NAME Apache2::ModProxyPerlHtml - rewrite HTTP headers and HTML links for reverse proxy usage DESCRIPTION Apache2::ModProxyPerlHtml is the most advanced Apache output filter to rewrite HTTP headers and HTML links for reverse proxy usage. It is written in Perl and exceeds all mod_proxy_html.c limitations without performance lost. Apache2::ModProxyPerlHtml is very simple and has far better parsing/replacement of URL than the original C code. It also supports meta tag, CSS, and javascript URL rewriting and can be used with compressed HTTP. You can now replace any code by other, like changing image names or anything else. mod_proxy_html can't do all of that. Since release 3.x ModProxyPerlHtml is also able to rewrite HTTP headers with Refresh url redirection and Referer. The replacement capability concern only the following HTTP content type: text/javascript text/html text/css text/xml application/.*javascript application/.*xml other kind of file, will be left untouched (or see ProxyHTMLContentType and ProxyHTMLExcludeContentType). AVAILIBILITY You can get the latest version of Apache2::ModProxyPerlHtml from CPAN (http://search.cpan.org/). PREREQUISITES You must have Apache2, mod_proxy, mod_perl and IO::Compress::Zlib perl modules installed on your system. Installation on RH/CentOs Install Apache2, apxs, the Epel repository (for mod_perl install) and the Perl Module IO::Compress: yum install httpd httpd-devel yum install epel-release yum install perl-IO-Compress Install ModPerl, minimal version to work with Apache 2.4 is 2.0.10: yum list | grep mod_perl yum --enablerepo=epel -y install mod_perl mod_perl-devel Enable mod_perl: a2enconf mod_perl systemctl reload apache2 The Apache module mod_ssl is not available by default, install it: yum install mod_ssl If the firewall is enabled you might want to allow access to the Apache services firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload Installation on Debian/Ubuntu To have Apache2 server and apxs command: apt install apache2 apache2-dev ModPerl can be installed using: apt install libapache2-mod-perl2 libapache2-mod-perl2-dev ModProxyPerlHtml need additional Perl module IO::Compress: apt install libio-compress-perl Enable mod_proxy: a2enmod proxy a2enmod proxy_http a2enmod proxy_ftp a2enmod proxy_connect Enable the configuration and mod_perl: a2enmod perl INSTALLATION % perl Makefile.PL % make && make install APACHE CONFIGURATION On Debian/Ubuntu set the following configuration into the VirtualHost section of files /etc/apache2/sites-available/default-ssl.conf and /etc/apache2/sites-available/000-default.conf. On CentOS/RedHat add it to /etc/httpd/conf.d/vhost.conf. ProxyRequests Off ProxyPreserveHost Off ProxyPass /webcal/ http://webcal.domain.com/ PerlInputFilterHandler Apache2::ModProxyPerlHtml PerlOutputFilterHandler Apache2::ModProxyPerlHtml SetHandler perl-script # Use line below and comment line above if you experience error: # "Attempt to serve directory". The reason is that with SetHandler # DirectoryIndex is not working # AddHandler perl-script * PerlSetVar ProxyHTMLVerbose "On" LogLevel Info ProxyPassReverse / PerlAddVar ProxyHTMLURLMap "/ /webcal/" PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal" Note that here FilterHandlers are set globally, you can also set them in any part to set it locally and avoid calling this Apache module globally. If you want to rewrite some code on the fly, like changing images filename you can use the perl variable ProxyHTMLRewrite under the location directive as follow: ... PerlAddVar ProxyHTMLRewrite "/logo/image1.png /images/logo1.png" # Or more complicated to handle space in the code as space is the # pattern / substitution separator character internally in ModProxyPerlHtml PerlAddVar ProxyHTMLRewrite "ajaxurl[\s\t]*=[\s\t]*'/blog' ajaxurl = '/www2.mydom.org/blog'" ... this will replace each occurence of '/logo/image1.png' by '/images/logo1.png' in the entire stream (html, javascript or css). Note that this kind of substitution is done after all other proxy related replacements. In some conditions javascript code can be replaced by error, for example: imgUp.src = '/images/' + varPath + '/' + 'up.png'; will be rewritten like this: imgUp.src = '/URL/images/' + varPath + '/URL/' + 'up.png'; To avoid the second replacement, write your JS code like that: imgUp.src = '/images/' + varPath + unescape('%2F') + 'up.png'; ModProxyPerlHTML replacement is activated on certain HTTP Content Type. If you experienced that replacement is not activated for your file type, you can use the ProxyHTMLContentType configuration directive to redefined the HTTP Content Type that should be parsed by ModProxyPerlHTML. The default value is the following Perl regular expresssion: PerlAddVar ProxyHTMLContentType (text\/javascript|text\/html|text\/css|text\/xml|application\/.