NAME

Apache2::ModProxyPerlHtml - rewrite HTTP headers and HTML links for reverse proxy usage

DESCRIPTION

Apache2::ModProxyPerlHtml is the most advanced Apache output filter to rewrite HTTP headers and HTML links for reverse proxy usage. It is written in Perl and exceeds all mod_proxy_html.c limitations without performance lost.

Apache2::ModProxyPerlHtml is very simple and has far better parsing/replacement of URL than the original C code. It also supports meta tag, CSS, and javascript URL rewriting and can be used with compressed HTTP. You can now replace any code by other, like changing image names or anything else. mod_proxy_html can't do all of that. Since release 3.x ModProxyPerlHtml is also able to rewrite HTTP headers with Refresh url redirection and Referer.

The replacement capability concern only the following HTTP content type:

        text/javascript
        text/html
        text/css
        text/xml
        application/.*javascript
        application/.*xml

other kind of file, will be left untouched (or see ProxyHTMLContentType and ProxyHTMLExcludeContentType).

AVAILIBILITY

You can get the latest version of Apache2::ModProxyPerlHtml from CPAN (http://search.cpan.org/).

PREREQUISITES

You must have Apache2, mod_proxy, mod_perl and IO::Compress::Zlib perl modules installed on your system.

Installation on RH/CentOs

Install Apache2, apxs, the Epel repository (for mod_perl install) and the Perl Module IO::Compress:

        yum install httpd httpd-devel
        yum install epel-release
        yum install perl-IO-Compress

Install ModPerl, minimal version to work with Apache 2.4 is 2.0.10:

        yum list | grep mod_perl
        yum --enablerepo=epel -y install mod_perl mod_perl-devel

Enable mod_perl:

        a2enconf mod_perl
        systemctl reload apache2

The Apache module mod_ssl is not available by default, install it:

        yum install mod_ssl

If the firewall is enabled you might want to allow access to the Apache services

        firewall-cmd --permanent --add-service=http
        firewall-cmd --permanent --add-service=https
        firewall-cmd --reload

Installation on Debian/Ubuntu

To have Apache2 server and apxs command:

        apt install apache2 apache2-dev

ModPerl can be installed using:

        apt install libapache2-mod-perl2 libapache2-mod-perl2-dev

ModProxyPerlHtml need additional Perl module IO::Compress:

        apt install libio-compress-perl

Enable mod_proxy:

        a2enmod proxy
        a2enmod proxy_http
        a2enmod proxy_ftp
        a2enmod proxy_connect

Enable the configuration and mod_perl:

        a2enmod perl

INSTALLATION

        % perl Makefile.PL
        % make && make install

APACHE CONFIGURATION

On Debian/Ubuntu set the following configuration into the VirtualHost section of files /etc/apache2/sites-available/default-ssl.conf and /etc/apache2/sites-available/000-default.conf. On CentOS/RedHat add it to /etc/httpd/conf.d/vhost.conf.

    ProxyRequests Off
    ProxyPreserveHost Off
    ProxyPass       /webcal/  http://webcal.domain.com/

    PerlInputFilterHandler Apache2::ModProxyPerlHtml
    PerlOutputFilterHandler Apache2::ModProxyPerlHtml
    SetHandler perl-script
    # Use line below and comment line above if you experience error:
    # "Attempt to serve directory". The reason is that with SetHandler
    # DirectoryIndex is not working 
    # AddHandler perl-script *
    PerlSetVar ProxyHTMLVerbose "On"
    LogLevel Info


    <Location /webcal/>
        ProxyPassReverse /
        PerlAddVar ProxyHTMLURLMap "/ /webcal/"
        PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal"
    </Location>

Note that here FilterHandlers are set globally, you can also set them in any <Location> part to set it locally and avoid calling this Apache module globally.

If you want to rewrite some code on the fly, like changing images filename you can use the perl variable ProxyHTMLRewrite under the location directive as follow:

    <Location /webcal/>
        ...
        PerlAddVar ProxyHTMLRewrite "/logo/image1.png /images/logo1.png"
        # Or more complicated to handle space in the code as space is the
        # pattern / substitution separator character internally in ModProxyPerlHtml
        PerlAddVar ProxyHTMLRewrite "ajaxurl[\s\t]*=[\s\t]*'/blog' ajaxurl = '/www2.mydom.org/blog'"
        ...
    </Location>

this will replace each occurence of '/logo/image1.png' by '/images/logo1.png' in the entire stream (html, javascript or css). Note that this kind of substitution is done after all other proxy related replacements.

In some conditions javascript code can be replaced by error, for example:

        imgUp.src = '/images/' + varPath + '/' + 'up.png';

will be rewritten like this:

        imgUp.src = '/URL/images/' + varPath + '/URL/' + 'up.png';

To avoid the second replacement, write your JS code like that:

        imgUp.src = '/images/' + varPath + unescape('%2F') + 'up.png';

ModProxyPerlHTML replacement is activated on certain HTTP Content Type. If you experienced that replacement is not activated for your file type, you can use the ProxyHTMLContentType configuration directive to redefined the HTTP Content Type that should be parsed by ModProxyPerlHTML. The default value is the following Perl regular expresssion:

        PerlAddVar ProxyHTMLContentType    (text\/javascript|text\/html|text\/css|text\/xml|application\/.*javascript|application\/.*xml)

If you know exactly what you are doing by editing this regexp fill free to add the missing Content-Type that must be parsed by ModProxyPerlHTML. Otherwise drop me a line with the content type, I will give you the rigth expression. If you don't know about the content type, with FireFox simply type Ctrl+i on the web page.

