| <?xml version="1.0"?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?> |
| <modulesynopsis> |
| |
| <name>mod_proxy</name> |
| <description>HTTP/1.1 proxy/gateway server</description> |
| <status>Extension</status> |
| <sourcefile>mod_proxy.c</sourcefile> |
| <identifier>proxy_module</identifier> |
| |
| <summary> |
| <note type="warning"><title>Warning</title> |
| This document has been updated to take into account changes |
| made in the 2.0 version of the Apache HTTP Server. Some of the |
| information may still be inaccurate, please use it |
| with care. |
| </note> |
| |
| <p>This module implements a proxy/gateway for Apache. It implements |
| proxying capability for |
| <code>FTP</code>, |
| <code>CONNECT</code> (for SSL), |
| <code>HTTP/0.9</code>, |
| <code>HTTP/1.0</code>, and |
| <code>HTTP/1.1</code>. |
| The module can be configured to connect to other proxy modules for these |
| and other protocols.</p> |
| |
| <p>This module was experimental in Apache 1.1.x. Improvements and bugfixes |
| were made in Apache v1.2.x and Apache v1.3.x, then the module underwent a major |
| overhaul for Apache v2.0. The protocol support was upgraded to HTTP/1.1, |
| and filter support was enabled.</p> |
| |
| <p>Please note that the <strong>caching</strong> function present in |
| mod_proxy up to Apache v1.3.x has been <strong>removed</strong> from |
| mod_proxy and will be incorporated into a new module, mod_cache.</p> |
| </summary> |
| |
| <section id="configs"><title>Common configuration topics</title> |
| |
| <ul> |
| <li><a href="#forwardreverse">Forward and Reverse Proxies</a></li> |
| <li><a href="#access">Controlling access to your proxy</a></li> |
| <li><a href="#shortname">Using Netscape hostname shortcuts</a></li> |
| <li><a href="#mimetypes">Why doesn't file type <em>xxx</em> download via FTP?</a></li> |
| <li><a href="#type">How can I force an FTP ASCII download of File <em>xxx</em>?</a></li> |
| <li><a href="#percent2fhack">How can I access FTP files outside of my home directory?</a></li> |
| <li><a href="#ftppass">How can I hide the FTP cleartext password in my browser's URL line?</a></li> |
| <li><a href="#startup">Why does Apache start more slowly when using the |
| proxy module?</a></li> |
| <!--<li><a href="#socks">Can I use the Apache proxy module with my SOCKS proxy?</a>--> |
| <li><a href="#intranet">What other functions are useful for an intranet proxy server?</a></li> |
| </ul> |
| |
| <section id="forwardreverse"><title>Forward and Reverse Proxies</title> |
| |
| <p>Apache can be configured in both a <em>forward</em> and <em>reverse</em> |
| proxy configuration.</p> |
| |
| <p>A <em>forward proxy</em> is an intermediate system that enables a browser to connect to a |
| remote network to which it normally does not have access. A forward proxy |
| can also be used to cache data, reducing load on the networks between the |
| forward proxy and the remote webserver.</p> |
| |
| <p>Apache's mod_proxy can be figured to behave like a forward proxy |
| using the <directive module="mod_proxy">ProxyRemote</directive> |
| directive. In addition, caching of data can be achieved by configuring |
| Apache <module>mod_cache</module>. Other dedicated forward proxy |
| packages include <a href="http://www.squid.org">Squid</a>.</p> |
| |
| <p>A <em>reverse proxy</em> is a webserver system that is capable of serving webpages |
| sourced from other webservers - in addition to webpages on disk or generated |
| dynamically by CGI - making these pages look like they originated at the |
| reverse proxy.</p> |
| |
| <p>When configured with the mod_cache module the reverse |
| proxy can act as a cache for slower backend webservers. The reverse proxy |
| can also enable advanced URL strategies and management techniques, allowing |
| webpages served using different webserver systems or architectures to |
| coexist inside the same URL space. Reverse proxy systems are also ideal for |
| implementing centralised logging websites with many or diverse website |
| backends. Complex multi-tier webserver systems can be constructed using an |
| Apache mod_proxy frontend and any number of backend webservers.</p> |
| |
| <p>The reverse proxy is configured using the |
| <directive module="mod_proxy">ProxyPass</directive> and <directive |
| module="mod_proxy">ProxyPassReverse</directive> directives. Caching can be |
| enabled using mod_cache as with the forward proxy.</p> |
| |
| </section> |
| |
| <section id="access"><title>Controlling access to your proxy</title> |
| |
| <p>You can control who can access your proxy via the normal <directive module="core" type="section">Directory</directive> |
| control block using the following example:</p> |
| |
| <example> |
| <Directory proxy:*><br /> |
| Order Deny,Allow<br /> |
| Deny from all<br /> |
| Allow from 192.168.0<br /> |
| </Directory> |
| </example> |
| |
| <p>A <directive module="core" type="section">Files</directive> block |
| will also work, and is the only method known to work for all possible |
| URLs in Apache versions earlier than 1.2b10.</p> |
| |
| <p>When configuring a reverse proxy, access control takes on the |
