Skip to content

Apache2::ModProxyPerlHtml is the most advanced Apache output filter to rewrite HTTP headers and HTML links for reverse proxy usage. It is written in Perl and exceeds all mod_proxy_html.c limitations without performance lost.

Notifications You must be signed in to change notification settings

darold/modproxyperlhtml

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NAME
    Apache2::ModProxyPerlHtml - rewrite HTTP headers and HTML links for
    reverse proxy usage

DESCRIPTION
    Apache2::ModProxyPerlHtml is the most advanced Apache output filter to
    rewrite HTTP headers and HTML links for reverse proxy usage. It is
    written in Perl and exceeds all mod_proxy_html.c limitations without
    performance lost.

    Apache2::ModProxyPerlHtml is very simple and has far better
    parsing/replacement of URL than the original C code. It also supports
    meta tag, CSS, and javascript URL rewriting and can be used with
    compressed HTTP. You can now replace any code by other, like changing
    image names or anything else. mod_proxy_html can't do all of that. Since
    release 3.x ModProxyPerlHtml is also able to rewrite HTTP headers with
    Refresh url redirection and Referer.

    The replacement capability concern only the following HTTP content type:

            text/javascript
            text/html
            text/css
            text/xml
            application/.*javascript
            application/.*xml

    other kind of file, will be left untouched (or see ProxyHTMLContentType
    and ProxyHTMLExcludeContentType).

AVAILIBILITY
    You can get the latest version of Apache2::ModProxyPerlHtml from CPAN
    (http://search.cpan.org/).

PREREQUISITES
    You must have Apache2, mod_proxy, mod_perl and IO::Compress::Zlib perl
    modules installed on your system.

  Installation on RH/CentOs
    Install Apache2, apxs, the Epel repository (for mod_perl install) and
    the Perl Module IO::Compress:

            yum install httpd httpd-devel
            yum install epel-release
            yum install perl-IO-Compress

    Install ModPerl, minimal version to work with Apache 2.4 is 2.0.10:

            yum list | grep mod_perl
            yum --enablerepo=epel -y install mod_perl mod_perl-devel

    Enable mod_perl:

            a2enconf mod_perl
            systemctl reload apache2

    The Apache module mod_ssl is not available by default, install it:

            yum install mod_ssl

    If the firewall is enabled you might want to allow access to the Apache
    services

            firewall-cmd --permanent --add-service=http
            firewall-cmd --permanent --add-service=https
            firewall-cmd --reload

  Installation on Debian/Ubuntu
    To have Apache2 server and apxs command:

            apt install apache2 apache2-dev

    ModPerl can be installed using:

            apt install libapache2-mod-perl2 libapache2-mod-perl2-dev

    ModProxyPerlHtml need additional Perl module IO::Compress:

            apt install libio-compress-perl

    Enable mod_proxy:

            a2enmod proxy
            a2enmod proxy_http
            a2enmod proxy_ftp
            a2enmod proxy_connect

    Enable the configuration and mod_perl:

            a2enmod perl

INSTALLATION
            % perl Makefile.PL
            % make && make install

APACHE CONFIGURATION
    On Debian/Ubuntu set the following configuration into the VirtualHost
    section of files /etc/apache2/sites-available/default-ssl.conf and
    /etc/apache2/sites-available/000-default.conf. On CentOS/RedHat add it
    to /etc/httpd/conf.d/vhost.conf.

        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass       /webcal/  http://webcal.domain.com/

        PerlInputFilterHandler Apache2::ModProxyPerlHtml
        PerlOutputFilterHandler Apache2::ModProxyPerlHtml
        SetHandler perl-script
        # Use line below and comment line above if you experience error:
        # "Attempt to serve directory". The reason is that with SetHandler
        # DirectoryIndex is not working 
        # AddHandler perl-script *
        PerlSetVar ProxyHTMLVerbose "On"
        LogLevel Info


        <Location /webcal/>
            ProxyPassReverse /
            PerlAddVar ProxyHTMLURLMap "/ /webcal/"
            PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal"
        </Location>

    Note that here FilterHandlers are set globally, you can also set them in
    any <Location> part to set it locally and avoid calling this Apache
    module globally.

    If you want to rewrite some code on the fly, like changing images
    filename you can use the perl variable ProxyHTMLRewrite under the
    location directive as follow:

        <Location /webcal/>
            ...
            PerlAddVar ProxyHTMLRewrite "/logo/image1.png /images/logo1.png"
            # Or more complicated to handle space in the code as space is the
            # pattern / substitution separator character internally in ModProxyPerlHtml
            PerlAddVar ProxyHTMLRewrite "ajaxurl[\s\t]*=[\s\t]*'/blog' ajaxurl = '/www2.mydom.org/blog'"
            ...
        </Location>

    this will replace each occurence of '/logo/image1.png' by
    '/images/logo1.png' in the entire stream (html, javascript or css). Note
    that this kind of substitution is done after all other proxy related
    replacements.

    In some conditions javascript code can be replaced by error, for
    example:

            imgUp.src = '/images/' + varPath + '/' + 'up.png';

    will be rewritten like this:

            imgUp.src = '/URL/images/' + varPath + '/URL/' + 'up.png';

    To avoid the second replacement, write your JS code like that:

            imgUp.src = '/images/' + varPath + unescape('%2F') + 'up.png';

    ModProxyPerlHTML replacement is activated on certain HTTP Content Type.
    If you experienced that replacement is not activated for your file type,
    you can use the ProxyHTMLContentType configuration directive to
    redefined the HTTP Content Type that should be parsed by
    ModProxyPerlHTML. The default value is the following Perl regular
    expresssion:

            PerlAddVar ProxyHTMLContentType    (text\/javascript|text\/html|text\/css|text\/xml|application\/.*javascript|application\/.*xml)

    If you know exactly what you are doing by editing this regexp fill free
    to add the missing Content-Type that must be parsed by ModProxyPerlHTML.
    Otherwise drop me a line with the content type, I will give you the
    rigth expression. If you don't know about the content type, with FireFox
    simply type Ctrl+i on the web page.

