Apache reverse proxy: how to redirect relative URLs in external site back to itself?
I need to bypass cross-site scripting restrictions in order to show users a map when they click a link from an external site which I have loaded inside an iframe (external.com/onlyforme). I learned that the easiest way to do this is to set up a reverse proxy so that Apache would retrieve external.com/onlyforme when I access local.com/external, and make it so that it appears to be coming from my domain.
This mostly works, but when external.com/onlyforme/index.html tries to access external.com/onlyforme/site_media/script.js, this gets redirected to local.com/site_media/script.js, which is not what I want. Instead, I would like this to be redirected to the correct URL inside external.com/onlyforme, so that the external site works as expected.
How can I do that?
I have this in my httpd.conf, outside any other config statements:
ProxyRequests Off
ProxyPass /external/ http://www.external.com/onlyforme
ProxyPassReverse /external/ http://www.external.com/onlyforme
I am running Apache 2.2.
Answer
You need to add a couple of ProxyHTMLURLMap directives to the above, to inspect and rewrite any hard coded URL's in the returned HTML e.g.
ProxyRequests Off
ProxyPass /external/ http://www.external.com/onlyforme
ProxyHTMLURLMap http://www.external.com/onlyforme /external
<Location /external/>
ProxyPassReverse http://www.external.com/onlyforme
SetOutputFilter proxy-html
ProxyHTMLURLMap / /external/
ProxyHTMLURLMap /site_media /external/site_media/
</Location>
See also: http://wiki.uniformserver.com/index.php/Reverse_Proxy_Server:_mod_proxy_html