Proxy a URL to a dynamically set port

linux-networkingPROXYreverse-proxy

Say I have URL=www.mysite.com/20000/

I want to get a proxy that can then direct traffic to www.mysite.com:20000. The catch is I don't know what the URL's/ports will be ahead of time. So I can't statically match url /20000/ to port 20000 in the proxy config. Is there a program I could use that I could save a regx from the URL to a variable and set that to the port I want to proxy? Or is this not possible. For context this is a front-end to view SSH connections that come in on random ports. Thanks

Best Answer

Word of caution:

The solution below can be a major security issue because you allow the end user to specify a port to hit on the backend server, hence opening the door to allowing access to ports that shouldn't be visible on the outside.

Some mechanism would have to be in place to prevent unwanted ports - this could also be done in a similar fashion with mod_rewrite to let through anything you want and block what you don't want.

This could be done using Apache httpd mod_rewrite and proxy, the directive would be:

RewriteEngine on
RewriteRule ^/?([0-9]*)/(.*)    http://www.example.com:$1/$2 [L,P]

You will need to enable mod_rewrite and mod_proxy. For full documentation on mod_rewrite, you can consult:

That said, it would probably be better to actually set it up with ProxyPassMatch...

ProxyPassMatch "^/?([0-9]*)/(.*)" "http://backend.example.com:$1/$2"

Related Solutions

Apache 2.2 disable reverse proxy on location

From reading ProxyPass's doc, You should do something like that :

ProxyPass                /dir1/ !
ProxyPass                /dir2/ !
ProxyPass                /      http://127.0.0.1:8080/
ProxyPassReverse         /      http://127.0.0.1:8080/

Linux support for proxy PAC files

Support for proxy autoconfiguration on Windows seems so "seamless" because it's implemented by the WinHTTP client, which is stored in a DLL accessible to all applications with a public API. Many applications use WinHTTP and get proxy-autoconfiguration "for free".

In the Linux world, each application is typically making its own socket calls and using its own implementation of the HTTP protocol. There are HTTP libraries out there, but it's much more likely, as compared to Windows, that applications are going to handle doing HTTP on their own and probably won't have a Javascript interpreter necessary to process a proxy autoconfiguration file.

You might consider running a local proxy server on the Linux machine, specifying itself as the HTTP_PROXY system-wide, and then configuring that local proxy server with the necessary rules to access some sites directly versus using the corporate proxy as a parent.

Squid could do what you want, but it's fairly heavyweight. I just found this interesting tinyproxy project, and it certainly looks promising (allows for selective use of an upstream proxy by domain, very lightweight, etc), but I've never used it personally and know nothing about it. (In theory, one could modify tinyproxy to actually parse the proxy autoconfiguration file. That'd be a really neat trick, though not something I have time to work on...)

Best Answer

Related Solutions

Apache 2.2 disable reverse proxy on location

Linux support for proxy PAC files

Related Topic