Embed Size (px)
Citation preview
By:Brian Horncastle,
Unix Systems Network Administrator,
Camosun College, 3100 Foul Bay Road,
Victoria, BC, V8P 5J2
Email: [email protected]
Tel: (250) 370-4623
Reverse Proxying 101
OverviewComic ReliefWhat is Forward Proxying?What is Reverse Proxying?Reverse Proxying & The LibraryProxying SoftwareReverse Proxying DiagramUseful LinksCamosun College Case StudyThe Code
Comic Relief
Forward Proxying
What is Forward Proxying?“Forward proxy” settings are required
to be configured in the end user’s web browser, including:
proxy addressport
The end user accesses forward proxied sites by using:
the original URL of the site, unmodifiedoin other words, the URL of the
destination site is not manipulated by the end user for proxying to occur.
What is Forward Proxying? (cont)“Forward proxying” is practical in an
environment where:an organization has control over work
stations you can have pre-configured proxy settings
in the browser you prefer end user is unaware that they
are using a proxy“Forward proxying” is not practical if:
the end user is expected to change browser settings themselves
othis can very easily become a nightmare for an organization’s helpdesk
o in this situation, “Reverse proxying” is the preferred method of proxying
What is Forward Proxying? (cont)Within an organization “Forward
proxying” is appropriate for: providing access control to end users browsing the internet
i.e. allowing or deny access to specific sites
“Forward proxying” is also commonly used to:
speed up access to web resources, when caching is turned on
Reverse Proxying
What is Reverse Proxying?“Reverse proxying” does not:
require any changes to the end user’s browser settings
“Reverse proxying” works via:the end user supplying the proxy server’s address (& port if necessary) in the browser’s URL field, with the destination URL appended or pre-pended
a link that the end user clicks on if prefered; so this isn’t as horrifying as it sounds
What is Reverse Proxying? (cont)
“Reverse proxying” is commonly used to:
provide the outside world access to an organizations' internal web service
prevent an internal server being directly exposed to the outside world
provide a layer of abstraction that improves security
What is Reverse Proxying? (cont)A “Reverse proxy” *can* be used to provide
SSL in-front of servers that otherwise run straight HTTP unencrypted; with this said:
best practice is to run SSL from end to end i.e. from source server to proxy, and from proxy to client
this is important for transfer of sensitive data, including credit card payments
one does not want to give a hacker an opportunity to sniff such data at any point over the wire
Reverse Proxying & The LibraryLibraries commonly use “Reverse proxying”
to provide external clients access to external library web resources:e.g.
Ebsco Wilson Web GaleOvid
Many of these external resources grant access based on an organizations’ IP range.
Reverse Proxying & The Library (cont)
If end users access a Library resource via the organizations’ “Reverse proxy”:
the resource sees the traffic as originating from the allowed IP range,
and access to the resource is grantedIf the end users try to access the resource
directly, without going through the proxy:they are denied access because they are not originating from an accepted IP range.
EZProxy by OCLC is a product that is commonly used by Libraries for “Reverse Proxying”.
Proxying Software Apache
(http://www.apache.org & http://www.apachetutor.org/admin/reverseproxies)
EZProxy
(http://www.oclc.org/ezproxy)
Squid
(http://www.squid-cache.org)
IIS7
(http://www.iis.net & http://forums.iis.net/t/1156458.aspx )
ISA / Forefront
(http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/default.aspx)
Note: More software options can be found at http://en.wikipedia.org/wiki/Web_proxy
Reverse Proxying Diagram
Source: http://www.coderjournal.com/uploads/2008/02/coder-journal-structure.png
This example from Coder Journal shows how a reverse proxy may be used to provide access to an internal web service. The end user never sees the address of the backend server.
Useful Links Hypertext Transfer Protocol -- HTTP/1.1 RFC
http://tools.ietf.org/html/rfc2616
NCTU Department of Computer Science, Proxy Presentation
http://www.cs.nctu.edu.tw/~chwong/course/sysadm/slide/Web%20Proxy.pdf
A Reverse Proxy Is A Proxy By Any Other Name http://www.sans.org/reading_room/whitepapers/webservers/a_reverse_proxy_is_a_proxy_by_any_other_name_302?show=302.php&cat=webservers
Proxy and reverse proxy servershttp://en.kioskea.net/contents/lan/proxy.php3
Reverse Proxying With Apache 2.0 http://www.serverwatch.com/tutorials/article.php/3290851
Camosun College Case Study
Camosun College Case Study1) 2)
3) 4)
Camosun College Case Study (cont)
Camosun College Case Study (cont)
Camosun Library had been using EZProxy
Direction was given to explore alternatives
Loosely followed Apache Reverse Proxy tutorial at:
http://www.apachetutor.org/admin/reverseproxies
Camosun College Case Study (cont)Configured Apache to behave similar to EZProxy.
Created a script that dynamically generates reverse proxy directives for the list of Library resource URLs each time Apache is restarted.
Configured Kerberos Authentication Configured HTML URL mapping / rewriting.
oMade heavy use of includes so that every reverse proxied site is aware of every other reverse proxied site
oi.e. Links between reverse proxied Library resources don’t break
Camosun College Case Study (cont)
We ended up returning to EZProxy as we couldn’t make Apache work perfectly with a select few Library resources within our project time frame
Most Library resources did work fine, and given time to develop further we are confident we could have prefected.
Camosun College Case Study (cont)
“EZproxy® authentication and access software at a glance
EZproxy helps provide users with remote access to Web-based licensed content offered by libraries. It is an easy to setup and easy to maintain program. More than 2,500 institutions in over 60 countries have purchased EZproxy software.
Benefits•The industry leading, robust middleware solution for remote user authentication •It connects to a large number of content providers (including OCLC FirstSearch, EBSCO, Gale, etc.) •It connects to a wide variety of authentication services (including LDAP, SIP, Athens and Shibboleth) which reduces the number of authorizations/passwords and provides a better end-user experience •An easy to setup and easy to maintain program”
(SOURCE: http://www.oclc.org/ezproxy/about/default.htm)
Camosun College Case Study (cont)
“Features
•EZproxy works by dynamically altering the URLs within the Web pages provided by your database vendor. The server names within the URLs of these Web pages are changed to reflect your EZproxy server instead, causing your users to return to the EZproxy server as they access links on these Web pages. The result is a seamless access environment for your users without the need for automatic proxy configuration files. EZproxy only alters references to your database vendors' Web pages, so if your database vendor provides additional links to other free Web pages on the Internet, these are left as-is. In this manner, if your users elect to follow one of these links, the EZproxy server is automatically taken out of the communication loop.
•EZproxy maintains a standard Web server log file of usage. Using standard Web log analysis tools, you can evaluate which databases are being used remotely and use these statistics to help justify your budget requests for database licensing.”
(SOURCE: http://www.oclc.org/ezproxy/about/default.htm)
THE END.Unless you like code….
