Since our GUI runs on the Apache web server, I can take advantage of mod_rewrite, which rewrites the requested URL on the fly. Let's assume my server runs on 192.168.100.100. I've got this code in an html file:
<div class=camera style="z-index:5; position: absolute; left: 49; top: 355px; cursor: pointer;">
<img src=images/camera_left.png border=0 onmousedown="javascript:selectCam('SideCam');" id=SideCam>
</div>
The selectCam function:
function selectCam(camera) {
var newurl,xyz;
if (camera=="SideCam") {
// set channel on 9100A
newurl="192.168.100.200/SetChannel.cgi?Channel=0";
// AJAX call to load URL
xyz=loadXMLDoc(newurl);
}
}
What I need to do is make the AJAX call look like it's going from the same address as the web server. I just need to edit the httpd.conf file for Apache and enabled mod_rewrite and proxy modules:
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Then, I need to turn on the rewrite engine and give it a rule to rewrite certain URLs:
RewriteEngine On
RewriteRule ^/9100a/(.*) $1 [P]
The above rule will rewrite any URL containing /9100a/ with the text following /9100a/. Now, I can change the URL in the selectCam function above as follows:
newurl="/9100a/http://192.168.100.200/SetChannel.cgi?Channel=0";
This will trick the cross site scripting checks since the URL appears to be local. The URL is rewritten by Apache to http://192.168.100.200/SetChannel.cgi?Channel=0, Apache will serve as a proxy to that URL and everyone's happy!
No comments:
Post a Comment