    Some MS Office files may conflict with the above ProxyHTMLContentType
    regex like .docx or .xlsx files. The result is that there could suffer
    of replacement inside and the file will be corrupted. to prevent this
    you have the ProxyHTMLExcludeContentType configuration directive to
    exclude certain content-type. Here is the default value:

            PerlAddVar ProxyHTMLExcludeContentType  (application\/vnd\.openxml)

    If you have problem with other content-type, use this directive. For
    example, as follow:

            PerlAddVar ProxyHTMLExcludeContentType  (application\/vnd\.openxml|application\/vnd\..*text)

    this regex will prevent any MS Office XML or text document to be parsed.

    Some javascript libraries like JQuery are wrongly rewritten by
    ModProxyPerlHtml. The problem is that those javascript code include some
    code and regex that are detected as links and rewritten. The only way to
    fix that is to exclude those files from the URL rewritter by using the
    "ProxyHTMLExcludeUri" configuration directive. For example:

            PerlAddVar ProxyHTMLExcludeUri  jquery.min.js$
            PerlAddVar ProxyHTMLExcludeUri  ^.*\/jquery-lib\/.*$

    Any downloaded URI that contains the given regex will be returned asis
    without rewritting. You can use this directive multiple time like above
    to match different cases.

LIVE EXAMPLE
    Here is the reverse proxy configuration I use to give access to Internet
    users to internal applications:

        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass       /webmail/  http://webmail.domain.com/
        ProxyPass       /webcal/  http://webcal.domain.com/
        ProxyPass       /intranet/  http://intranet.domain.com/


        PerlInputFilterHandler Apache2::ModProxyPerlHtml
        PerlOutputFilterHandler Apache2::ModProxyPerlHtml
        SetHandler perl-script
        # Use line below iand comment line above if you experience error:
        # "Attempt to serve directory". The reason is that with SetHandler
        # DirectoryIndex is not working 
        # AddHandler perl-script *
        PerlSetVar ProxyHTMLVerbose "On"
        LogLevel Info


        # URL rewriting
        RewriteEngine   On
        #RewriteLog      "/var/log/apache/rewrite.log"
        #RewriteLogLevel 9
        # Add ending '/' if not provided
        RewriteCond     %{REQUEST_URI}  ^/mail$
        RewriteRule     ^/(.*)$ /$1/    [R]
        RewriteCond     %{REQUEST_URI}  ^/planet$
        RewriteRule     ^/(.*)$ /$1/    [R]
        # Add full path to the CGI to bypass the index.html redirect that may fail
        RewriteCond     %{REQUEST_URI}  ^/calendar/$
        RewriteRule     ^/(.*)/$ /$1/cgi-bin/wcal.pl    [R]
        RewriteCond     %{REQUEST_URI}  ^/calendar$
        RewriteRule     ^/(.*)$ /$1/cgi-bin/wcal.pl     [R]


        <Location /webmail/>
            ProxyPassReverse /
            PerlAddVar ProxyHTMLURLMap "/ /webmail/"
            PerlAddVar ProxyHTMLURLMap "http://webmail.domain.com /webmail"
            # Use this to disable compressed HTTP
            #RequestHeader   unset   Accept-Encoding
        </Location>


        <Location /webcal/>
            ProxyPassReverse /
            PerlAddVar ProxyHTMLURLMap "/ /webcal/"
            PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal"
        </Location>


        <Location /intranet/>
            ProxyPassReverse /
            PerlAddVar ProxyHTMLURLMap "/ /intranet/"
            PerlAddVar ProxyHTMLURLMap "http://intranet.domain.com /intranet"
            # Rewrite links that give access to the two previous location 
            PerlAddVar ProxyHTMLURLMap "/intranet/webmail /webmail"
            PerlAddVar ProxyHTMLURLMap "/intranet/webcal /webcal"
        </Location>

    This gives access two a webmail and webcal application hosted internally
    to all authentified users through their own Internet acces. There's also
    one acces to an Intranet portal that have links to the webcal and
    webmail application. Those links must be rewritten twice to works.

ROT13 obfuscation
    Some links can be obfucated to be hidden from google or other robots. To
    enable encode/decode of those links you can use the ProxyHTMLRot13Links
    directive as follow:

            PerlAddVar ProxyHTMLRot13Links All

    All links in the page will be decoded before being rewritten and
    re-encoded.

    If obfuscation occurs on some attributs only you can set the value as a
    pair of element:attribut where the decoding/encoding must be applied.
    For example:

            PerlAddVar ProxyHTMLRot13Links a:data-href
            PerlAddVar ProxyHTMLRot13Links a:href

BUGS
    Apache2::ModProxyPerlHtml is still under development and is pretty
    stable. Please send me email to submit bug reports or feature requests.

COPYRIGHT
    Copyright (c) 2005-2022 - Gilles Darold

    All rights reserved. This program is free software; you may redistribute
    it and/or modify it under the same terms as Perl itself.

AUTHOR
    Created and maintained by :

            Gilles Darold
            <gilles at darold dot net>

About

Apache2::ModProxyPerlHtml is the most advanced Apache output filter to rewrite HTTP headers and HTML links for reverse proxy usage. It is written in Perl and exceeds all mod_proxy_html.c limitations without performance lost.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages