Re: Transparent proxy setup works fine, but want to confirm the settings
Could you show the configuration detail of your Transparent proxy?
I really want to test this case.
Thanks.
Pranav Desai wrote:
Hello All,
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
Just to mention, I want it to act primarily like a proxy server, so
losing/blocking all webserver functionality is also fine, as long as I
get the /server-status page. But I dont want a single url to fail the
server. So I will be fine if there is a better way to get the
transparency working while affecting the webserver.
Thanks for your time.
-- Pranav
== lots of these message in the rewrite_log ===
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
--
View this message in context:
http://www.nabble.com/Transparent-proxy-setup-works-fine%2C-but-want-to-confirm-the-settings-tp21989245p22157118.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.
Re: Transparent proxy setup works fine, but want to confirm the settings
On 14.02.2009 01:46, Pranav Desai wrote:
On Fri, Feb 13, 2009 at 1:26 AM, Graham Leggettminf...@sharp.fm wrote:
Pranav Desai wrote:
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
That would make perfect sense though, you are asking the server to send you
to the server prefixed with the host header, and when you use the hostname
of the proxy server itself, you create a loop by definition, which means...
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
...this is a sensible workaround.
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
In theory this will work as is, I am not sure whether there is an option in
the proxy to do this natively without the need for rewrite.
I checked the proxy, and there isn't anything to specifically do this,
but maybe I could have used some ReverseProxy config to get the same
behavior, but I thought RewriteRule was a bit cleaner.
If you do reverse proxy only via RewriteRule, then you end up using no
connection pool (i.e. no persistent connections) to the HTTP_HOSTs. In
case there are only few of those (or few that carry the most load), you
would better define a connection pool to them with ProxyPass. If you
want to keep your rewrite construction, you can use a URL in ProxyPass,
which you know won't really occur:
ProxyPass /does/not/exist http://most.important.host/ smax=... ...
Regards,
Rainer
Re: Transparent proxy setup works fine, but want to confirm the settings
On 02/14/2009 08:59 PM, Rainer Jung wrote: If you do reverse proxy only via RewriteRule, then you end up using no connection pool (i.e. no persistent connections) to the HTTP_HOSTs. In case there are only few of those (or few that carry the most load), you would better define a connection pool to them with ProxyPass. If you want to keep your rewrite construction, you can use a URL in ProxyPass, which you know won't really occur: ProxyPass /does/not/exist http://most.important.host/ smax=... ... He is doing forward proxying here and not reverse proxying. In order to create a pool IMHO the better approach is Proxy http://most.important.host/ ProxySet smax=... /Proxy Regards RĂ¼diger
Re: Transparent proxy setup works fine, but want to confirm the settings
On Sat, Feb 14, 2009 at 1:03 PM, Ruediger Pluem rpl...@apache.org wrote: On 02/14/2009 08:59 PM, Rainer Jung wrote: If you do reverse proxy only via RewriteRule, then you end up using no connection pool (i.e. no persistent connections) to the HTTP_HOSTs. In case there are only few of those (or few that carry the most load), you would better define a connection pool to them with ProxyPass. If you want to keep your rewrite construction, you can use a URL in ProxyPass, which you know won't really occur: ProxyPass /does/not/exist http://most.important.host/ smax=... ... He is doing forward proxying here and not reverse proxying. In order to create a pool IMHO the better approach is Proxy http://most.important.host/ ProxySet smax=... /Proxy I am confused a bit here. With the RewriteRule I mentioned earlier will I lose persistent connections for transparent proxy connections ? And the above settings in addition to the RewriteRules will help in getting persistent connections ... ? -- Pranav Regards RĂ¼diger
Re: Transparent proxy setup works fine, but want to confirm the settings
Pranav Desai wrote:
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
That would make perfect sense though, you are asking the server to send
you to the server prefixed with the host header, and when you use the
hostname of the proxy server itself, you create a loop by definition,
which means...
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
...this is a sensible workaround.
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
In theory this will work as is, I am not sure whether there is an option
in the proxy to do this natively without the need for rewrite.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Transparent proxy setup works fine, but want to confirm the settings
On Fri, Feb 13, 2009 at 1:26 AM, Graham Leggett minf...@sharp.fm wrote:
Pranav Desai wrote:
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
That would make perfect sense though, you are asking the server to send you
to the server prefixed with the host header, and when you use the hostname
of the proxy server itself, you create a loop by definition, which means...
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
...this is a sensible workaround.
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
In theory this will work as is, I am not sure whether there is an option in
the proxy to do this natively without the need for rewrite.
I checked the proxy, and there isn't anything to specifically do this,
but maybe I could have used some ReverseProxy config to get the same
behavior, but I thought RewriteRule was a bit cleaner.
-- Pranav
Regards,
Graham
--
Transparent proxy setup works fine, but want to confirm the settings
Hello All,
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
Just to mention, I want it to act primarily like a proxy server, so
losing/blocking all webserver functionality is also fine, as long as I
get the /server-status page. But I dont want a single url to fail the
server. So I will be fine if there is a better way to get the
transparency working while affecting the webserver.
Thanks for your time.
-- Pranav
== lots of these message in the rewrite_log ===
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
Re: Transparent proxy setup works fine, but want to confirm the settings
I've never used Apache as a transparent proxy I've always used squid.
On Thu, Feb 12, 2009 at 7:50 PM, Pranav Desai pranavade...@gmail.com wrote:
Hello All,
I am trying to setup Apache 2.2.9 as a transparent proxy. So that the
users don't have to configure their browsers. Now the URLs coming in
are relative for transparent proxy, so normally apache tries to look
it up on the filesystem and it obviously fails. So I added a
RewriteRule to convert the relative to absolute URLs.
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
RewriteLog logs/rewrite_log
RewriteLogLevel 5
Now, it works perfectly for all traffic expect the one that is
destined for the server itself. E.g.
http://apache_proxy_ip:port/
Whenever I access the above link, the rewrite engine loops and the
server reaches the MaxClient. I have included the log below.
So, I added some conditions to not apply the RewriteRule for HOST
destined to the server.
RewriteCond %{HTTP_HOST} !10.1.0.206.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P]
I wanted to confirm if this is the right way to do transparent proxy
or is there a better way to make it more solid ?
Just to mention, I want it to act primarily like a proxy server, so
losing/blocking all webserver functionality is also fine, as long as I
get the /server-status page. But I dont want a single url to fail the
server. So I will be fine if there is a better way to get the
transparency working while affecting the webserver.
Thanks for your time.
-- Pranav
== lots of these message in the rewrite_log ===
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.156 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite
engine with requested uri /
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern
'^/(.*)' to uri '/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond:
input='/' pattern='!^/server.
*' = matched
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -
'http://10.1.0.206:2901/'
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing
proxy-throughput with http://10.1.
0.206:2901/
10.1.0.206 - - [12/Feb/2009:17:51:09 --0800]
[10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with
proxy request proxy:http://1
0.1.0.206:2901/ [OK]