| attributes of the normal server <directive module="core" |
| type="section">directory</directive> configuration.</p> |
| |
| |
| <!--<h2><a name="shortname">Using Netscape hostname shortcuts</a></h2> |
| |
| There is an optional patch to the proxy module to allow Netscape-like |
| hostname shortcuts to be used. It's available from the |
| <a href="http://www.apache.org/dist/contrib/patches/1.2/netscapehost.patch" |
| ><code>contrib/patches/1.2</code></a> directory on the Apache Web |
| site.<p>--> |
| |
| </section> |
| |
| <section id="mimetypes"><title>Why doesn't file type <em>xxx</em> |
| download via FTP?</title> |
| |
| <p>You probably don't have that particular file type defined as |
| <em>application/octet-stream</em> in your proxy's mime.types configuration |
| file. A useful line can be</p> |
| |
| <example> |
| application/octet-stream bin dms lha lzh exe class tgz taz |
| </example> |
| </section> |
| |
| <section id="type"><title>How can I force an FTP ASCII download of |
| File <em>xxx</em>?</title> |
| |
| <p>In the rare situation where you must download a specific file using the FTP |
| <strong>ASCII</strong> transfer method (while the default transfer is in |
| <strong>binary</strong> mode), you can override mod_proxy's default by |
| suffixing the request with <code>;type=a</code> to force an ASCII transfer. |
| (FTP Directory listings are always executed in ASCII mode, however.)</p> |
| </section> |
| |
| <section id="percent2fhck"><title>How can I access FTP files outside |
| of my home directory?</title> |
| |
| <p> |
| An FTP URI is interpreted relative to the home directory of the user |
| who is logging in. Alas, to reach higher directory levels you cannot |
| use /../, as the dots are interpreted by the browser and not actually |
| sent to the FTP server. To address this problem, the so called "Squid |
| %2f hack" was implemented in the Apache FTP proxy; it is is a solution |
| which is also used by other popular proxy servers like the <a |
| href="http://www.squid-cache.org/">Squid Proxy Cache</a>. By |
| prepending /%2f to the path of your request, you can make such a proxy |
| change the FTP starting directory to / (instead of the home |
| directory). </p> |
| |
| <p><strong>Example:</strong> To retrieve the file |
| <code>/etc/motd</code>, you would use the URL</p> |
| <example>ftp://<em>user@host</em>/%2f/etc/motd</example> |
| </section> |
| |
| <section id="ftppass"><title>How can I hide the FTP cleartext password |
| in my browser's URL line?</title> |
| |
| <p> |
| To log in to an FTP server by username and password, Apache |
| uses different strategies. |
| In absense of a user name and password in the URL altogether, |
| Apache sends an anomymous login to the FTP server, i.e.,</p> |
| <example> |
| user: anonymous<br /> |
| password: apache_proxy@ |
| </example> |
| <p>This works for all popular FTP servers which are configured for |
| anonymous access.</p> |
| |
| <p>For a personal login with a specific username, you can embed |
| the user name into the URL, like in: |
| <code>ftp://<em>username@host</em>/myfile</code>. If the FTP server |
| asks for a password when given this username (which it should), |
| then Apache will reply with a [401 Authorization required] response, |
| which causes the Browser to pop up the username/password dialog. |
| Upon entering the password, the connection attempt is retried, |
| and if successful, the requested resource is presented. |
| The advantage of this procedure is that your browser does not |
| display the password in cleartext (which it would if you had used |
| <code>ftp://<em>username:password@host</em>/myfile</code> in |
| the first place).</p> |
| |
| <note><title>Note</title> |
| The password which is transmitted in such a way |
| is not encrypted on its way. It travels between your browser and |
| the Apache proxy server in a base64-encoded cleartext string, and |
| between the Apache proxy and the FTP server as plaintext. You should |
| therefore think twice before accessing your FTP server via HTTP |
| (or before accessing your personal files via FTP at all!) When |
| using unsecure channels, an eavesdropper might intercept your |
| password on its way. |
| </note> |
| </section> |
| |
| <section id="startup"><title>Why does Apache start more slowly when |
| using the proxy module?</title> |
| |
| <p>If you're using the <directive module="mod_proxy">ProxyBlock</directive> |
| directive, hostnames' IP addresses are looked up and cached during |
| startup for later match test. This may take a few seconds (or more) |
| depending on the speed with which the hostname lookups occur.</p> |
| </section> |
| |
| <!--<h2><a name="socks">Can I use the Apache proxy module with my SOCKS proxy?</a></h2> |
| |
| Yes. Just build Apache with the rule <code>SOCKS4=yes</code> in your |
| <em>Configuration</em> file, and follow the instructions there. SOCKS5 |
| capability can be added in a similar way (there's no <code>SOCKS5</code> |
| rule yet), so use the <code>EXTRA_LDFLAGS</code> definition, or build Apache |
