Yuk! Bit of a long subject string, but oh well.
I am trying to configure a Solaris 9 host to perform this role in a DMZ for an IIS (hiss boo!) back-end. The server (well actually two of them) are fronted by Cisco load balancers.
In summary the client issues a request on port 80 that is directed to the load balancers, listening on port 80. These in turn at configured to forward to out Apache servers, which have numerous Name-based Virtual Hosts defined, to listen on port 8000. ReWrite-write rules for each Virtual Host detemine how content is returned to the user, either through a non-caching solution that retries the page from the back-end server, or more conventionally, from a cache enabled on the Apache instances themselves. Most of the rules refer the request onto other Virtual Host entries, depending on how the request string is parsed.
The solution works fine, but only when the Virtual Hosts are confgured for port 80. However this entails re-defining the default route to avoid the load balancers and incluing requests simply come via the firewall/router. When enabled for port 80, pages are returned from the caches for those Re-Write rules that are relevant and from the back-end (via the reverse proxy) for those rules that don't instigate a cache.
However, when configured for Virtaul Hosts that run via port 8000 (which entails a default route to the load balencers) the pages are indeed returned to the users browsers, but the Apache cache is completely circumvented - therefore defeating the use of Apache at all. Content is returned via Port 80, through the firewall.
I reckon I've made a core config blunder somewhere, but having never tried this before, I can't figure out where. Here's some entries in httpd.conf. Maybe someone will be able to say "You banana! What you've done is..."
Below is an entry from httpd.conf;
BindAddress <IP address shared by all name-based Virtual Hosts>:8000
then we have a "Include /apachedata/conf/httpd.conf" statement to source another conf file. It has a number of Virtual Hosts defined, a few detailed below;
This Virtual Host has Re-write rules that direct to another defined Virtual Host that (should) present content from the local cache (at least it does when configured for port 80)
NameVirtualHost <IP shared by all Virtual Hosts>
<VirtualHost <<The IP shared by all Virtual Hosts>:8000>
ServerName <A FQ server name for this Virtual Host>
Port 8000
RewriteEngine On
RewriteCond %{HTTP:AUTHORIZATION} !^$
RewriteRule ^/ rules directs to another Virtual Host>:8000/consumption/idcplg?IdcService=SS_GET_PAGE&nodeId=3400 [R]
RewriteCond %{REMOTE_ADDR} ^<A specific IP for incoming requests (no caching)
RewriteCond %{REMOTE_ADDR} ^<A specific subnet for incoming requests>
RewriteRule ^/(.*) RULE DIRECTS TO ANOTHER VIRTUAL HOST, DETAILED BELOW>:8000/$1 [P]
RewriteRule ^/(.*) yet another Virtual Host to cover this rule>:8000/$1 [P]
ProxyRequests off
Amongst the additional defined Virtual Hosts, is one that returns with locally-cached contents (or rather should do)referred-to above
<VirtualHost <IP used by all VirtualHosts>:8000>
ServerName <A FQ server name for this Virtual Host>
Port 8000
RewriteEngine On
RewriteRule ^/$ " one points to its own Virtual Server Name>/consumption/idcplg?Idc
Service=SS_GET_PAGE&nodeId=23" [R]
RewriteRule ^/consumption$ " own Virtual Server name>/consumption
/idcplg?IdcService=SS_GET_PAGE&nodeId=23" [NC,R]
RewriteRule ^/consumption/$ " own virtual server name>/consumptio
n/idcplg?IdcService=SS_GET_PAGE&nodeId=23" [NC,R]
RewriteCond %{QUERY_STRING} !csa=xY73MKJ9
RewriteRule ^/(.*) own virtual server name>
/$1? xxx=some auth string [QSA,P]
ProxyRequests off
ProxyPass / proxy Virtual Host name>
CacheRoot /apachedata/cache/csaproxy
CacheSize 1048576
CacheGcInterval 24
CacheMaxExpire 24
CacheLastModifiedFactor 1
So I reckon I've missed something pretty fundamental here - everything fine and dandy when using port 80 (and changing all the references for "Port" to "80, with the caching, when required, but when I employ Port 8000, content is delivered, but not using the local caching.
Any observations or ideas about lines of enquiry I can pursue would be very helpful.