Camosun College Case StudyThe Code
Camosun College Case Study The Code proxy-main.conf
##############################
#### Proxy Listening Port ####
##############################
Listen 443
NameVirtualHost *:443
#############################
#### SSL GLOBAL SETTINGS ####
#############################
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
################################ Proxy Virtual Host ################################
<VirtualHost *:443>
DocumentRoot /var/www/vhosts/default-secure
################################ ## VHOST SSL Proxy Settings ## ################################
SSLEngine On SSLProtocol all -SSLv2 SSLProxyEngine On #SSLCipherSuite #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /var/www/conf/cert/wildcard.crt SSLCertificateKeyFile /var/www/conf/cert/wildcard.key #SSLCertificateChainFile /var/www/conf/certs/ca.crt
######################################################### # Location based Kerberos authentication for Reverse Proxied sites & Document Root #########################################################
<location /> Include conf/proxy-authentication.conf </location>
Camosun College Case Study The Code proxy-main.conf
################
### Proxying ###
################
<IfModule mod_proxy.c>
##########################
## VHOST Proxy Settings ##
##########################
ProxyRequests On
ProxyVia On
ProxyTimeout 100
ProxyReceiveBufferSize 0
ProxyBadHeader StartBody
# AllowCONNECT 8043 8080
#################
## Proxy Cache ##
#################
# CacheRoot /var/www/proxycache
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
################################################# ## Reverse Proxy HTML Link Rewriting - General ## #################################################
RequestHeader unset Accept-Encoding SetOutputFilter proxy-html
############################################## ## Reverse Proxy HTML Link Rewriting - W3C HTML 4.01 and XHTML 1.0 ## ##############################################
ProxyHTMLLinks a href ProxyHTMLLinks area href ProxyHTMLLinks link href ProxyHTMLLinks img src longdesc usemap ProxyHTMLLinks object classid codebase data usemap ProxyHTMLLinks q cite ProxyHTMLLinks blockquote cite ProxyHTMLLinks ins cite ProxyHTMLLinks del cite ProxyHTMLLinks form action ProxyHTMLLinks input src usemap ProxyHTMLLinks head profile ProxyHTMLLinks base href ProxyHTMLLinks script src for ProxyHTMLLinks meta URL url ProxyHTMLLinks embed pluginspage src server secureserver pserver psecureserver ProxyHTMLLinks option value
Camosun College Case Study The Code proxy-main.conf
################################# ## Reverse Proxy HTML Link Rewriting – # ## Scripting events (with ProxyHTMLExtended On) # #################################
ProxyHTMLEvents \ onclick \ ondblclick \ onmousedown \ onmouseup \ onmouseover \ onmousemove \ onmouseout \ onkeypress \ onkeydown \ onkeyup \ onfocus \ onblur \ onload \ onunload \ onsubmit \ onreset \ onselect \ onchange \ openWeblink \ Image \ new \
######################################### ## Reverse Proxy HTML Link Rewriting - # ## Legacy support (pre-1998, aka "transitional") HTML or XHTML # ########################################
ProxyHTMLLinks frame src longdesc realsrc ProxyHTMLLinks iframe src longdesc realsrc ProxyHTMLLinks body background ProxyHTMLLinks td background ProxyHTMLLinks applet codebase
