5

I need to bypass cross-site scripting restrictions in order to show users a map when they click a link from an external site which I have loaded inside an iframe (external.com/onlyforme). I learned that the easiest way to do this is to set up a reverse proxy so that Apache would retrieve external.com/onlyforme when I access local.com/external, and make it so that it appears to be coming from my domain.

This mostly works, but when external.com/onlyforme/index.html tries to access external.com/onlyforme/site_media/script.js, this gets redirected to local.com/site_media/script.js, which is not what I want. Instead, I would like this to be redirected to the correct URL inside external.com/onlyforme, so that the external site works as expected.

How can I do that?

I have this in my httpd.conf, outside any other config statements:

ProxyRequests Off
ProxyPass /external/ http://www.external.com/onlyforme
ProxyPassReverse /external/ http://www.external.com/onlyforme

I am running Apache 2.2.

user1752615
  • 91
  • 1
  • 2
  • 4

2 Answers2

2

You need to add a couple of ProxyHTMLURLMap directives to the above, to inspect and rewrite any hard coded URL's in the returned HTML e.g.

ProxyRequests Off
ProxyPass        /external/         http://www.external.com/onlyforme
ProxyHTMLURLMap http://www.external.com/onlyforme     /external

<Location /external/>
  ProxyPassReverse  http://www.external.com/onlyforme
  SetOutputFilter proxy-html
  ProxyHTMLURLMap /            /external/
  ProxyHTMLURLMap /site_media  /external/site_media/
</Location>

See also: http://wiki.uniformserver.com/index.php/Reverse_Proxy_Server:_mod_proxy_html

arober11
  • 1,969
  • 18
  • 31
0

arober11's answer greatly helped solving my similar issue. I tried to narrow it down to the shortest set of rules possible, and there is my own configuration to have an Etherpad running at https://my-domain-name.wtf/pad :

<Location /pad>
  ProxyPass http://localhost:9001 retry=0
  # retry=0 => avoid 503's when restarting etherpad-lite
  ProxyPassReverse http://localhost:9001
  SetOutputFilter proxy-html
  ProxyHTMLURLMap http://localhost:9001
</Location>
RewriteRule ^/pad$ /pad/ [R]
Community
  • 1
  • 1
Lucas Cimon
  • 1,859
  • 2
  • 24
  • 33