反向代理模式 Apache 拦截或捕获来自后端服务器的 302 响应并在内部重定向,而不将 302 响应发送回客户端
有谁知道如何告诉 Apache 在反向代理模式下拦截或捕获来自后端服务器的 302(或 30x)响应并在内部重定向而不将 30x 响应发送回客户端? 最终,响应重定向到的后端服务器将无法从外部访问(或未在 Apache conf 中列出)。
我的情况:
我有 web_server_A 和 web_server_B 监听端口 6666 和 7777。这些端口无法从外部访问,但可以从内部访问。
我最终可以更改 web_server_A 的行为,但不能更改 web_server_B 的行为。
Apache 正在侦听端口 80/443,可从外部访问,并充当反向代理,将发往 web_server_{A,B}.example.com 的请求发送到 web_server_{A,B}
客户端向 Apache 请求 web_server_A.example。 com/foo。 Apache 将请求代理到 web_server_A,后者会生成一些内容,然后将指向 web_server_B.example.com/bar/secret_token 的 HTTP/302 响应发送回 Apache。 Apache 将 302 响应发送回客户端,然后客户端向 Apache 发送一个针对 web_server_B.example.com/bar/secret_token 的 HTTP 请求。 Apache 将请求代理到 web_server_B,后者会回复一些内容(通常会发回一些大文件)。
我的问题:
我不希望客户端知道网址 web_server_B.example.com/bar/secret_token,最终我也不希望从外部访问 web_server_B。
web_server_A 可以向 web_server_B 发出请求,然后从 web_server_B 发回答案,而无需发出 302 回复。 但是,web_server_B 的答案可能需要一些时间才能到来,可能会很大,并且 web_server_A 不应该在任何请求上花费太多时间(它没有处理大文件的能力)。
所以我想到了一个“302 trapper”功能,如果存在的话那就太好了,但到目前为止还没有在网络上资助任何关于如何做到这一点的内容。 任何想法?
Does anyone knows how to tell Apache, in reverse proxy mode, to intercept or trap 302 (or 30x) responses from backend server and redirect internally without sending 30x response back to client?
Ultimately, the backend server the response is redirected to would not be accessible from the outside (or not listed in Apache conf).
My situation:
I have web_server_A and web_server_B listening on port 6666 and 7777. These ports are not accessible from outside, but are accessible from the inside.
I can eventually change the behavior of web_server_A, but not the one of web_server_B.
Apache is listening on ports 80/443, accessible from the outside and is acting as a reverse proxy sending requests addressed to web_server_{A,B}.example.com to web_server_{A,B}
The client asks Apache for web_server_A.example.com/foo. Apache proxies the request to web_server_A which makes some stuff and then sends back to Apache a HTTP/302 response pointing on web_server_B.example.com/bar/secret_token. Apache sends back the 302 response to the client which then sends Apache an HTTP request for web_server_B.example.com/bar/secret_token. Apache proxies the request to web_server_B, which replies something (usually it sends back some big file).
My problem:
I don't want the client to know about the url web_server_B.example.com/bar/secret_token, and ultimately I don't want web_server_B to be accessible from outside.
web_server_A could make the request to web_server_B and then send back the answer from web_server_B without issuing a 302 reply. But, the answer from web_server_B might take some time to come, might be quite big, and web_server_A should not spend too much time on any request (it has no ability for handling big files).
So I thought about a "302 trapper" feature that would be nice if existing, but so far haven't fund anything on the web on how to do that. Any idea?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
作为反向代理,Apache 将无法“阻止回复”。 这不是审查员。
不过,您可以自己写这样的东西。
As a reverse proxy, Apache won't be able to "block replies." It's not a censor.
You could write something like this yourself, though.
使用ProxyPassReverse指令,web_server_A将修改web_server_B发送的Location标头,因此客户端不会知道他。
要捕获来自上游服务器的重定向,您还可以编辑 Location 标头。 例如“Header unset Location”将显示 apache 默认的 30X 错误页面
using ProxyPassReverse directive, web_server_A will modify Location header sent by web_server_B, so the client won't know about him.
to trap redirect from upstream server you can also edit Location header. For instance "Header unset Location" will show apache default 30X error page