*javascript|application\/.*xml) If you know exactly what you are doing by editing this regexp fill free to add the missing Content-Type that must be parsed by ModProxyPerlHTML. Otherwise drop me a line with the content type, I will give you the rigth expression. If you don't know about the content type, with FireFox simply type Ctrl+i on the web page. Some MS Office files may conflict with the above ProxyHTMLContentType regex like .docx or .xlsx files. The result is that there could suffer of replacement inside and the file will be corrupted. to prevent this you have the ProxyHTMLExcludeContentType configuration directive to exclude certain content-type. Here is the default value: PerlAddVar ProxyHTMLExcludeContentType (application\/vnd\.openxml) If you have problem with other content-type, use this directive. For example, as follow: PerlAddVar ProxyHTMLExcludeContentType (application\/vnd\.openxml|application\/vnd\..*text) this regex will prevent any MS Office XML or text document to be parsed. Some javascript libraries like JQuery are wrongly rewritten by ModProxyPerlHtml. The problem is that those javascript code include some code and regex that are detected as links and rewritten. The only way to fix that is to exclude those files from the URL rewritter by using the "ProxyHTMLExcludeUri" configuration directive. For example: PerlAddVar ProxyHTMLExcludeUri jquery.min.js$ PerlAddVar ProxyHTMLExcludeUri ^.*\/jquery-lib\/.*$ Any downloaded URI that contains the given regex will be returned asis without rewritting. You can use this directive multiple time like above to match different cases. LIVE EXAMPLE Here is the reverse proxy configuration I use to give access to Internet users to internal applications: ProxyRequests Off ProxyPreserveHost Off ProxyPass /webmail/ http://webmail.domain.com/ ProxyPass /webcal/ http://webcal.domain.com/ ProxyPass /intranet/ http://intranet.domain.com/ PerlInputFilterHandler Apache2::ModProxyPerlHtml PerlOutputFilterHandler Apache2::ModProxyPerlHtml SetHandler perl-script # Use line below iand comment line above if you experience error: # "Attempt to serve directory". The reason is that with SetHandler # DirectoryIndex is not working # AddHandler perl-script * PerlSetVar ProxyHTMLVerbose "On" LogLevel Info # URL rewriting RewriteEngine On #RewriteLog "/var/log/apache/rewrite.log" #RewriteLogLevel 9 # Add ending '/' if not provided RewriteCond %{REQUEST_URI} ^/mail$ RewriteRule ^/(.*)$ /$1/ [R] RewriteCond %{REQUEST_URI} ^/planet$ RewriteRule ^/(.*)$ /$1/ [R] # Add full path to the CGI to bypass the index.html redirect that may fail RewriteCond %{REQUEST_URI} ^/calendar/$ RewriteRule ^/(.*)/$ /$1/cgi-bin/wcal.pl [R] RewriteCond %{REQUEST_URI} ^/calendar$ RewriteRule ^/(.*)$ /$1/cgi-bin/wcal.pl [R] ProxyPassReverse / PerlAddVar ProxyHTMLURLMap "/ /webmail/" PerlAddVar ProxyHTMLURLMap "http://webmail.domain.com /webmail" # Use this to disable compressed HTTP #RequestHeader unset Accept-Encoding ProxyPassReverse / PerlAddVar ProxyHTMLURLMap "/ /webcal/" PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal" ProxyPassReverse / PerlAddVar ProxyHTMLURLMap "/ /intranet/" PerlAddVar ProxyHTMLURLMap "http://intranet.domain.com /intranet" # Rewrite links that give access to the two previous location PerlAddVar ProxyHTMLURLMap "/intranet/webmail /webmail" PerlAddVar ProxyHTMLURLMap "/intranet/webcal /webcal" This gives access two a webmail and webcal application hosted internally to all authentified users through their own Internet acces. There's also one acces to an Intranet portal that have links to the webcal and webmail application. Those links must be rewritten twice to works. ROT13 obfuscation Some links can be obfucated to be hidden from google or other robots. To enable encode/decode of those links you can use the ProxyHTMLRot13Links directive as follow: PerlAddVar ProxyHTMLRot13Links All All links in the page will be decoded before being rewritten and re-encoded. If obfuscation occurs on some attributs only you can set the value as a pair of element:attribut where the decoding/encoding must be applied. For example: PerlAddVar ProxyHTMLRot13Links a:data-href PerlAddVar ProxyHTMLRot13Links a:href BUGS Apache2::ModProxyPerlHtml is still under development and is pretty stable. Please send me email to submit bug reports or feature requests. COPYRIGHT Copyright (c) 2005-2022 - Gilles Darold All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself. AUTHOR Created and maintained by : Gilles Darold