Reverse Proxying 101
Download
Report
Transcript Reverse Proxying 101
Reverse Proxying 101
By:
Brian Horncastle,
Unix Systems Network Administrator,
Camosun College, 3100 Foul Bay Road,
Victoria, BC, V8P 5J2
Email: [email protected]
Tel: (250) 370-4623
Overview
Comic Relief
What is Forward Proxying?
What is Reverse Proxying?
Reverse Proxying & The Library
Proxying Software
Reverse Proxying Diagram
Useful Links
Camosun College Case Study
The Code
Comic Relief
What is Forward Proxying?
“Forward proxy” settings are required to be
configured in the end user’s web browser,
including:
proxy address
port
The end user accesses forward proxied sites by
using:
the original URL of the site, unmodified
o in other words, the URL of the destination site
is not manipulated by the end user for proxying
to occur.
What is Forward Proxying? (cont)
“Forward proxying” is practical in an environment where:
an organization has control over work stations
you can have pre-configured proxy settings in the browser
you prefer end user is unaware that they are using a proxy
“Forward proxying” is not practical if:
the end user is expected to change browser settings
themselves
o this can very easily become a nightmare for an
organization’s helpdesk
o in this situation, “Reverse proxying” is the preferred
method of proxying
What is Forward Proxying? (cont)
Within an organization “Forward proxying” is
appropriate for:
providing access control to end users
browsing the internet
i.e. allowing or deny access to specific sites
“Forward proxying” is also commonly used to:
speed up access to web resources, when
caching is turned on
What is Reverse Proxying?
“Reverse proxying” does not:
require any changes to the end user’s browser
settings
“Reverse proxying” works via:
the end user supplying the proxy server’s address
(& port if necessary) in the browser’s URL field,
with the destination URL appended or pre-pended
a link that the end user clicks on if prefered; so this
isn’t as horrifying as it sounds
What is Reverse Proxying? (cont)
“Reverse proxying” is commonly used to:
provide the outside world access to an organizations'
internal web service
prevent an internal server being directly exposed to
the outside world
provide a layer of abstraction that improves security
What is Reverse Proxying? (cont)
A “Reverse proxy” *can* be used to provide SSL in-front
of servers that otherwise run straight HTTP
unencrypted; with this said:
best practice is to run SSL from end to end
i.e. from source server to proxy, and from proxy to
client
this is important for transfer of sensitive data,
including credit card payments
one does not want to give a hacker an opportunity to
sniff such data at any point over the wire
Reverse Proxying & The Library
Libraries commonly use “Reverse proxying” to provide
external clients access to external library web
resources:
e.g.
Ebsco
Wilson Web
Gale
Ovid
Many of these external resources grant access based on
an organizations’ IP range.
Reverse Proxying & The Library (cont)
If end users access a Library resource via the
organizations’ “Reverse proxy”:
the resource sees the traffic as originating from the
allowed IP range,
and access to the resource is granted
If the end users try to access the resource directly,
without going through the proxy:
they are denied access because they are not
originating from an accepted IP range.
EZProxy by OCLC is a product that is commonly used
by Libraries for “Reverse Proxying”.
Proxying Software
Apache
(http://www.apache.org & http://www.apachetutor.org/admin/reverseproxies)
EZProxy
(http://www.oclc.org/ezproxy)
Squid
(http://www.squid-cache.org)
IIS7
(http://www.iis.net & http://forums.iis.net/t/1156458.aspx )
ISA / Forefront
(http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/default.aspx)
Note: More software options can be found at http://en.wikipedia.org/wiki/Web_proxy
Reverse Proxying Diagram
This example from Coder Journal shows how a reverse proxy may be used to provide access to an internal web
service. The end user never sees the address of the backend server.
Source: http://www.coderjournal.com/uploads/2008/02/coder-journal-structure.png
Useful Links
Hypertext Transfer Protocol -- HTTP/1.1 RFC
http://tools.ietf.org/html/rfc2616
NCTU Department of Computer Science, Proxy Presentation
http://www.cs.nctu.edu.tw/~chwong/course/sysadm/slide/Web%20Proxy.pdf
A Reverse Proxy Is A Proxy By Any Other Name
http://www.sans.org/reading_room/whitepapers/webservers/a_reverse_proxy_is_a_proxy
_by_any_other_name_302?show=302.php&cat=webservers
Proxy and reverse proxy servers
http://en.kioskea.net/contents/lan/proxy.php3
Reverse Proxying With Apache 2.0
http://www.serverwatch.com/tutorials/article.php/3290851
Camosun College Case Study
1)
2)
3)
4)
Camosun College Case Study (cont)
Camosun College Case Study (cont)
Camosun Library had been using EZProxy
Direction was given to explore alternatives
Loosely followed Apache Reverse Proxy tutorial at:
http://www.apachetutor.org/admin/reverseproxies
Camosun College Case Study (cont)
Configured Apache to behave similar to EZProxy.