######################################### ## Reverse Proxy HTML Link Rewriting - Proprietary HTML variants ## ######################################### ## EXAMPLE ## ## ## ProxyHTMLLinks myelement myattr otherattr ## #########################################
################### ## Proxy Logging ## ###################
ProxyHTMLLogVerbose On ErrorLog logs/proxy_errors.log TransferLog logs/proxy_access.log LogLevel Info #LogLevel Debug
Camosun College Case Study The Code proxy-main.conf
####################
## Forward Proxying - Default ##
###################
<Proxy *>
############################
# Kerberos Authentication for Forward Proxying #
############################
Include conf/proxy-authentication.conf
########################################
# Deny forward proxying by default unless specified below in allow list #
########################################
order deny,allow
deny from all
allow from none
</Proxy>
###################################### ## Allowed Reverse & Forward Proxies for Authenticated Users ## ######################################
# RewriteEngine On ProxyPreserveHost Off SetEnv proxy-nokeepalive 1 CookieTracking on
Include conf/proxy-reverse.conf Include conf/proxy-forward.conf
</IfModule></VirtualHost>
Authentication Related Configs
Camosun College Case Study The Code proxy-authentication.conf
## Login Message
AuthName "Kerberos Login"
## Define the Authentication Type
AuthType Kerberos
## Define the Keytab file
Krb5Keytab /var/www/etc/auth_kerb.keytab
##Authenticate a Single Domain
# KrbAuthRealm domain1.com
## Authenticate Against Multiple Domains
KrbAuthRealms domain1.com domain2.com
## Kerberous Options
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
## Login Restrictions
Require valid-user
# Require user testuser DOMAIN1\testuser
# Require group DOMAIN1\testgroup
Camosun College Case Study The Code /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
# default_realm = DOMAIN1.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN1.COM = {
# KDC IS THE DOMAIN SERVERS IP
kdc = 192.168.1.20
# ADMIN SERVER IS THE DOMAIN SERVERS IP
admin_server = 192.168.1.20
# DEFAULT DOMAIN IS THE DOMAIN
# default_domain = DOMAIN1.COM
}
DOMAIN2.COM = { # KDC IS THE DOMAIN SERVERS IP kdc = 192.168.2.20 # ADMIN SERVER IS THE DOMAIN SERVERS IP admin_server = 192.168.2.20 # DEFAULT DOMAIN IS THE DOMAIN # default_domain = DOMAIN2.COM }
[domain_realm]domain1.com = DOMAIN1.COM .domain1.com = DOMAIN1.COM
domain2.com = DOMAIN2.COM .domain2.com = DOMAIN2.COM
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false}
Reverse, HTML Url Map, & Forward Config Generation Script
Camosun College Case Study Configuration Files proxy-compile.sh
##################################################
##### Copyright (C) 2009 Camosun College
#####
##### Author: Brian Horncastle
##### Script name: proxy-compile.sh
##### Description:
##### This script generates the following Apache proxy config files
##### - proxy-forward.conf
##### - proxy-reverse.conf
##### - proxy-htmlurlmap.conf
##### Input is taken from the file proxy-list.input
##################################################
### DECLARE VARIABLES ###
varProxyListInputFile="proxy-list.input";
varReverseProxyOutputFile="proxy-reverse.conf";
varHTMLUrlMapOutputFile="proxy-htmlurlmap.conf";
varForwardProxyOutputFile="proxy-forward.conf";
### CLEAR OUTPUT FILE ###
rm $varReverseProxyOutputFile >/dev/null 2>&1;
rm $varHTMLUrlMapOutputFile >/dev/null 2>&1;
