-1

I have to modify the response headers delivered via a proxy rewrite directive I set up in an apache http server.

Things work fine with that simple example, it unconditionally delivers the goal from the backend server for all requests: 

<VirtualHost ...>
  ...
  # unconditionally modify headers
  Header set Content-Type "text/html"
  Header unset Content-Disposition
  Header unset Content-Transfer-Encoding
  # fetch goal from backend
  RewriteEngine on
  SSLProxyEngine on
  RewriteRule ^ https://back.example.org/goal [P]
  ...
  # prevent all access to the file system
  DocumentRoot /var/www/html
  <Directory /var/www/html>
    Options none
    Order deny,allow
    Deny from All
  </Directory>
</VirtualHost>

However the issue is that the host also has to deliver a few static files from another backend server where the headers must not be altered! So I made an attempt to rewrite to a virtual goal in a first step, apply the header modification rules and then to proxy in a second step: 

<VirtualHost ...>
  ...
  # modify headers only for /goal
  <Location /goal>
    Header set Content-Type "text/html"
    Header unset Content-Disposition
    Header unset Content-Transfer-Encoding
  </Location>
  # fetch static exceptions from static backend
  RewriteEngine on
  SSLProxyEngine on
  RewriteRule static-1$ https://static.example.org/static-1 [P]
  RewriteRule static-2$ https://static.example.org/static-2 [P]
  RewriteRule static-3$ https://static.example.org/static-3 [P]
  # two step rewrite and proxy to fetch goal from backend and get the headers modified
  RewriteRule ^/goal$  https://back.xample.org/goal [P]
  RewriteRule ^ /goal [PT,N]
  ...
  # prevent all access to the file system
  DocumentRoot /var/www/html
  <Directory /var/www/html>
    Options none
    Order deny,allow
    Deny from All
  </Directory>
</VirtualHost>

This however leaves me with a http status 403.

I used rewrite logging for further insight and indeed the request is rewritten to /goal according to the first step, the URI -to-filehandler API is invoked again and then the request gets simply mapped onto the file system which explains the 403. Why doesn't the second rewrite step get applied, the proxy step, in a next round?

Or, my actual question: how can I have header modifications get applied to a catch-all rewrite proxy rules result, but define some explicit exceptions from the header modifications?

arkascha
  • 41,620
  • 7
  • 58
  • 90

1 Answers1

0

Ok, poked a bit mir, since I received neither answer nor comment... (why is it that most of my questions only hit a wall of silence? ).

A working solution is to use a negative LocationMatch directive for the static content exceptions. Not sexy, but working: 

<VirtualHost ...>
  ...
  RewriteEngine on
  SSLProxyEngine on
  # fetch static exceptions from static backend
  RewriteRule static-1$ https://static.example.org/static-1 [P]
  RewriteRule static-2$ https://static.example.org/static-2 [P]
  RewriteRule static-3$ https://static.example.org/static-3 [P]
  # proxy goal from backend
  RewriteRule ^  https://back.xample.org/goal [P]
  ...
  # modify headers, but _not_ for static exceptions
  <LocationMatch "^/(?!static)">
    Header set Content-Type "text/html"
    Header unset Content-Disposition
    Header unset Content-Transfer-Encoding
  </LocationMatch>
  ...
  # prevent all access to the file system
  DocumentRoot /var/www/html
  <Directory /var/www/html>
    Options none
    Order deny,allow
    Deny from All
  </Directory>
</VirtualHost>
arkascha
  • 41,620
  • 7
  • 58
  • 90