Created a script that dynamically generates reverse
proxy directives for the list of Library resource
URLs each time Apache is restarted.
Configured Kerberos Authentication
Configured HTML URL mapping / rewriting.
o Made heavy use of includes so that every reverse
proxied site is aware of every other reverse
proxied site
o i.e. Links between reverse proxied Library
resources don’t break
Camosun College Case Study (cont)
We ended up returning to EZProxy as we
couldn’t make Apache work perfectly with a
select few Library resources within our
project time frame
Most Library resources did work fine, and
given time to develop further we are
confident we could have prefected.
Camosun College Case Study (cont)
“EZproxy® authentication and access software at a glance
EZproxy helps provide users with remote access to Web-based licensed content offered by
libraries. It is an easy to setup and easy to maintain program. More than 2,500 institutions in
over 60 countries have purchased EZproxy software.
Benefits
•The industry leading, robust middleware solution for remote user authentication
•It connects to a large number of content providers (including OCLC FirstSearch, EBSCO,
Gale, etc.)
•It connects to a wide variety of authentication services (including LDAP, SIP, Athens and
Shibboleth) which reduces the number of authorizations/passwords and provides a better enduser experience
•An easy to setup and easy to maintain program”
(SOURCE: http://www.oclc.org/ezproxy/about/default.htm)
Camosun College Case Study (cont)
“Features
•EZproxy works by dynamically altering the URLs within the Web pages provided by your
database vendor. The server names within the URLs of these Web pages are changed to reflect
your EZproxy server instead, causing your users to return to the EZproxy server as they
access links on these Web pages. The result is a seamless access environment for your users
without the need for automatic proxy configuration files. EZproxy only alters references to
your database vendors' Web pages, so if your database vendor provides additional links to other
free Web pages on the Internet, these are left as-is. In this manner, if your users elect to follow
one of these links, the EZproxy server is automatically taken out of the communication loop.
•EZproxy maintains a standard Web server log file of usage. Using standard Web log analysis
tools, you can evaluate which databases are being used remotely and use these statistics to help
justify your budget requests for database licensing.”
(SOURCE: http://www.oclc.org/ezproxy/about/default.htm)
THE END.
Unless you like code….
Camosun College Case Study
The Code
proxy-main.conf
##############################
#### Proxy Listening Port ####
##############################
############################
#### Proxy Virtual Host ####
############################
<VirtualHost *:443>
Listen 443
DocumentRoot /var/www/vhosts/default-secure
NameVirtualHost *:443
################################
## VHOST SSL Proxy Settings ##
################################
#############################
#### SSL GLOBAL SETTINGS ####
#############################
AddType application/x-x509-ca-cert .crt
SSLEngine On
SSLProtocol all -SSLv2
SSLProxyEngine On
#SSLCipherSuite
#ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/conf/cert/wildcard.crt
SSLCertificateKeyFile /var/www/conf/cert/wildcard.key
#SSLCertificateChainFile /var/www/conf/certs/ca.crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache
shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
#########################################################
# Location based Kerberos authentication for Reverse Proxied sites & Document Root
#########################################################
<location />
Include conf/proxy-authentication.conf
