0

We are given the task to check URLs for integrity by the parameters on an apache reverse proxy. One of them is a hash that was calculated from 3 others. If the URL seems intact the reverse proxy functionality should kick in. Our problem is that we don't know how to reroute the request from php after checking back to the apache so it would continue/restart processing it.

We tried to start a new request with file_get_contents() but that doesn't handle the redirect well and waits for a timeout.

It would be better not to reimplement a reverse proxy in php but let the apache do this. Our hash checking looks like this:

<?php
    $ss=$_SERVER['QUERY_STRING'];
    parse_str($ss,$qa);
    if (array_key_exists('hash', $qa)&&array_key_exists('id1', $qa)&&array_key_exists('id2', $qa)&&array_key_exists('id3', $qa)) {
        $hstr=$qa['id1'].$qa['id2'].$qa['id3'];
        $hash=hash_hmac('md5',$hstr, '@#$%^&**&^@ key !@^&*&T^%$');
        if ($qa['hash']==$hash) {

and here we should do something so php would pass the request back to apache process queue.

Thanks in advance!

Improve this question
3
  • To clarify, once PHP has checked a given URL, do you want the client to access the URL directly? Could this be achieved with header('Location: ...'); so that the client browser is redirected to the URL? Commented Oct 25, 2013 at 13:59
  • No, the service shouldn't be accessed at all without a hash so after checking we need the reverse proxy functionality. Commented Oct 25, 2013 at 14:13
  • As far as I know there is no way to execute a PHP/CGI script and then pass the request back to Apache to process using its proxy module. In this setup, PHP is acting as an authorization agent and reverse proxy in itself. Commented Oct 25, 2013 at 15:07

1 Answer 1

Reset to default
1

A solution would be the Apache's URL rewrite module (mod_rewrite). That can pass the URL to an external program to rewrite it and in turn do something conditionally. For example:

RewriteEngine on
RewriteMap hash prg:/var/www/html/url.php
RewriteCond ${hash:%{QUERY_STRING}} !^.*hashis=bad$ [nocase]
RewriteRule ^/something/(.*)$ http://proxied.server:1234/$1 [proxy]
RewriteRule ^.*$ http://some.default.page [proxy]

The program should wait for the URLs on the stdin and write the modified URLs on stdout just make sure you put a \n at the end. Find more details in the module's documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.