Recently I installed “eScan for Linux Servers” on one of our client’s server. eScan has a great Linux virus scanner. In addition to a command line utility, it provides a web interface. The web interface runs on port 10443 by default. The problem is the client’s server was firewalled and I didn’t want to open a new port just for eScan. So I setup a reverse proxy in Apache on a virtual hosts. It got interesting when I discovered that the web interface was embedding internal urls in to the content so I had to add mod_filter and mod_substitute. Here’s the final config:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
LoadModule filter_module modules/mod_filter.so LoadModule substitute_module modules/mod_substitute.so <VirtualHost *:80> ServerName av.acme.com:80 UseCanonicalName on SSLProxyEngine on ProxyPass / https://localhost:10443/ ProxyPassReverse / https://localhost:10443/ ErrorLog logs/av.acme.com-error_log CustomLog logs/av.acme.com-access_log common ProxyPreserveHost on # declare that content should be filtered through mod_substitute FilterDeclare NOLH FilterProvider NOLH SUBSTITUTE resp=Content-Type $text/html FilterChain +NOLH # replace local urls with remote Substitute "s|https://127.0.0.1:10443|http://av.acme.com|in" <Location / > AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/httpd/conf.d/av.passwd Require user admin </Location> </VirtualHost> |
Similar configuration could be used to map other odd-port web interfaces into a virtual host.