0

We use serveral Apache servers as reverse proxy in front of numerous backend servers. The backend servers send a HTTP response header ("Cast") which contains an internal name of the backend server.

In the reverse proxy I would like to log the content of the backend server's response header and prevent the header from being sent to the client.

Logging the header is simple with inserting %{Cast}o in our custom LogFormat configuration. Also, preventing the header from being sent to the client is easy, by using Header unset Cast

The only problem is that when unsetting the header it cannot be logged anymore.

Is there a way to store the backend's response header in a variable, unset the header and log the variable?

Notes

  • The Apache servers being used as reverse proxies are Apache 2.2 on RHEL 6 and 2.4 on RHEL7
  • Reverse proxy rules use either ProxyPassor RewriteRule ... [P]
Vernade
  • 1
  • 1
  • 2
  • As the log module works last, unseting the header removes the data. Only way I can think of is storing that info into a variable and logging that instead. Since SetEnvIf does not work on response headers, only way I can think of is or by a second proxy in between (as sugested by HBruijn) or by a custom module to read the header and create the variable. – NuTTyX Oct 12 '15 at 15:02

1 Answers1

0

In the past I have used a intermediate VirtualHost entry as a work-around for similar situations when certain directives didn't play well together:

Your current configuration may look like: 

<VirtualHost *:80>
   ServerName www.example.com
   ProxyPass /app http://app.example.com/app
   ProxyPassReverse /app http://app.example.com/app
</VirtualHost>

Modify that to point to the intermediate virtual host and strip your header from the responses:

<VirtualHost *:80>
   ServerName www.example.com
   ProxyPass /app http://localhost:8000/app
   ProxyPassReverse /app http://localhost:8000/app
   Header unset Cast
</VirtualHost>

and a new virtual host where you can still log your Cast headers:

Listen 127.0.0.1:8000
<VirtualHost 127.0.0.1:8000>
   ServerName localhost
   ProxyPass /app http://app.example.com/app
   ProxyPassReverse /app http://app.example.com/appp
   LogFormat %{X-Forwarded-For}o %{Cast}o ...
</VirtualHost>
HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • I considered something similar, but in a working enviroment with 30+ Virtualhosts with many reverseproxy rules this would get very complex quickly. Furthermore, the reverse proxy has considerable traffic, I fear that this would add to load and latency. – Vernade Oct 12 '15 at 15:14
  • I'll be the first to admit that it is not a very pretty work-around. Nothing better comes to mind though. In general: If your current solution doesn't meet your requirements, either change your requirements, or change your solution. Common high-performance reverse proxy alternatives to Apache are for instance HAProxy and Varnish or commercial solutions such as F5 Big-IP (which we currently use and are in general quite pleased with) and Bluecoat. – HBruijn Oct 12 '15 at 18:30
  • Thank you for your help. Changing the reverse proxy is not a (short term) option. Before dropping the requirement, I think I am going to look if there is an optional Apache module, which can help me accomplish the task one way or the other. – Vernade Oct 13 '15 at 10:03