Thanx
recl
I am trying to configure a Solaris 9 host to perform this role in a DMZ for an IIS (hiss boo!) back-end. The server (well actually two of them) are fronted by Cisco load balancers.
In summary the client issues a request on port 80 that is directed to the load balancers, listening on port 80. These in turn at configured to forward to out Apache servers, which have numerous Name-based Virtual Hosts defined, to listen on port 8000. ReWrite-write rules for each Virtual Host detemine how content is returned to the user, either through a non-caching solution that retries the page from the back-end server, or more conventionally, from a cache enabled on the Apache instances themselves. Most of the rules refer the request onto other Virtual Host entries, depending on how the request string is parsed.
The solution works fine, but only when the Virtual Hosts are confgured for port 80. However this entails re-defining the default route to avoid the load balancers and incluing requests simply come via the firewall/router. When enabled for port 80, pages are returned from the caches for those Re-Write rules that are relevant and from the back-end (via the reverse proxy) for those rules that don't instigate a cache.
However, when configured for Virtaul Hosts that run via port 8000 (which entails a default route to the load balencers) the pages are indeed returned to the users browsers, but the Apache cache is completely circumvented - therefore defeating the use of Apache at all. Content is returned via Port 80, through the firewall.
I reckon I've made a core config blunder somewhere, but having never tried this before, I can't figure out where. Here's some entries in httpd.conf. Maybe someone will be able to say "You banana! What you've done is..."
Below is an entry from httpd.conf;
BindAddress <IP address shared by all name-based Virtual Hosts>:8000
then we have a "Include /apachedata/conf/httpd.conf" statement to source another conf file. It has a number of Virtual Hosts defined, a few detailed below;
This Virtual Host has Re-write rules that direct to another defined Virtual Host that (should) present content from the local cache (at least it does when configured for port 80)
NameVirtualHost <IP shared by all Virtual Hosts>
<VirtualHost <<The IP shared by all Virtual Hosts>:8000>
ServerName <A FQ server name for this Virtual Host>
Port 8000
RewriteEngine On
RewriteCond %{HTTP:AUTHORIZATION} !^$
RewriteRule ^/ rules directs to another Virtual Host>:8000/consumption/idcplg?IdcService=SS_GET_PAGE&nodeId=3400 [R]
RewriteCond %{REMOTE_ADDR} ^<A specific IP for incoming requests (no caching)
RewriteCond %{REMOTE_ADDR} ^<A specific subnet for incoming requests>
RewriteRule ^/(.*) RULE DIRECTS TO ANOTHER VIRTUAL HOST, DETAILED BELOW>:8000/$1 [P]
RewriteRule ^/(.*) yet another Virtual Host to cover this rule>:8000/$1 [P]
ProxyRequests off
Amongst the additional defined Virtual Hosts, is one that returns with locally-cached contents (or rather should do)referred-to above
<VirtualHost <IP used by all VirtualHosts>:8000>
ServerName <A FQ server name for this Virtual Host>
Port 8000
RewriteEngine On
RewriteRule ^/$ " one points to its own Virtual Server Name>/consumption/idcplg?Idc
Service=SS_GET_PAGE&nodeId=23" [R]
RewriteRule ^/consumption$ " own Virtual Server name>/consumption
/idcplg?IdcService=SS_GET_PAGE&nodeId=23" [NC,R]
RewriteRule ^/consumption/$ " own virtual server name>/consumptio
n/idcplg?IdcService=SS_GET_PAGE&nodeId=23" [NC,R]
RewriteCond %{QUERY_STRING} !csa=xY73MKJ9
RewriteRule ^/(.*) own virtual server name>
/$1? xxx=some auth string [QSA,P]
ProxyRequests off
ProxyPass / proxy Virtual Host name>
CacheRoot /apachedata/cache/csaproxy
CacheSize 1048576
CacheGcInterval 24
CacheMaxExpire 24
CacheLastModifiedFactor 1
So I reckon I've missed something pretty fundamental here - everything fine and dandy when using port 80 (and changing all the references for "Port" to "80, with the caching, when required, but when I employ Port 8000, content is delivered, but not using the local caching.
Any observations or ideas about lines of enquiry I can pursue would be very helpful.
Thanx
recl
