0

I'm trying to make a SSL proxy using Apache 2 that listens on port 443 and forwards the requests on different IPs/ports based on context:

Scenario:

Make a jBoss "https-remoting" request (it uses HTTP1.1 Upgraded to "jboss-remoting" in Wildfly 8.2), from: 

https://xxxxxxx.com:443

and forward it to:

http://192.168.x.y:8080

I've found the following RewriteCond that works:

RewriteCond %{HTTP:Upgrade} jboss-remoting [NC]
RewriteRule ^/(.*)$ http://192.168.x.y:8080/$1 [P]

But i can't figure out what RewriteRule I should apply in order the request to go on http-remoting not http.

Apache Input:

GET / HTTP/1.1\r\n
Sec-JbossRemoting-Key: WJaD+AcnutfrXiBna+KL5w==\r\n
Upgrade: jboss-remoting\r\n
Host: xxxxxxx.com\r\n
Connection: upgrade\r\n

Apache Output:

GET / HTTP/1.1\r\n
Host: xxxxxxx.com\r\n
Sec-JbossRemoting-Key: WJaD+AcnutfrXiBna+KL5w==\r\n
X-Forwarded-For: 192.168.x.y\r\n
X-Forwarded-Host: xxxxxxx.com\r\n
X-Forwarded-Server: xxxxxxx.com\r\n
Connection: Keep-Alive\r\n

As you can see, the Upgrade and Connection headers are stripped out. Is there a way I can forward everything?

Andrei Matei
  • 1,049
  • 2
  • 10
  • 23

1 Answers1

0

Found the solution. It consists of hacking the mod_proxy_wstunnel from Apache 2.4+ in order to support the jboss-remoting Upgrade.

As quick hack, you need to edit the following file:

mod_proxy_wstunnel.c

Mandatory changes:

The upgrade header needs to be patched from: 

buf = apr_pstrdup(p, "Upgrade: WebSocket" CRLF "Connection: Upgrade" CRLF CRLF);

to

buf = apr_pstrdup(p, "Upgrade: jboss-remoting" CRLF "Connection: Upgrade" CRLF CRLF);

and the following line:

 if (!upgrade || strcasecmp(upgrade, "WebSocket") != 0)

to

if (!upgrade || strcasecmp(upgrade, "jboss-remoting") != 0)

Now, a simple rewrite rule would make the trick:

RewriteRule ^/(.*)$ ws://IP2:8080 [P]

Notice the "ws" protocol. It needs it in order to trigger the upgrade.

The code works like this, but you should patch the protocol/mod_proxy_wstunnel file as well and make everything more generic.

Andrei Matei
  • 1,049
  • 2
  • 10
  • 23