</location>
Camosun College Case Study
The Code
proxy-main.conf
################
################
#################################################
## Reverse Proxy HTML Link Rewriting - General ##
#################################################
<IfModule mod_proxy.c>
RequestHeader unset Accept-Encoding
SetOutputFilter proxy-html
### Proxying ###
##########################
## VHOST Proxy Settings ##
##########################
ProxyRequests On
ProxyVia On
ProxyTimeout 100
ProxyReceiveBufferSize 0
ProxyBadHeader StartBody
# AllowCONNECT 8043 8080
#################
## Proxy Cache ##
#################
#
CacheRoot /var/www/proxycache
#
CacheMaxExpire
#
CacheLastModifiedFactor 0.1
#
CacheDefaultExpire
24
1
##############################################
## Reverse Proxy HTML Link Rewriting - W3C HTML 4.01 and XHTML 1.0 ##
##############################################
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
a
href
area
href
link
href
img
src longdesc usemap
object
classid codebase data usemap
q
cite
blockquote cite
ins
cite
del
cite
form
action
input
src usemap
head
profile
base
href
script
src for
meta
URL url
embed
pluginspage src server secureserver pserver psecureserver
option
value
Camosun College Case Study
The Code
proxy-main.conf
#################################
## Reverse Proxy HTML Link Rewriting –
#
## Scripting events (with ProxyHTMLExtended On)
#
#################################
#########################################
## Reverse Proxy HTML Link Rewriting #
## Legacy support (pre-1998, aka "transitional") HTML or XHTML #
########################################
ProxyHTMLEvents \
onclick \
ondblclick \
onmousedown \
onmouseup \
onmouseover \
onmousemove \
onmouseout \
onkeypress \
onkeydown \
onkeyup \
onfocus \
onblur \
onload \
onunload \
onsubmit \
onreset \
onselect \
onchange \
openWeblink \
Image \
new \
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
ProxyHTMLLinks
frame
iframe
body
td
applet
src longdesc realsrc
src longdesc realsrc
background
background
codebase
#########################################
## Reverse Proxy HTML Link Rewriting - Proprietary HTML variants ##
#########################################
## EXAMPLE ##
##
## ProxyHTMLLinks
myelement
myattr otherattr
##
#########################################
###################
## Proxy Logging ##
###################
ProxyHTMLLogVerbose On
ErrorLog logs/proxy_errors.log
TransferLog logs/proxy_access.log
LogLevel Info
#LogLevel Debug
Camosun College Case Study
The Code
proxy-main.conf
####################
## Forward Proxying - Default ##
###################
<Proxy *>
############################
######################################
## Allowed Reverse & Forward Proxies for Authenticated Users ##
######################################
# RewriteEngine On
ProxyPreserveHost Off
SetEnv proxy-nokeepalive 1
CookieTracking on
Include conf/proxy-reverse.conf
Include conf/proxy-forward.conf
# Kerberos Authentication for Forward Proxying #
############################
Include conf/proxy-authentication.conf
########################################
# Deny forward proxying by default unless specified below in allow list #
########################################
order deny,allow
deny from all
allow from none
</Proxy>
</IfModule>
</VirtualHost>
Camosun College Case Study
The Code
proxy-authentication.conf
## Login Message
AuthName "Kerberos Login"
## Define the Authentication Type
AuthType Kerberos
## Define the Keytab file
Krb5Keytab /var/www/etc/auth_kerb.keytab
##Authenticate a Single Domain
# KrbAuthRealm domain1.com
## Authenticate Against Multiple Domains
KrbAuthRealms domain1.com domain2.com
## Kerberous Options
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
## Login Restrictions
Require valid-user
