Apache Mod Rewrite - Return url is not ok

Question

I've been searching around for a time, and I can't find the right solution to my case. So here's my case :

I've installed a server in my company on which I've an application and a apache server used as a proxy. This server has access to some equipments installed on the network (private network). Those equipments has a webserver embedded from which we can configure the equipement (like a home router). So, what I want is to be able to proxy all incoming request to the equipment. The way I want to handle this is like this :

The user may use that query :

http://SERVER_IP:9090/10.219.1.1/

So the IP : 10.219.1.1 is in fact the IP of the equipment I like to access.

So far, here's what I've done :

SetEnvIf Referer ".*(10\.219\.[0-9]{1,3}\.[0-9]{1,3}).*$" routeur_ip=$1
SetEnvIf Request_URI  ".*(10\.219\.[0-9]{1,3}\.[0-9]{1,3}).*$" routeur_ip=$1

RewriteRule ^\/10\.219\.[0-9]{1,3}\.[0-9]{1,3}\/$ http://%{ENV:routeur_ip}/ [P,L]
RewriteRule ^\/10\.219\.[0-9]{1,3}\.[0-9]{1,3}\/(.*)$ http://%{ENV:routeur_ip}/$1 [P,L]
RewriteRule ^\/(themes.*)$ http://%{ENV:routeur_ip}/$1?david=%{ENV:routeur_ip} [P,L]
RewriteRule ^\/(images.*)$ http://%{ENV:routeur_ip}/$1 [P,L]
RewriteRule ^\/(css.*)$ http://%{ENV:routeur_ip}/$1 [P,L]
RewriteRule ^\/(cgi-bin.*)$ http://%{ENV:routeur_ip}/$1 [P,L]
RewriteRule ^\/(js.*)$ http://%{ENV:routeur_ip}/$1 [P,L]
RewriteRule ^\/(favicon.ico)$  http://%{ENV:routeur_ip}/$1 [P,L]

ProxyPassReverse http://SERVER_IP:9090/%{ENV:routeur_ip}/ http://%{ENV:routeur_ip}/

Result : I'm able to load the HTML code, but two things doesn't work.

The CSS on the equipment try to load an image and I get a 400
I cannot navigate true the menu of the equipment, because the URL return by the HREF tag doesn't include the equipment IP address. Ex.: The HREF looks like this : <a href="/cgi-bin/webif/status-network.sh?cat=Network">Network</a>
So when I clik on this it became : http://10.23.130.107:9090/cgi-bin/webif/status-network.sh?cat=Network So the return URL doesn't include the IP address of the equipment...

Log :

GET MY_IP 200, /10.219.1.1/ | Req_URI:/10.219.1.1/, HTTP_REF: | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /10.219.1.1/cgi-bin/webif/system-info.sh | Req_URI:/10.219.1.1/cgi-bin/webif/system-info.sh, HTTP_REF: | ip = 10.219.1.1 vs - |-|-
GET MY_IP 401, /10.219.1.1/cgi-bin/webif/system-info.sh | Req_URI:/10.219.1.1/cgi-bin/webif/system-info.sh, HTTP_REF: | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /themes/active/waitbox.css | Req_URI:/themes/active/waitbox.css, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /themes/active/webif.css | Req_URI:/themes/active/webif.css, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /js/styleswitcher.js | Req_URI:/js/styleswitcher.js, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /images/ajax-loader.gif | Req_URI:/images/ajax-loader.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /images/hlogo.gif | Req_URI:/images/hlogo.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /images/cell7.gif | Req_URI:/images/cell7.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 404, /images/cell7.gif | Req_URI:/images/cell7.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /10.219.1.1/cgi-bin/webif/system-info.sh | Req_URI:/10.219.1.1/cgi-bin/webif/system-info.sh, HTTP_REF: | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /js/styleswitcher.js | Req_URI:/js/styleswitcher.js, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /themes/active/waitbox.css | Req_URI:/themes/active/waitbox.css, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /themes/active/webif.css | Req_URI:/themes/active/webif.css, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 400, /themes/vip4g/menu-bg.gif | Req_URI:/themes/vip4g/menu-bg.gif, HTTP_REF:http://SERVER_IP:9090/themes/active/webif.css | ip = - vs - |-|-
GET MY_IP 400, /themes/vip4g/current-bg.gif | Req_URI:/themes/vip4g/current-bg.gif, HTTP_REF:http://SERVER_IP:9090/themes/active/webif.css | ip = - vs - |-|-
GET MY_IP 200, /images/ajax-loader.gif | Req_URI:/images/ajax-loader.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /images/hlogo.gif | Req_URI:/images/hlogo.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /10.219.1.1/cgi-bin/webif/system-info.sh | Req_URI:/10.219.1.1/cgi-bin/webif/system-info.sh, HTTP_REF: | ip = 10.219.1.1 vs - |-|-
GET MY_IP 200, /images/cell7.gif | Req_URI:/images/cell7.gif, HTTP_REF:http://SERVER_IP:9090/10.219.1.1/cgi-bin/webif/system-info.sh | ip = 10.219.1.1 vs - |-|-

I've another solution, but I doesn't like it. I could create a Local Port Fowarding (with ip tables) per Equipment IP, but it'll take a lot of ports on the server to do so and I don't think it's the right way to do it.

Thx for any hint.

Regards

score 0 · Accepted Answer · answered Sep 12 '13 at 07:53

What you want is a complex thing to manage. You want to alter all references to your host to add an IP prefix on the url.

Proxy instructions, bydefault, only manage HTTP headers content (like 302 and such). This is what you already have.

To rewrite HTML/JS/CSS content with the right url you have to solutions:

mod_proxy_html or others tools, scanning all the data managed by the proxy and applying replacement rules on it. Of course this means a slowdown on the proxy.
manage proxy HTTP headers (X-Forwarded-Port, X-Forwarded-Proto and X-Forwarded-Host) in the applications side. Knowing that theses are lists of values and that the first one is the one that should be used in the HTML/CSS/Js content. quoting wikipedia this is the general form of theses lists:

X-Forwarded-For: client, proxy1, proxy2

The second solution means you must have a deep knowledge and power on the applications, and usually content rewriters on proxy are to be used.

Another way of action could be to extract the IP prefix for something else, the referrer header or a cookie value maybe. Anyway your configuration certainly needs some security reflexions, your allow the final to use your proxy to make queries on IP address he choose.

Hi! Thank you for your help. You are right about a lot of things. Instead of doing it with apache config, I've used this : http://www.jmarshall.com/tools/cgiproxy/ — user183729, Sep 12 '13 at 19:17
@user183729 Thanks, if you alter your question title to reflect your real probem I'll upvote it. — regilero, Sep 13 '13 at 08:11

Apache Mod Rewrite - Return url is not ok

1 Answers1