I want to provide static looking URLs to internal graph generators without passing on potentially malicious query parameters from the client.
I got a VirtualHost configuration that looks kinda like this
<VirtualHost *:443>
# ServerName, ServerAlias, SSLEngine, SSLCertificate...
SSLProxyEngine on
ProxyPass /graph/great-graph1.png https://some.internal.host/the-graph.png?width=..&height=..&<more params>
ProxyPass /graph/great-graph2.png https://other.internal.host/the-graph.png?width=..&height=..&<more params>
</VirtualHost>
And it almost works as I want it to. The graphs are loaded from the correct hosts, but two things to not work:
- The configured query parameters are ignored
- The query parameters given by the client are passed on to the internal host
I tried adding noquery to the end of the line of the ProxyPass of which the existence is mentioned here but without any effect.
I also tried various RewriteRules (with enabled RewriteEngine) but I couldn't figure out the correct approach here as well.