#
# URL Remapping Config File
#
# Using remap.config allows you to accomplish two things:
#
# 1) Rewrite a URL (from the client) before sending it to the Origin Server.
# 2) Protect the proxy server, to only allow certain requests.
#
# With the default configurations, at least one remap rule is required. This
# can be relaxed with the following configuration in records.config:
#
# CONFIG proxy.config.url_remap.remap_required INT 0
#
# Be aware, doing so makes the proxy a generic, open-relay!
#
# The format is:
# <map_type> client-URL origin-server-URL
#
# Where client-URL and origin-server-URL are both of the format
# <scheme>://<host>:<port>/<path_prefix>
#
# Six different types of mappings are possible:
# map [with_recv_port | reverse]
# redirect [temporary]
#
# the rule can have regular expression strings. See the last part of
# this description for more information on regex support.
#
# The 'map' mapping is the most straightforward. Requests that match the
# client-URL are rewritten into the origin-server-URL. The user agent will see
# the page on the remapped URL, but will not be notified of the address
# change.
#
# The 'map with_recv_port' is exactly like 'map' except that it uses the port
# at which the request was received to perform the mapping instead of the port
# present in the request. When present, 'map with_recv_port' mappings are
# checked first. If there is a match, then it is chosen without evaluating the
# "regular" forward mapping rules.
#
# The 'map reverse' mapping is used to rewrite location headers sent by the
# origin server. The 'redirect' mapping creates a permanent redirect message
# and informs the browser of the URL change.
#
# The 'redirect temporary' mapping acts in the same way but tells the browser
# that this redirect is only temporary. We need to map the URL in reverse
# proxy mode so that user agents know to contact Traffic Server and not
# attempt to contact the Origin Server directly.
#
# For example, you can set up a reverse proxy for www.example.com with the
# real content situated at server1.example.com with the rules:
#
# map http://www.example.com/ http://server1.example.com/
# map reverse http://server1.example.com/ http://www.example.com/
#
# Or you could permanently redirect users trying to access www.oldserver.com
# to www.newserver.com with the following rule:
#
# redirect http://www.oldserver.com/ http://www.newserver.com
#
# If the redirect is only temporary, you want to only temporarily remap the
# URL. You could use the following rule to divert users away from a failed
# server:
#
# redirect temporary http://broken.firm.com http://working.firm.com
#
# 'redirect-URL' is a redirection URL specified according to RFC 2616 and can
# contain special formatting instructions for run-time modifications of the
# resulting redirection URL. All regexes Perl compatible regular expressions,
# which describes the content of the "Referer" header which must be
# verified. In case an actual request does not have "Referer" header or it
# does not match with referer regular expression, the HTTP request will be
# redirected to 'redirect-URL'.
#
# At least one regular expressions must be specified in order to activate
# 'deep linking protection'. There are limitations for the number of referer
# regular expression strings - 2048. In order to enable the 'deep linking
# protection' feature in Traffic Server, configure records.config with:
#
# CONFIG proxy.config.http.referer_filter INT 1
#
# In order to enable run-time formatting for redirect0URL, configure
#
# CONFIG proxy.config.http.referer_format_redirect INT 1
#
# When run-time formatting for redirect-URL was enabled the following format
# symbols can be used:
#
# %r - to substitute original "Referer" header string
# %f - to substitute client-URL from 'map' record
# %t - to substitute origin-server-URL from 'map' record
# %o - to substitute request URL to origin server, which was created a
# the result of a mapping operation
#
#
# Regex support: Regular expressions can be specified in the rules with the
# following limitations:
#
# 1) Only the host field can have regexes - the scheme, port and other
# fields cannot.
# 2) The number of capturing sub-patterns is limited to 9;
# this means $0 through $9 can be used as substitution place holders ($0
# will be the entire input string)
# 3) The number of substitutions in the expansion string is limited to 10.
#
#
#
acl define allow_specified_client_access allow {
src_ip 0.0.0.0-255.255.255.255
}
acl define deny_all_client_access deny {
src_ip 0.0.0.0-255.255.255.255
}
acl define allow_only_administrator_access allow {
src_ip 127.0.0.1
src_ip 10.254.33.20
}
http 10.254.33.20:8828 {
acl check allow_only_administrator_access
acl check deny_all_client_access
map /cache-internal/ http://{cache-internal}
map /cache/ http://{cache}
map /stat/ http://{stat}
map /test/ http://{test}
map /hostdb/ http://{hostdb}
map /net/ http://{net}
map /http/ http://{http}
map /migrate/ http://{migrate}
}
map http://(.+)/ http://$1/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):9999/ http://$1:9999/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map https://(.+)/ https://$1/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):81/ http://$1:81/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):82/ http://$1:82/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):443/ http://$1:443/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):8080/ http://$1:8080/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):8081/ http://$1:8081/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):8090/ http://$1:8090/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}
map http://(.+):9080/ http://$1:9080/ {
acl check allow_specified_client_access
acl check deny_all_client_access
}