3
2
# URL Remapping Config File
6
# <map_type> <scheme>://<host>:<port>/<path_prefix> <scheme>://<host>:<port>/<path_prefix> fromURL toURL <tag_value> <filtering arguments>
7
# this last <tag_value> directive is optional and can be different for different types of <map_type>
8
# <filtering arguments> are optional ACL-like argumens unique for each remap rule
10
# Six different types of mappings are possible -- 'map', 'map_with_referer',
11
# 'map_with_recv_port', 'reverse_map', 'redirect', and 'redirect_temporary'.
4
# Using remap.config allows you to accomplish two things:
6
# 1) Rewrite a URL (from the client) before sending it to the Origin Server.
7
# 2) Protect the proxy server, to only allow certain requests.
9
# With the default configurations, at least one remap rule is required. This
10
# can be relaxed with the following configuration in records.config:
12
# CONFIG proxy.config.url_remap.remap_required INT 0
14
# Be aware, doing so makes the proxy a generic, open-relay!
17
# <map_type> client-URL origin-server-URL <tag_value> <filtering>
19
# Where client-URL and origin-server-URL are both of the format
20
# <scheme>://<host>:<port>/<path_prefix>
22
# The <tag_value> directive is optional and can be different for different
23
# types of <map_type>. The <filtering arguments> are optional ACL-like
24
# arguments unique for each remap rule
26
# Six different types of mappings are possible:
12
34
# Each of these map types can be prefixed with the string 'regex_' to indicate
13
35
# that the rule will have regular expression strings. See the last part of
14
36
# this description for more information on regex support.
16
38
# The 'map' mapping is the most straightforward. Requests that match the
17
# from URL are changed into the to URL. The user agent will see the new
18
# page but will not be notified of the address change.
19
# The 'map_with_referer' is an extended version of 'map', which can be used
20
# to activate the so-called "deep linking protection" feature avaialble in
23
# The 'map_with_recv_port' is exactly like 'map' except that it uses the
24
# port at which the request was received to perform the mapping instead of
25
# the port present in the request. When present, 'map_with_recv_port'
26
# mappings are checked first. If there is a match, then it is chosen without
27
# evaluating the "regular" forward mapping rules.
29
# The 'reverse_map' mapping is used to rewrite location headers sent by
30
# the origin server. The 'redirect' mapping creates a permanent redirect
31
# message and informs the browser of the URL change.
39
# client-URL are rewritten into the origin-server-URL. The user agent will see
40
# the page on the remapped URL, but will not be notified of the address
43
# The 'map_with_referer' is an extended version of 'map', which can be used to
44
# activate the so-called "deep linking protection" feature available in
45
# Apache Traffic Server.
47
# The 'map_with_recv_port' is exactly like 'map' except that it uses the port
48
# at which the request was received to perform the mapping instead of the port
49
# present in the request. When present, 'map_with_recv_port' mappings are
50
# checked first. If there is a match, then it is chosen without evaluating the
51
# "regular" forward mapping rules.
53
# The 'reverse_map' mapping is used to rewrite location headers sent by the
54
# origin server. The 'redirect' mapping creates a permanent redirect message
55
# and informs the browser of the URL change.
32
57
# The 'redirect_temporary' mapping acts in the same way but tells the browser
33
58
# that this redirect is only temporary. We need to map the URL in reverse
34
59
# proxy mode so that user agents know to contact Traffic Server and not
52
77
# redirect_temporary http://broken.firm.com http://working.firm.com
54
# In order to use "deep linking protection" Traffic Server's feature, the 'map_with_referer'
55
# mapping scheme must be used.
56
# In general, the format of 'map_with_referer' is the following:
58
# map_with_referer fromURL toURL redirectURL refererRegExp1 [refererRegExp2 ... refererRegExp2]
60
# Where fromURL and toURL must be specified in the same manner as in a regular 'map'.
61
# redirectURL is a redirection URL specifed according to RFC 2616 and can contain
62
# special formatting instructions for run-time modifications of the resulting redirection URL.
63
# refererRegExp is a POSIX regular expression, which describes the content of the "Referer" header
64
# which must be verified. In case an actual request does not have "Referer" header or
65
# it does not match with referer regular expression, the HTTP request will be redirected to
67
# At least one refererRegExp must be specified in order to activate 'deep linking protection'.
68
# There are limitations for the number of referer regular expression strings - 2048.
69
# In order to enable the 'deep linking protection' feature in Traffic Server
70
# 'CONFIG proxy.config.http.referer_filter INT 1' configuration record must be specified in
71
# the records.config file. Without this configuration record, the 'map_with_referer' entry will be
72
# treated as a regular 'map' without "Referer" header validation.
73
# In order to enable run-time formatting for redirectURL
74
# 'CONFIG proxy.config.http.referer_format_redirect INT 1' must be specified in the records.config file.
75
# Without this configuration record redirectURL will be used 'as is' without modifications.
76
# However, if run-time formatting for redirectURL was enabled the following format symbols can be used:
77
# %r - to substitute original "Referer" header string from client's request.
78
# %f - to substitute fromURL from 'map_with_referer' record
79
# %t - to substitute toURL from 'map_with_referer' record
80
# %o - to substiture request URL to origin server, which was created as the result of a mapping operation
82
# Note: There is a special referer type "~*" that can be used in order to specify that the Referer header is optional in the request.
