Don't proxy urls that don't appear in the map

If a rewritemap fails to find a URL, mod_rewrite will nonetheless continue to attempt to proxy the request; if the request has a hostname in the URI (as it would if it were being used as a forward proxy), then it will proxy to that URI. The upshot is that this was behaving as an open proxy for any URL that it didn't know about. Correct this by "proxying" to http://localhost/notfound in all cases where the map program fails, and then cause that URL to always fail with a 403. This seems a little Rube Goldberg, but I don't see another way to deal with map failures in a rewriterule proxy. Change-Id: I1fdace79b6059c0297dd27b6bc9ce0afa9fe1396
2020-04-06 14:59:20 -07:00 · 2020-04-06 14:59:20 -07:00 · faeda1ab85
parent 6f9af44049
commit faeda1ab85
1 changed files with 2 additions and 1 deletions
--- a/vhost.conf
+++ b/vhost.conf
@ -7,5 +7,6 @@
        # LogLevel alert rewrite:trace6
        RewriteEngine On
        RewriteMap preview "prg://usr/local/bin/zuul-preview"
-        RewriteRule "^/?(.*)$" "${preview:%{ENV:ZUUL_API_URL} %{HTTP_HOST}}/$1" [P]
+        RewriteRule "^/notfound" "-" [F]
+        RewriteRule "^/?(.*)$" "${preview:%{ENV:ZUUL_API_URL} %{HTTP_HOST}|http://localhost/notfound}/$1" [P]
 </VirtualHost>