rm $varForwardProxyOutputFile >/dev/null 2>&1;
### POPULATE OUTPUT FILES - LOOP THROUGH ALL
### DOMAINS FROM THE INPUT FILE###
for i in $(cat $varProxyListInputFile); do
### WRITE THE FILE THAT WILL BE USED FOR INSERTING HTML URL ### REWRITES FROM ALL SITES FOR ALL SITES TO ALLOW TRAVERSING FROM SITE TO SITE ###
echo " " >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap http://$i /$i" >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap https://$i /$i" >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap http://$i/ /$i/" >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap https://$i/ /$i/" >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap javascript:openWeblink('http://$i/ javascript:openWeblink('/$i/" >> $varHTMLUrlMapOutputFile; echo "ProxyHTMLURLMap javascript:openWeblink('https://$i/ javascript:openWeblink('/$i/" >> $varHTMLUrlMapOutputFile;
### WRITE FIRST LINE OF THE REVERSE PROXY OUTPUT FILE ###
echo " " >> $varReverseProxyOutputFile;
### START LOCATION DIRECTIVE FOR REVERSE PROXIED DOMAIN ###
echo "<Location /$i/>" >> $varReverseProxyOutputFile;
### PROXY SETTINGS FOR DOMAIN ###
# echo " ProxyHTMLMeta Off" >> $varReverseProxyOutputFile; echo " ProxyHTMLExtended On" >> $varReverseProxyOutputFile;
### DEFINED PROXYPASS & PROXYPASSREVERSE FOR PROXYING ###
echo " ProxyPass http://$i/" >> $varReverseProxyOutputFile; echo " ProxyPassReverse http://$i/" >> $varReverseProxyOutputFile; echo " ProxyPass https://$i/" >> $varReverseProxyOutputFile; echo " ProxyPassReverse https://$i/" >> $varReverseProxyOutputFile;
### COOKIE HANDLING ###
echo " ProxyPassReverseCookiePath / /var/www/proxycookies/" >> $varReverseProxyOutputFile; echo " ProxyPassReverseCookieDomain $i webservices2.camosun.bc.ca" >> $varReverseProxyOutputFile;
Camosun College Case Study Configuration Files proxy-compile.sh
### HTML URL MAPPINGS APPLIED TO ALL REVERSE PROXIED SITES
### WITHIN LOCATION DIRECTIVES###
echo " ProxyHTMLURLMap ^/ /$i/ R" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap /$i/ /$i/" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap /$i /$i/ R" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap /$i//$i/ //" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap ../../ /$i/" >> $varReverseProxyOutputFile;
echo " ProxyHTMLURLMap ../ /$i/" >> $varReverseProxyOutputFile;
### SPECIFIC HTML URL MAPPINGS FOR REVERSE PROXIED SITES ###
if [ $i = "search.ebscohost.com" ]
then
echo " ProxyHTMLURLMap proxy.cfm?url=http:// proxy.cfm?url=http://^A" >> $varReverseProxyOutputFile;
fi
if [ $i = "vnweb.hwwilsonweb.com" ]
then
echo " ProxyHTMLURLMap ^/hww/ /$i/hww/ R" >> $varReverseProxyOutputFile;
fi
if [ $i = "site.ebrary.com" ]
then
echo " ProxyHTMLURLMap /images/search/ /$i/images/search/ R" >> $varReverseProxyOutputFile;
fi
if [ $i = "www.ebrary.com" ] then echo " ProxyHTMLURLMap http:// /" >> $varReverseProxyOutputFile; fi
### INSERT HTML URL REWRITES FROM ALL SITES FOR ALL ### SITES TO ALLOW TRAVERSING FROM SITE TO SITE ### echo " Include conf/$varHTMLUrlMapOutputFile" >> $varReverseProxyOutputFile;
### END LOCATION DIRECTIVE FOR REVERSE PROXIED DOMAIN ### echo "</Location>" >> $varReverseProxyOutputFile;
### FORWARD PROXYING ###
echo " " >> $varForwardProxyOutputFile; echo "<ProxyMatch http://$i/*>" >> $varForwardProxyOutputFile; echo " order allow,deny" >> $varForwardProxyOutputFile; echo " allow from all" >> $varForwardProxyOutputFile; echo " deny from none" >> $varForwardProxyOutputFile; echo "</ProxyMatch>" >> $varForwardProxyOutputFile; echo "<ProxyMatch https://$i/*>" >> $varForwardProxyOutputFile; echo " order allow,deny" >> $varForwardProxyOutputFile; echo " allow from all" >> $varForwardProxyOutputFile; echo " deny from none" >> $varForwardProxyOutputFile; echo "</ProxyMatch>" >> $varForwardProxyOutputFile;