# Require user testuser DOMAIN1\testuser
# Require group DOMAIN1\testgroup
Camosun College Case Study
The Code
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
# default_realm = DOMAIN1.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN1.COM = {
# KDC IS THE DOMAIN SERVERS IP
kdc = 192.168.1.20
# ADMIN SERVER IS THE DOMAIN SERVERS IP
admin_server = 192.168.1.20
# DEFAULT DOMAIN IS THE DOMAIN
# default_domain = DOMAIN1.COM
}
DOMAIN2.COM = {
# KDC IS THE DOMAIN SERVERS IP
kdc = 192.168.2.20
# ADMIN SERVER IS THE DOMAIN SERVERS IP
admin_server = 192.168.2.20
# DEFAULT DOMAIN IS THE DOMAIN
# default_domain = DOMAIN2.COM
}
[domain_realm]
domain1.com = DOMAIN1.COM
.domain1.com = DOMAIN1.COM
domain2.com = DOMAIN2.COM
.domain2.com = DOMAIN2.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Camosun College Case Study
Configuration Files proxy-compile.sh
##################################################
##### Copyright (C) 2009 Camosun College
#####
##### Author: Brian Horncastle
##### Script name: proxy-compile.sh
##### Description:
### WRITE THE FILE THAT WILL BE USED FOR INSERTING HTML URL
### REWRITES FROM ALL SITES FOR ALL SITES TO ALLOW TRAVERSING FROM SITE TO SITE ###
echo " " >> $varHTMLUrlMapOutputFile;
echo "ProxyHTMLURLMap
http://$i /$i" >> $varHTMLUrlMapOutputFile;
echo "ProxyHTMLURLMap
https://$i /$i" >> $varHTMLUrlMapOutputFile;
echo "ProxyHTMLURLMap
http://$i/ /$i/" >> $varHTMLUrlMapOutputFile;
echo "ProxyHTMLURLMap
https://$i/ /$i/" >> $varHTMLUrlMapOutputFile;
echo "ProxyHTMLURLMap
echo "ProxyHTMLURLMap
javascript:openWeblink('http://$i/ javascript:openWeblink('/$i/" >> $varHTMLUrlMapOutputFile;
javascript:openWeblink('https://$i/ javascript:openWeblink('/$i/" >> $varHTMLUrlMapOutputFile;
##### This script generates the following Apache proxy config files
#####
- proxy-forward.conf
#####
- proxy-reverse.conf
#####
- proxy-htmlurlmap.conf
##### Input is taken from the file proxy-list.input
##################################################
### WRITE FIRST LINE OF THE REVERSE PROXY OUTPUT FILE ###
echo " " >> $varReverseProxyOutputFile;
### START LOCATION DIRECTIVE FOR REVERSE PROXIED DOMAIN ###
echo "<Location /$i/>" >> $varReverseProxyOutputFile;
### PROXY SETTINGS FOR DOMAIN ###
### DECLARE VARIABLES ###
varProxyListInputFile="proxy-list.input";
varReverseProxyOutputFile="proxy-reverse.conf";
varHTMLUrlMapOutputFile="proxy-htmlurlmap.conf";
varForwardProxyOutputFile="proxy-forward.conf";
### CLEAR OUTPUT FILE ###
rm $varReverseProxyOutputFile >/dev/null 2>&1;
rm $varHTMLUrlMapOutputFile >/dev/null 2>&1;
rm $varForwardProxyOutputFile >/dev/null 2>&1;
# echo " ProxyHTMLMeta Off" >> $varReverseProxyOutputFile;
echo " ProxyHTMLExtended On" >> $varReverseProxyOutputFile;
### DEFINED PROXYPASS & PROXYPASSREVERSE FOR PROXYING ###
echo "
echo "
echo "
echo "
ProxyPass
http://$i/" >> $varReverseProxyOutputFile;
ProxyPassReverse
http://$i/" >> $varReverseProxyOutputFile;
ProxyPass
https://$i/" >> $varReverseProxyOutputFile;
ProxyPassReverse
https://$i/" >> $varReverseProxyOutputFile;
### COOKIE HANDLING ###
echo " ProxyPassReverseCookiePath / /var/www/proxycookies/" >> $varReverseProxyOutputFile;
echo " ProxyPassReverseCookieDomain $i webservices2.camosun.bc.ca" >> $varReverseProxyOutputFile;
Camosun College Case Study
Configuration Files proxy-compile.sh
### HTML URL MAPPINGS APPLIED TO ALL REVERSE PROXIED SITES
### WITHIN LOCATION DIRECTIVES###
echo " ProxyHTMLURLMap
^/ /$i/ R" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap
/$i/ /$i/" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap
/$i /$i/ R" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap
/$i//$i/ //" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap
../../ /$i/" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap
../ /$i/" >> $varReverseProxyOutputFile;
