[Zope] Apache, Rewrite rules and MS ISA server

Eugene el-spam at yandex.ru
Fri Jul 9 05:11:24 EDT 2004


Hello Philip,

Try to use VHM finctionality for URL generation:

RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostbase/https/www.com:443/VirtualHostRoot/$1	[P]

Here, you'll get links on you page to https-site.





PK> Hi Guys,

PK> I have an Apache rewrite configuration issue which I could do with some
PK> pointers on.

PK> Scenario: -

PK> Zope is on a Windows box, running multiple sites - an Intranet and an
PK> Extranet, and some other stuff. On the LAN these are at 
PK> http://www.intranet.domain.com and
PK> http://www.extranet.domain.com, and 
PK> Apache (IBM, 1.3) is in front of Zope and using rewrite rules perfectly
PK> happily.

PK> Current rewrite rule is of the pattern: -

PK> NameVirtualHost *
PK> <VirtualHost *>
PK> ServerName www.example.com
PK> RewriteEngine On
PK> RewriteRule ^/(.*) 
PK> http://127.0.0.1:8080/VirtualHostBase/http/www.example.com:80/example/VirtualHostRoot/$1
PK> [L,P]
PK> </VirtualHost>


PK> Problem: -

PK> We now need to serve the Extranet pages through MS ISA server, which
PK> will forward an incoming HTTPS request on 
PK> https://public.extranet.domain.com to Apache over HTTP - IOW, the 
PK> inbound link is SSL, the LAN hop to the server is not.

PK> If I simply point it at the server at
PK> http://www.extranet.domain.com, 
PK> pages are served, *BUT* both the host name and the protocol in the
PK> served pages are in the "internal" form, e.g. with the private host name
PK> and no encryption.

PK> It seems to me that what I need here is two rewrite rules - one to
PK> rewrite /inbound/ requests to serve the pages, another to rewrite 
PK> outbound requests to modify the absolute URLs in them to use HTTPS and
PK> the "public" host name. Needless to say, I'd like to avoid using SSL on
PK> the LAN if possible, or spoofing name resolution...

PK> If I was just working with Apache, this would be easy - but the 
PK> additional step of MS ISA server forwarding requests from the public to
PK> the private URL, and from SSL to non-SSL, is making my head spin!

PK> All pointers gratefully received. If I need to google more, hints as to
PK> search terms would help, too!




-- 
Best regards,
 Eugene                            mailto:el-spam at yandex.ru



More information about the Zope mailing list