83
# If "~*" referer was used in map_with_referer mapping, only requests with Referer header will be verified for validity.
84
# If the "~" symbol was specified before referer regular expression, it means that the request with a matching referer header
85
# will be redirected to redirectURL. It can be used to create a so-called negative referer list.
86
# If "*" was used as a referer regular expression - all referers are allowed.
87
# Various combinations of "*" and "~" in a referer list can be used to create different filtering rules.
90
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games .*\.bar\.com www.bar-friends.com
91
# Rule: Referer header must be in the request, only ".*\.bar\.com" and "www.bar-friends.com" are allowed.
79
# In order to use "deep linking protection" Traffic Server's feature, the
80
# 'map_with_referer' mapping scheme must be used. In general, the format of is
83
# map_with_referer client-URL origin-server-URL redirect-URL regex1 [regex2 ...]
85
# 'redirect-URL' is a redirection URL specified according to RFC 2616 and can
86
# contain special formatting instructions for run-time modifications of the
87
# resulting redirection URL. All regexes Perl compatible regular expressions,
88
# which describes the content of the "Referer" header which must be
89
# verified. In case an actual request does not have "Referer" header or it
90
# does not match with referer regular expression, the HTTP request will be
91
# redirected to 'redirect-URL'.
93
# At least one regular expressions must be specified in order to activate
94
# 'deep linking protection'. There are limitations for the number of referer
95
# regular expression strings - 2048. In order to enable the 'deep linking
96
# protection' feature in Traffic Server, configure records.config with:
98
# CONFIG proxy.config.http.referer_filter INT 1
100
# In order to enable run-time formatting for redirect0URL, configure
102
# CONFIG proxy.config.http.referer_format_redirect INT 1
104
# When run-time formatting for redirect-URL was enabled the following format
105
# symbols can be used:
107
# %r - to substitute original "Referer" header string
108
# %f - to substitute client-URL from 'map_with_referer' record
109
# %t - to substitute origin-server-URL from 'map_with_referer' record
110
# %o - to substitute request URL to origin server, which was created a
111
# the result of a mapping operation
113
# Note: There is a special referer type "~*" that can be used in order to
114
# specify that the Referer header is optional in the request. If "~*" referer
115
# was used in map_with_referer mapping, only requests with Referer header will
116
# be verified for validity. If the "~" symbol was specified before referer
117
# regular expression, it means that the request with a matching referer header
118
# will be redirected to redirectURL. It can be used to create a so-called
119
# negative referer list. If "*" was used as a referer regular expression -
120
# all referers are allowed. Various combinations of "*" and "~" in a referer
121
# list can be used to create different filtering rules.
124
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games .*\.bar\.com www.bar-friends.com
126
# Explanation: Referer header must be in the request, only ".*\.bar\.com"
127
# and "www.bar-friends.com" are allowed.
93
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games * ~.*\.evil\.com
94
# Rule: Referer header must be in the request but all referers are allowed except ".*\.evil\.com".
96
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/error ~* * ~.*\.evil\.com
97
# Rule: Referer header is optional. However, if Referer header exists, only request from ".*\.evil\.com" will be redirected to redirectURL.
129
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games * ~.*\.evil\.com
131
# Explanation: Referer header must be in the request but all referers are
132
# allowed except ".*\.evil\.com".
134
# map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/error ~* * ~.*\.evil\.com
136
# Explanation: Referer header is optional. However, if Referer header exists,
137
# only request from ".*\.evil\.com" will be redirected to redirect-URL.
99
139
# There are optional filtering arguments that can be specified at the end of the mapping definition line:
103
# @method=HTTP method string (CONNECT|DELETE|GET|HEAD|ICP_QUERY|OPTIONS|POST|PURGE|PUT|TRACE|PUSH)
104
# @plugin=<plugin_path>
105
# @pparam=<plugin_param>
143
# @method=HTTP method string (CONNECT|DELETE|GET|HEAD|ICP_QUERY|OPTIONS|POST|PURGE|PUT|TRACE|PUSH)
144
# @plugin=<plugin_path>
145
# @pparam=<plugin_param>
107
147
# There is no limitation for the number of filtering arguments.
110
# map http://foo.cow.com/ http://bar.cow.com @src_ip=10.72.118.51-10.72.118.62 @method=GET @method=DELETE @src_ip=192.168.0.1-192.168.0.254 @action=allow @method=PUT
150
# map http://foo.cow.com/ http://bar.cow.com @src_ip=10.72.118.51-10.72.118.62 @method=GET @method=DELETE @src_ip=192.168.0.1-192.168.0.254 @action=allow @method=PUT
153
# ToDo: This has to be documented.
113
154
# .defflt disable_all @action=deny @src_ip=0.0.0.1-254.254.254.254
114
155
# .defflt disable_delete_purge @action=deny @method=delete @method=purge
115
156
# .useflt disable_all
116
157
# .useflt disable_delete_purge
118
# Regex support: Regular expressions can be specified in the rules with the
159
# Regex support: Regular expressions can be specified in the rules with the
119
160
# following limitations:
121
# 1) Only the host field can have regexes - the scheme, port and other fields cannot.
122
# 2) The number of capturing sub-patterns is limited to 9; this means $0 through $9 can
123
# be used as substitution place holders ($0 will be the entire input string)
124
# 3) The number of substitutions in the expansion string is limited to 10
162
# 1) Only the host field can have regexes - the scheme, port and other
164
# 2) The number of capturing sub-patterns is limited to 9;
165
# this means $0 through $9 can be used as substitution place holders ($0
166
# will be the entire input string)
167
# 3) The number of substitutions in the expansion string is limited to 10.