done
### WRITE THE FIRST LINE IN THE HTML URL MAP FILE ### echo " " >> $varHTMLUrlMapOutputFile;
### GLOBAL HTML URL REWRITES ### echo " ProxyHTMLURLMap /login?url=http:// \ /login?url=http://^A" >> $varHTMLUrlMapOutputFile;
### APACHE RESTART ###apachectl stopapachectl start
Config that defines what sites to Proxy
Camosun College Case StudyThe Code proxy-list.input
search.ebscohost.comvnweb.hwwilsonweb.comsite.ebrary.comwww.ebrary.com
Reverse, HTML Url Map, & Forward Examples of Generated Configs
Camosun College Case Study The Code proxy-reverse.conf
<Location /search.ebscohost.com/> ProxyHTMLExtended On ProxyPass http://search.ebscohost.com/ ProxyPassReverse http://search.ebscohost.com/ ProxyPass https://search.ebscohost.com/ ProxyPassReverse https://search.ebscohost.com/ ProxyPassReverseCookiePath / /var/www/proxycookies/ ProxyPassReverseCookieDomain search.ebscohost.com webservices2.camosun.bc.ca ProxyHTMLURLMap ^/ /search.ebscohost.com/ R ProxyHTMLURLMap /search.ebscohost.com/ /search.ebscohost.com/ ProxyHTMLURLMap /search.ebscohost.com /search.ebscohost.com/ R ProxyHTMLURLMap /search.ebscohost.com//search.ebscohost.com/ // ProxyHTMLURLMap ../../ /search.ebscohost.com/ ProxyHTMLURLMap ../ /search.ebscohost.com/ ProxyHTMLURLMap proxy.cfm?url=http:// proxy.cfm?url=http://^A Include conf/proxy-htmlurlmap.conf</Location>
<Location /vnweb.hwwilsonweb.com/> ProxyHTMLExtended On ProxyPass http://vnweb.hwwilsonweb.com/ ProxyPassReverse http://vnweb.hwwilsonweb.com/ ProxyPass https://vnweb.hwwilsonweb.com/ ProxyPassReverse https://vnweb.hwwilsonweb.com/ ProxyPassReverseCookiePath / /var/www/proxycookies/ ProxyPassReverseCookieDomain vnweb.hwwilsonweb.com webservices2.camosun.bc.ca ProxyHTMLURLMap ^/ /vnweb.hwwilsonweb.com/ R ProxyHTMLURLMap /vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/ ProxyHTMLURLMap /vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.com/ R ProxyHTMLURLMap /vnweb.hwwilsonweb.com//vnweb.hwwilsonweb.com/ // ProxyHTMLURLMap ../../ /vnweb.hwwilsonweb.com/ ProxyHTMLURLMap ../ /vnweb.hwwilsonweb.com/ ProxyHTMLURLMap ^/hww/ /vnweb.hwwilsonweb.com/hww/ R Include conf/proxy-htmlurlmap.conf</Location>
<Location /site.ebrary.com/> ProxyHTMLExtended On ProxyPass http://site.ebrary.com/ ProxyPassReverse http://site.ebrary.com/ ProxyPass https://site.ebrary.com/ ProxyPassReverse https://site.ebrary.com/ ProxyPassReverseCookiePath / /var/www/proxycookies/ ProxyPassReverseCookieDomain site.ebrary.com webservices2.camosun.bc.ca ProxyHTMLURLMap ^/ /site.ebrary.com/ R ProxyHTMLURLMap /site.ebrary.com/ /site.ebrary.com/ ProxyHTMLURLMap /site.ebrary.com /site.ebrary.com/ R ProxyHTMLURLMap /site.ebrary.com//site.ebrary.com/ // ProxyHTMLURLMap ../../ /site.ebrary.com/ ProxyHTMLURLMap ../ /site.ebrary.com/ ProxyHTMLURLMap /images/search/ /site.ebrary.com/images/search/ R Include conf/proxy-htmlurlmap.conf</Location>