Some MS Office files may conflict with the above ProxyHTMLContentType regex like .docx or .xlsx files. The result is that there could suffer of replacement inside and the file will be corrupted. to prevent this you have the ProxyHTMLExcludeContentType configuration directive to exclude certain content-type. Here is the default value:

        PerlAddVar ProxyHTMLExcludeContentType  (application\/vnd\.openxml)

If you have problem with other content-type, use this directive. For example, as follow:

        PerlAddVar ProxyHTMLExcludeContentType  (application\/vnd\.openxml|application\/vnd\..*text)

this regex will prevent any MS Office XML or text document to be parsed.

Some javascript libraries like JQuery are wrongly rewritten by ModProxyPerlHtml. The problem is that those javascript code include some code and regex that are detected as links and rewritten. The only way to fix that is to exclude those files from the URL rewritter by using the "ProxyHTMLExcludeUri" configuration directive. For example:

        PerlAddVar ProxyHTMLExcludeUri  jquery.min.js$
        PerlAddVar ProxyHTMLExcludeUri  ^.*\/jquery-lib\/.*$

Any downloaded URI that contains the given regex will be returned asis without rewritting. You can use this directive multiple time like above to match different cases.

LIVE EXAMPLE

Here is the reverse proxy configuration I use to give access to Internet users to internal applications:

    ProxyRequests Off
    ProxyPreserveHost Off
    ProxyPass       /webmail/  http://webmail.domain.com/
    ProxyPass       /webcal/  http://webcal.domain.com/
    ProxyPass       /intranet/  http://intranet.domain.com/


    PerlInputFilterHandler Apache2::ModProxyPerlHtml
    PerlOutputFilterHandler Apache2::ModProxyPerlHtml
    SetHandler perl-script
    # Use line below iand comment line above if you experience error:
    # "Attempt to serve directory". The reason is that with SetHandler
    # DirectoryIndex is not working 
    # AddHandler perl-script *
    PerlSetVar ProxyHTMLVerbose "On"
    LogLevel Info


    # URL rewriting
    RewriteEngine   On
    #RewriteLog      "/var/log/apache/rewrite.log"
    #RewriteLogLevel 9
    # Add ending '/' if not provided
    RewriteCond     %{REQUEST_URI}  ^/mail$
    RewriteRule     ^/(.*)$ /$1/    [R]
    RewriteCond     %{REQUEST_URI}  ^/planet$
    RewriteRule     ^/(.*)$ /$1/    [R]
    # Add full path to the CGI to bypass the index.html redirect that may fail
    RewriteCond     %{REQUEST_URI}  ^/calendar/$
    RewriteRule     ^/(.*)/$ /$1/cgi-bin/wcal.pl    [R]
    RewriteCond     %{REQUEST_URI}  ^/calendar$
    RewriteRule     ^/(.*)$ /$1/cgi-bin/wcal.pl     [R]


    <Location /webmail/>
        ProxyPassReverse /
        PerlAddVar ProxyHTMLURLMap "/ /webmail/"
        PerlAddVar ProxyHTMLURLMap "http://webmail.domain.com /webmail"
        # Use this to disable compressed HTTP
        #RequestHeader   unset   Accept-Encoding
    </Location>


    <Location /webcal/>
        ProxyPassReverse /
        PerlAddVar ProxyHTMLURLMap "/ /webcal/"
        PerlAddVar ProxyHTMLURLMap "http://webcal.domain.com /webcal"
    </Location>


    <Location /intranet/>
        ProxyPassReverse /
        PerlAddVar ProxyHTMLURLMap "/ /intranet/"
        PerlAddVar ProxyHTMLURLMap "http://intranet.domain.com /intranet"
        # Rewrite links that give access to the two previous location 
        PerlAddVar ProxyHTMLURLMap "/intranet/webmail /webmail"
        PerlAddVar ProxyHTMLURLMap "/intranet/webcal /webcal"
    </Location>

This gives access two a webmail and webcal application hosted internally to all authentified users through their own Internet acces. There's also one acces to an Intranet portal that have links to the webcal and webmail application. Those links must be rewritten twice to works.

ROT13 obfuscation

Some links can be obfucated to be hidden from google or other robots. To enable encode/decode of those links you can use the ProxyHTMLRot13Links directive as follow:

        PerlAddVar ProxyHTMLRot13Links All

All links in the page will be decoded before being rewritten and re-encoded.

If obfuscation occurs on some attributs only you can set the value as a pair of element:attribut where the decoding/encoding must be applied. For example:

        PerlAddVar ProxyHTMLRot13Links a:data-href
        PerlAddVar ProxyHTMLRot13Links a:href

BUGS

Apache2::ModProxyPerlHtml is still under development and is pretty stable. Please send me email to submit bug reports or feature requests.

COPYRIGHT

Copyright (c) 2005-2020 - Gilles Darold

All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Apache2::ModProxyPerlHtml was created by :

        Gilles Darold
        <gilles at darold dot net>

and is currently maintain by me.