if [ $i = "www.ebrary.com" ]
then
echo " ProxyHTMLURLMap
fi
### INSERT HTML URL REWRITES FROM ALL SITES FOR ALL
### SITES TO ALLOW TRAVERSING FROM SITE TO SITE ###
echo " Include conf/$varHTMLUrlMapOutputFile" >> $varReverseProxyOutputFile;
### END LOCATION DIRECTIVE FOR REVERSE PROXIED DOMAIN ###
echo "</Location>" >> $varReverseProxyOutputFile;
### SPECIFIC HTML URL MAPPINGS FOR REVERSE PROXIED SITES ###
if [ $i = "search.ebscohost.com" ]
then
echo " ProxyHTMLURLMap
http:// /" >> $varReverseProxyOutputFile;
proxy.cfm?url=http:// proxy.cfm?url=http://^A" >> $varReverseProxyOutputFile;
fi
### FORWARD PROXYING ###
echo " " >> $varForwardProxyOutputFile;
echo "<ProxyMatch http://$i/*>" >> $varForwardProxyOutputFile;
echo " order allow,deny" >> $varForwardProxyOutputFile;
echo " allow from all" >> $varForwardProxyOutputFile;
echo " deny from none" >> $varForwardProxyOutputFile;
echo "</ProxyMatch>" >> $varForwardProxyOutputFile;
echo "<ProxyMatch https://$i/*>" >> $varForwardProxyOutputFile;
echo " order allow,deny" >> $varForwardProxyOutputFile;
echo " allow from all" >> $varForwardProxyOutputFile;
echo " deny from none" >> $varForwardProxyOutputFile;
echo "</ProxyMatch>" >> $varForwardProxyOutputFile;
done
if [ $i = "vnweb.hwwilsonweb.com" ]
then
echo " ProxyHTMLURLMap
^/hww/ /$i/hww/ R" >> $varReverseProxyOutputFile;
fi
### GLOBAL HTML URL REWRITES ###
echo " ProxyHTMLURLMap
/login?url=http:// \ /login?url=http://^A"
>> $varHTMLUrlMapOutputFile;
if [ $i = "site.ebrary.com" ]
then
echo " ProxyHTMLURLMap
fi
### WRITE THE FIRST LINE IN THE HTML URL MAP FILE ###
echo " " >> $varHTMLUrlMapOutputFile;
/images/search/ /$i/images/search/ R" >> $varReverseProxyOutputFile;
### APACHE RESTART ###
apachectl stop
apachectl start
Camosun College Case Study
The Code proxy-list.input
search.ebscohost.com
vnweb.hwwilsonweb.com
site.ebrary.com
www.ebrary.com
Camosun College Case Study
The Code proxy-reverse.conf
<Location /search.ebscohost.com/>
ProxyHTMLExtended On
ProxyPass
http://search.ebscohost.com/
ProxyPassReverse
http://search.ebscohost.com/
ProxyPass
https://search.ebscohost.com/
ProxyPassReverse
https://search.ebscohost.com/
ProxyPassReverseCookiePath / /var/www/proxycookies/
ProxyPassReverseCookieDomain search.ebscohost.com webservices2.camosun.bc.ca
ProxyHTMLURLMap
^/ /search.ebscohost.com/ R
ProxyHTMLURLMap
/search.ebscohost.com/ /search.ebscohost.com/
ProxyHTMLURLMap
/search.ebscohost.com /search.ebscohost.com/ R
ProxyHTMLURLMap
/search.ebscohost.com//search.ebscohost.com/ //
ProxyHTMLURLMap
../../ /search.ebscohost.com/
ProxyHTMLURLMap
../ /search.ebscohost.com/
ProxyHTMLURLMap
proxy.cfm?url=http:// proxy.cfm?url=http://^A
Include conf/proxy-htmlurlmap.conf
</Location>
<Location /vnweb.hwwilsonweb.com/>
ProxyHTMLExtended On
ProxyPass
http://vnweb.hwwilsonweb.com/
ProxyPassReverse
http://vnweb.hwwilsonweb.com/
ProxyPass
https://vnweb.hwwilsonweb.com/
ProxyPassReverse
https://vnweb.hwwilsonweb.com/
ProxyPassReverseCookiePath / /var/www/proxycookies/
ProxyPassReverseCookieDomain vnweb.hwwilsonweb.com webservices2.camosun.bc.ca
ProxyHTMLURLMap
^/ /vnweb.hwwilsonweb.com/ R
ProxyHTMLURLMap
/vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/
ProxyHTMLURLMap
/vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.com/ R
ProxyHTMLURLMap
/vnweb.hwwilsonweb.com//vnweb.hwwilsonweb.com/ //
ProxyHTMLURLMap
../../ /vnweb.hwwilsonweb.com/
ProxyHTMLURLMap
../ /vnweb.hwwilsonweb.com/
ProxyHTMLURLMap
^/hww/ /vnweb.hwwilsonweb.com/hww/ R
Include conf/proxy-htmlurlmap.conf
</Location>
<Location /site.ebrary.com/>
ProxyHTMLExtended On
ProxyPass
http://site.ebrary.com/
ProxyPassReverse
http://site.ebrary.com/
ProxyPass
https://site.ebrary.com/
ProxyPassReverse
https://site.ebrary.com/
ProxyPassReverseCookiePath / /var/www/proxycookies/