<Location /www.ebrary.com/> ProxyHTMLExtended On ProxyPass http://www.ebrary.com/ ProxyPassReverse http://www.ebrary.com/ ProxyPass https://www.ebrary.com/ ProxyPassReverse https://www.ebrary.com/ ProxyPassReverseCookiePath / /var/www/proxycookies/ ProxyPassReverseCookieDomain www.ebrary.com webservices2.camosun.bc.ca ProxyHTMLURLMap ^/ /www.ebrary.com/ R ProxyHTMLURLMap /www.ebrary.com/ /www.ebrary.com/ ProxyHTMLURLMap /www.ebrary.com /www.ebrary.com/ R ProxyHTMLURLMap /www.ebrary.com//www.ebrary.com/ // ProxyHTMLURLMap ../../ /www.ebrary.com/ ProxyHTMLURLMap ../ /www.ebrary.com/ ProxyHTMLURLMap http:// / Include conf/proxy-htmlurlmap.conf</Location>
Camosun College Case Study The Code proxy-htmlurlmap.conf
ProxyHTMLURLMap http://search.ebscohost.com /search.ebscohost.comProxyHTMLURLMap https://search.ebscohost.com /search.ebscohost.comProxyHTMLURLMap http://search.ebscohost.com/ /search.ebscohost.com/ProxyHTMLURLMap https://search.ebscohost.com/ /search.ebscohost.com/ProxyHTMLURLMap javascript:openWeblink('http://search.ebscohost.com/ javascript:openWeblink('/search.ebscohost.com/ProxyHTMLURLMap javascript:openWeblink('https://search.ebscohost.com/ javascript:openWeblink('/search.ebscohost.com/
ProxyHTMLURLMap http://vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.comProxyHTMLURLMap https://vnweb.hwwilsonweb.com /vnweb.hwwilsonweb.comProxyHTMLURLMap http://vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/ProxyHTMLURLMap https://vnweb.hwwilsonweb.com/ /vnweb.hwwilsonweb.com/ProxyHTMLURLMap javascript:openWeblink('http://vnweb.hwwilsonweb.com/ javascript:openWeblink('/vnweb.hwwilsonweb.com/ProxyHTMLURLMap javascript:openWeblink('https://vnweb.hwwilsonweb.com/ javascript:openWeblink('/vnweb.hwwilsonweb.com/
ProxyHTMLURLMap http://site.ebrary.com /site.ebrary.comProxyHTMLURLMap https://site.ebrary.com /site.ebrary.comProxyHTMLURLMap http://site.ebrary.com/ /site.ebrary.com/ProxyHTMLURLMap https://site.ebrary.com/ /site.ebrary.com/ProxyHTMLURLMap javascript:openWeblink('http://site.ebrary.com/ javascript:openWeblink('/site.ebrary.com/ProxyHTMLURLMap javascript:openWeblink('https://site.ebrary.com/ javascript:openWeblink('/site.ebrary.com/
ProxyHTMLURLMap http://www.ebrary.com /www.ebrary.comProxyHTMLURLMap https://www.ebrary.com /www.ebrary.comProxyHTMLURLMap http://www.ebrary.com/ /www.ebrary.com/ProxyHTMLURLMap https://www.ebrary.com/ /www.ebrary.com/ProxyHTMLURLMap javascript:openWeblink('http://www.ebrary.com/ javascript:openWeblink('/www.ebrary.com/ProxyHTMLURLMap javascript:openWeblink('https://www.ebrary.com/ javascript:openWeblink('/www.ebrary.com/
ProxyHTMLURLMap /login?url=http:// /login?url=http://^A
Camosun College Case Study The Code proxy-forward.conf
<ProxyMatch http://search.ebscohost.com/*> order allow,deny allow from all deny from none</ProxyMatch><ProxyMatch https://search.ebscohost.com/*> order allow,deny allow from all deny from none</ProxyMatch>
<ProxyMatch http://vnweb.hwwilsonweb.com/*> order allow,deny allow from all deny from none</ProxyMatch><ProxyMatch https://vnweb.hwwilsonweb.com/*> order allow,deny allow from all deny from none</ProxyMatch>
<ProxyMatch http://site.ebrary.com/*> order allow,deny allow from all deny from none</ProxyMatch><ProxyMatch https://site.ebrary.com/*> order allow,deny allow from all deny from none</ProxyMatch>
<ProxyMatch http://www.ebrary.com/*> order allow,deny allow from all deny from none</ProxyMatch><ProxyMatch https://www.ebrary.com/*> order allow,deny allow from all deny from none</ProxyMatch>
THE END.For real this time….
