slive 2003/07/24 08:22:30
Modified: htdocs/manual/mod mod_proxy.html
Log:
Backport some stuff from 2.0. See r1.24 in
httpd-2.0/docs/manual/mod/mod_proxy.xml.
Revision Changes Path
1.65 +108 -3 httpd-docs-1.3/htdocs/manual/mod/mod_proxy.html
Index: mod_proxy.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_proxy.html,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -b -u -r1.64 -r1.65
--- mod_proxy.html 24 Jul 2003 10:31:57 -0000 1.64
+++ mod_proxy.html 24 Jul 2003 15:22:29 -0000 1.65
@@ -97,6 +97,10 @@
topics</a></h2>
<ul>
+ <li><a href="#forwardreverse">Forward and Reverse Proxies</a></li>
+
+ <li><a href="#examples">Basic Examples</a></li>
+
<li><a href="#access">Controlling access to your
proxy</a></li>
@@ -125,6 +129,89 @@
an intranet proxy server?</a></li>
</ul>
+<h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse
Proxies</a></h2>
+ <p>Apache can be configured in both a <dfn>forward</dfn> and
+ <dfn>reverse</dfn> proxy mode.</p>
+
+ <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
+ server that sits between the client and the <em>origin
+ server</em>. In order to get content from the origin server,
+ the client sends a request to the proxy naming the origin server
+ as the target and the proxy then requests the content from the
+ origin server and returns it to the client. The client must be
+ specially configured to use the forward proxy to access other
+ sites.</p>
+
+ <p>A typical usage of a forward proxy is to provide Internet
+ access to internal clients that are otherwise restricted by a
+ firewall. The forward proxy can also use caching to reduce
+ network usage.</p>
+
+ <p>The forward proxy is activated using the <code><a
+ href="#proxyrequests">ProxyRequests</a></code> directive.
+ Because forward proxys allow clients to access arbitrary sites
+ through your server and to hide their true origin, it is
+ essential that you <a href="#access">secure your server</a> so
+ that only authorized clients can access the proxy before
+ activating a forward proxy.</p>
+
+ <p>A <dfn>reverse proxy</dfn>, by contrast, appears to the
+ client just like an ordinary web server. No special
+ configuration on the client is necessary. The client makes
+ ordinary requests for content in the name-space of the reverse
+ proxy. The reverse proxy then decides where to send those
+ requests, and returns the content as if it was itself the
+ origin.</p>
+
+ <p>A typical usage of a reverse proxy is to provide Internet
+ users access to a server that is behind a firewall. Reverse
+ proxies can also be used to balance load among several back-end
+ servers, or to provide caching for a slower back-end server.
+ In addition, reverse proxies can be used simply to bring
+ several servers into the same URL space.</p>
+
+ <p>A reverse proxy is activated using the <code><a
+ href="#proxypass">ProxyPass</a></code> directive or the
+ <code>[P]</code> flag to the <code><a
+ href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code>
+ directive. It is <strong>not</strong> necessary to turn
+ <code><a href="#proxyrequests">ProxyRequests</a></code> on in
+ order to configure a reverse proxy.</p>
+
+<h2><a name="examples" id="examples">Basic Examples</a></h2>
+
+ <p>The examples below are only a very basic idea to help you
+ get started. Please read the documentation on the individual
+ directives.</p>
+
+ <h3>Forward Proxy</h3><p><code>
+ ProxyRequests On<br />
+ ProxyVia On<br />
+ <br />
+ <Directory proxy:*><br />
+
+ Order deny,allow<br />
+ Deny from all<br />
+ Allow from internal.example.com<br />
+
+ </Directory><br />
+ <br />
+ CacheRoot "/usr/local/apache/proxy"<br />
+ CacheSize 5<br />
+ CacheGcInterval 4<br />
+ CacheMaxExpire 24<br />
+ CacheLastModifiedFactor 0.1<br />
+ CacheDefaultExpire 1<br />
+ NoCache a-domain.com another-domain.edu joes.garage-sale.com
+ </code></p>
+
+ <h3>Reverse Proxy</h3><p><code>
+ ProxyRequests Off<br />
+ <br />
+ ProxyPass /foo http://foo.example.com/bar<br />
+ ProxyPassReverse /foo http://foo.example.com/bar
+ </code></p>
+
<h2><a id="access" name="access">Controlling access to your
proxy</a></h2>
You can control who can access your proxy via the normal
@@ -144,6 +231,18 @@
<p>For more information, see <a
href="mod_access.html">mod_access</a>.</p>
+ <p>Strictly limiting access is essential if you are using a
+ forward proxy (using the <code><a
+ href="#proxyrequests">ProxyRequests</a></code> directive).
+ Otherwise, your server can be used by any client to access
+ arbitrary hosts while hiding his or her true identity. This is
+ dangerous both for your network and for the Internet at large.
+ When using a reverse proxy (using the <code><a
+ href="#proxypass">ProxyPass</a></code> directive with
+ <code>ProxyRequests Off</code>), access control is less critical
+ because clients can only contact the hosts that you have
+ specifically configured.</p>
+
<h2><a id="shortname" name="shortname">Using Netscape hostname
shortcuts</a></h2>
There is an optional patch to the proxy module to allow
@@ -302,7 +401,7 @@
rel="Help"><strong>Compatibility:</strong></a> ProxyRequests is
only available in Apache 1.1 and later.
- <p>This allows or prevents Apache from functioning as a proxy
+ <p>This allows or prevents Apache from functioning as a forward proxy
server. Setting ProxyRequests to 'off' does not disable use of
the <a href="#proxypass">ProxyPass</a> directive.</p>
@@ -389,10 +488,16 @@
<pre>
ProxyPass /mirror/foo/ http://foo.com/
</pre>
- will cause a local request for the
+ <p>will cause a local request for the
<<samp>http://wibble.org/mirror/foo/bar</samp>> to be
internally converted into a proxy request to
- <<samp>http://foo.com/bar</samp>>.
+ <<samp>http://foo.com/bar</samp>>.</p>
+
+ <p><strong>Warning:</strong> The <code><a
+ href="#proxyrequests">ProxyRequests</a></code> directive should
+ usually be set <strong>off</strong> when using <code
+ class="directive">ProxyPass</code>.
+
<hr />
<h2><a id="proxypassreverse"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
