I was wondering if it would be possible to use Apache together with a Linux
firewall to proxy HTTP even when browsers have not been configured to use a
proxy. More specifically I was thinking of Linux firewall configured with:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to addr_of_apache:port_of_apache
The problem, of course, is that a non-proxy request (= without a full URL) will not be recognized as a proxy request by proxy_detect() in mod_proxy.c.
I came up with the attached patch that seems to solve the problem. The patch tries to check if the Host header of the request is someone else and if so, construct the full URL from the Host header and other information of the request.
There is one problem, though: If Apache does not have a VirtualHost directive
in httpd.conf, it cannot detect requests meant for Apache itself.
Is it required to have a VirtualHost directive in httpd.conf or should I be using some other method to check who the request was meant for? Should there be an option to turn on this transparent proxy support or can it be always on?
I would say that if the user has a forward proxy turned on, and if Apache gets a request for a virtualhost that is not local to the config (ie it's a transparent request), then it seems reasonable for proxy to add the host header and the URL, and fulfil the request.
I don't see that such a thing needs any separate config of any kind - it would be enabled by "ProxyRequests On".
Regards, Graham --
