User Based Rate Limiting in Apache - apache2.4

We would like to rate limit requests coming from a user to say 500/hour. Forward proxy would be forwarding user name in a header to Apache which is reverse proxying to Tomcat. Could you help me with a snippet that would help me achieve so?

Related

Can I use Cloudflare to look like multiple websites from one website?

I'm a Cloudflare noob. I have had one site up and running for a while as a way of doing https for my site. I host it on http://www.pishandtish.com (made up name for this example) and through the joys of Cloudflare the world sees it as https://www.pishandtish.com - around the back, Cloudflare is fetching the content from my http://www.pishandtish.com site and proxying it to the world as https://www.pishandtish.com
Pretty straightforward stuff - Cloudflare is proxying my content.
But if, say, I had http://foo.pishandtish.com and http://bar.pishandtish.com, could I use Cloudflare for the rest of the world to see my http://foo.pishandtish.com as https://foo.com, and my http://bar.pishandtish.com as https://bar.com ? (i.e. a way of a cheapskate to do two websites on a single-website hosting plan)
And if so, any clues as to how? Some sort of request rewriting? And can I do it on the free Cloudflare plan?
These are just for very small (zero budget) community groups, and very-low-traffic sites.
OK, what I think you'd need here is for Cloudflare to re-write the Host header of the http request, so that my request for something from foo.com looks like a request for foo.pishandtish.com by the time it arrives at my website (proxied and host-header-rewritten by Cloudflare).
Host-rewriting is a feature for domains on the Cloudflare Enterprise plan.
https://support.cloudflare.com/hc/en-us/articles/206652947-Using-Page-Rules-to-Re-Write-Host-Headers

Create beta subdomain to my main site with these parameters below

I want to redirect (beta.mysite.com) subdomain, which is on another server (I only changed the DNS A record) to my main domain site, but would like to send with parameters like mysite.com?beta=1, and keep the subdomain url like beta.mysite.com.
On the main site I'd like to check the url (with get method) and if it's equal with my conditions I'd change the content with PHP.
Is this possible to do?
Thanks in advance!
You will require a reverse proxy server to do that. Which you can setup on beta.mysite.com and perform the proxy request with additional params.
You can use any of the reverse proxy servers . eg. HAPROXY, nginx etc.

Conditional Configuration in Apache based on HTTP Headers

I want to do some conditional Configuration in Apache based on one particular HTTP request header.
For eg.,
Enable HTTP Digest Authentication for a set of Client IP Address and enable HTTP Basic Authentication for another set of Client IP Address.
For dynamically changing the configuration I am using .htaccess but i am not able to find a way to read the Client IP Address in the Configuration (.htaccess) and apply condition based on the IP Address.
I tried using mod header but i couldn't figure out the way. Please provide me some direction in this regards
Would using the tags fix your problem ?
https://blogs.apache.org/httpd/entry/new_in_httpd_2_4

Is there a way to use WCF to redirect all HTTP requests on a certain port

I need to redirect all requests on port 80 of an application server to a web server. I'm trying to avoid the need to install IIS and instead use WCF to do the job.
It looks like an operation such as the one below is suitable but one problem I've got is if a URL of the form http://mydomain.com/ is used then WCF will present a page about metadata.
[OperationContract, WebGet(UriTemplate = "*")]
RedirectToWebServer();
Does anybody know of a way to get WCF behaving the same as IIS in redirect mode?
This just seems like the wrong tool for the job. If you really don't want to use one of the many web servers that could do this with a couple minutes of setup time (IIS, Apache, Lighttpd), you could just make a simple HTTP socket server.
Listen on port 80. As soon as you get two newlines in a row, send back the response:
HTTP/1.1 301 Moved Permanently
Location: http://myothersite.com/whatever
(I'm almost certain that's the minimum you need). If you want to be really fancy and follow HTTP specs, match HTTP/1.1 or HTTP/1.0 based on what the request has.. but for a quick and dirty redirect, that's all you need.
That said, again, I'd say go grab another web server and set up a redirect using it. There are many lightweight HTTP servers that will work.

Reverse proxy mode Apache intercept or trap 302 responses from backend server and redirect internally without sending 302 response back to client

Does anyone knows how to tell Apache, in reverse proxy mode, to intercept or trap 302 (or 30x) responses from backend server and redirect internally without sending 30x response back to client?
Ultimately, the backend server the response is redirected to would not be accessible from the outside (or not listed in Apache conf).
My situation:
I have web_server_A and web_server_B listening on port 6666 and 7777. These ports are not accessible from outside, but are accessible from the inside.
I can eventually change the behavior of web_server_A, but not the one of web_server_B.
Apache is listening on ports 80/443, accessible from the outside and is acting as a reverse proxy sending requests addressed to web_server_{A,B}.example.com to web_server_{A,B}
The client asks Apache for web_server_A.example.com/foo. Apache proxies the request to web_server_A which makes some stuff and then sends back to Apache a HTTP/302 response pointing on web_server_B.example.com/bar/secret_token. Apache sends back the 302 response to the client which then sends Apache an HTTP request for web_server_B.example.com/bar/secret_token. Apache proxies the request to web_server_B, which replies something (usually it sends back some big file).
My problem:
I don't want the client to know about the url web_server_B.example.com/bar/secret_token, and ultimately I don't want web_server_B to be accessible from outside.
web_server_A could make the request to web_server_B and then send back the answer from web_server_B without issuing a 302 reply. But, the answer from web_server_B might take some time to come, might be quite big, and web_server_A should not spend too much time on any request (it has no ability for handling big files).
So I thought about a "302 trapper" feature that would be nice if existing, but so far haven't fund anything on the web on how to do that. Any idea?
As a reverse proxy, Apache won't be able to "block replies." It's not a censor.
You could write something like this yourself, though.
using ProxyPassReverse directive, web_server_A will modify Location header sent by web_server_B, so the client won't know about him.
to trap redirect from upstream server you can also edit Location header. For instance "Header unset Location" will show apache default 30X error page