embeds the name in JS variables and expects the name embedded in AJAX parameters. I want to expose the app to the intranet, but I can only use the DNS name "app.external.company.com". I can't avoid substituions. – S. Gevers Jan 23 '18 at 23:21