Re: Transparent proxy setup works fine, but want to confirm the settings

Sat, 14 Feb 2009 12:00:38 -0800 

On 14.02.2009 01:46, Pranav Desai wrote:

On Fri, Feb 13, 2009 at 1:26 AM, Graham Leggett<[email protected]>  wrote:

Pranav Desai wrote:


I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.

RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog "logs/rewrite_log"
RewriteLogLevel 5

Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://<apache_proxy_ip>:<port>/

Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.

That would make perfect sense though, you are asking the server to send you
to the server prefixed with the host header, and when you use the hostname
of the proxy server itself, you create a loop by definition, which means...


So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]

...this is a sensible workaround.


I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?

In theory this will work as is, I am not sure whether there is an option in
the proxy to do this natively without the need for rewrite.



I checked the proxy, and there isn't anything to specifically do this,
but maybe I could have used some ReverseProxy config to get the same
behavior, but I thought RewriteRule was a bit cleaner.
If you do reverse proxy only via RewriteRule, then you end up using no connection pool (i.e. no persistent connections) to the HTTP_HOSTs. In case there are only few of those (or few that carry the most load), you would better define a connection pool to them with ProxyPass. If you want to keep your rewrite construction, you can use a URL in ProxyPass, which you know won't really occur: 

ProxyPass /does/not/exist http://most.important.host/ smax=... ...

Regards,

Rainer

Reply via email to