ProxyPassReverseCookieDomain site.ebrary.com webservices2.camosun.bc.ca
ProxyHTMLURLMap
^/ /site.ebrary.com/ R
ProxyHTMLURLMap
/site.ebrary.com/ /site.ebrary.com/
ProxyHTMLURLMap
/site.ebrary.com /site.ebrary.com/ R
ProxyHTMLURLMap
/site.ebrary.com//site.ebrary.com/ //
ProxyHTMLURLMap
../../ /site.ebrary.com/
ProxyHTMLURLMap
../ /site.ebrary.com/
ProxyHTMLURLMap
/images/search/ /site.ebrary.com/images/search/ R
Include conf/proxy-htmlurlmap.conf
</Location>
<Location /www.ebrary.com/>
ProxyHTMLExtended On
ProxyPass
http://www.ebrary.com/
ProxyPassReverse
http://www.ebrary.com/
ProxyPass
https://www.ebrary.com/
ProxyPassReverse
https://www.ebrary.com/
ProxyPassReverseCookiePath / /var/www/proxycookies/
ProxyPassReverseCookieDomain www.ebrary.com webservices2.camosun.bc.ca
ProxyHTMLURLMap
^/ /www.ebrary.com/ R
ProxyHTMLURLMap
/www.ebrary.com/ /www.ebrary.com/
ProxyHTMLURLMap
/www.ebrary.com /www.ebrary.com/ R
ProxyHTMLURLMap
/www.ebrary.com//www.ebrary.com/ //
ProxyHTMLURLMap
../../ /www.ebrary.com/
ProxyHTMLURLMap
../ /www.ebrary.com/
ProxyHTMLURLMap
http:// /
Include conf/proxy-htmlurlmap.conf
</Location>
Camosun College Case Study
The Code
proxy-htmlurlmap.conf
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
http://search.ebscohost.com /search.ebscohost.com
https://search.ebscohost.com /search.ebscohost.com
http://search.ebscohost.com/ /search.ebscohost.com/
https://search.ebscohost.com/ /search.ebscohost.com/
javascript:openWeblink('http://search.ebscohost.com/ javascript:openWeblink('/search.ebscohost.com/
javascript:openWeblink('https://search.ebscohost.com/ javascript:openWeblink('/search.ebscohost.com/
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
http://vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.com
https://vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.com
http://vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/
https://vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/
javascript:openWeblink('http://vnweb.hwwilsonweb.com/ javascript:openWeblink('/vnweb.hwwilsonweb.com/
javascript:openWeblink('https://vnweb.hwwilsonweb.com/ javascript:openWeblink('/vnweb.hwwilsonweb.com/
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
http://site.ebrary.com /site.ebrary.com
https://site.ebrary.com /site.ebrary.com
http://site.ebrary.com/ /site.ebrary.com/
https://site.ebrary.com/ /site.ebrary.com/
javascript:openWeblink('http://site.ebrary.com/ javascript:openWeblink('/site.ebrary.com/
javascript:openWeblink('https://site.ebrary.com/ javascript:openWeblink('/site.ebrary.com/
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
ProxyHTMLURLMap
http://www.ebrary.com /www.ebrary.com
https://www.ebrary.com /www.ebrary.com
http://www.ebrary.com/ /www.ebrary.com/
https://www.ebrary.com/ /www.ebrary.com/
javascript:openWeblink('http://www.ebrary.com/ javascript:openWeblink('/www.ebrary.com/
javascript:openWeblink('https://www.ebrary.com/ javascript:openWeblink('/www.ebrary.com/
ProxyHTMLURLMap
/login?url=http:// /login?url=http://^A
Camosun College Case Study
The Code proxy-forward.conf
<ProxyMatch http://search.ebscohost.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch https://search.ebscohost.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch http://vnweb.hwwilsonweb.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch https://vnweb.hwwilsonweb.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch http://site.ebrary.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch https://site.ebrary.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch http://www.ebrary.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
<ProxyMatch https://www.ebrary.com/*>
order allow,deny
allow from all
deny from none
</ProxyMatch>
THE END.
For real this time….