| normally and run it with the <em>runsocks</em> wrapper provided with SOCKS5, |
| if your OS supports dynamically linked libraries.<p> |
| |
| Some users have reported problems when using SOCKS version 4.2 on Solaris. |
| The problem was solved by upgrading to SOCKS 4.3.<p> |
| |
| Remember that you'll also have to grant access to your Apache proxy machine by |
| permitting connections on the appropriate ports in your SOCKS daemon's |
| configuration.<p> |
| --> |
| |
| <section id="intranet"><title>What other functions are useful for an |
| intranet proxy server?</title> |
| |
| <p>An Apache proxy server situated in an intranet needs to forward |
| external requests through the company's firewall. However, when it has |
| to access resources within the intranet, it can bypass the firewall |
| when accessing hosts. The <directive |
| module="mod_proxy">NoProxy</directive> directive is useful for |
| specifying which hosts belong to the intranet and should be accessed |
| directly.</p> |
| |
| <p>Users within an intranet tend to omit the local domain name from their |
| WWW requests, thus requesting "http://somehost/" instead of |
| "http://somehost.my.dom.ain/". Some commercial proxy servers let them get |
| away with this and simply serve the request, implying a configured |
| local domain. When the <directive module="mod_proxy">ProxyDomain</directive> directive |
| is used and the server is <a href="#proxyrequests">configured for |
| proxy service</a>, Apache can return a redirect response and send the client |
| to the correct, fully qualified, server address. This is the preferred method |
| since the user's bookmark files will then contain fully qualified hosts.</p> |
| </section> |
| |
| </section> |
| |
| <directivesynopsis> |
| <name>ProxyPreserveHost</name> |
| <syntax>ProxyPreserveHost on|off</syntax> |
| <default>ProxyPreserveHost Off</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| <compatibility>Available in |
| Apache 2.0.31 and later.</compatibility> |
| |
| <usage> |
| <p>When enabled, this option will pass the Host: line from the |
| incoming request to the proxied host, instead of the hostname |
| specified in the proxypass line. |
| </p> |
| <p>This option should normally be turned 'off'.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyRequests</name> |
| <syntax>ProxyRequests on|off</syntax> |
| <default>ProxyRequests Off</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>This allows or prevents Apache from functioning as a forward proxy |
| server. (Setting ProxyRequests to 'off' does not disable use of the |
| <directive module="mod_proxy">ProxyPass</directive> directive.)</p> |
| |
| <p>In a typical reverse proxy configuration, this option should be set to |
| 'off'.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyRemote</name> |
| <syntax>ProxyRemote <em>match remote-server</em></syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>This defines remote proxies to this proxy. <em>match</em> is either the |
| name of a URL-scheme that the remote server supports, or a partial URL |
| for which the remote server should be used, or '*' to indicate the |
| server should be contacted for all requests. <em>remote-server</em> is a |
| partial URL for the remote server. Syntax:</p> |
| |
| <pre> |
| remote-server = protocol://hostname[:port] |
| </pre> |
| |
| <p><em>protocol</em> is the protocol that should be used to communicate |
| with the remote server; only "http" is supported by this module.</p> |
| |
| <p> |
| Example:</p> |
| <example> |
| ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br /> |
| ProxyRemote * http://cleversite.com<br /> |
| ProxyRemote ftp http://ftpproxy.mydomain.com:8080 |
| </example> |
| |
| <p>In the last example, the proxy will forward FTP requests, encapsulated |
| as yet another HTTP proxy request, to another proxy which can handle |
| them.</p> |
| |
| <p>This option also supports reverse proxy configuration - a backend |
| webserver can be embedded within a virtualhost URL space even if that |
| server is hidden by another forward proxy.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyPass</name> |
| <syntax>ProxyPass [<em>path</em>] !|<em>url</em></syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <!-- XXX: Need to document that the path is not used when placed in |
| a location section --> |
| <p>This directive allows remote servers to be mapped into the space of |
| the local server; the local server does not act as a proxy in the |
| conventional sense, but appears to be a mirror of the remote |
| server. <em>path</em> is the name of a local virtual path; |
| <em>url</em> is a partial URL for the remote server.</p> |
| |
| <p>Suppose the local server has address <code>http://wibble.org/</code>; |
| then</p> |
| <example> |
| ProxyPass /mirror/foo/ http://foo.com/ |
| </example> |
| <p>will cause a local request for the |
| <<code>http://wibble.org/mirror/foo/bar</code>> to be |
| internally converted into a proxy request to |
| <<code>http://foo.com/bar</code>>.</p> |
| <p> |
| The ! directive is useful in situations where you don't want to reverse-proxy |
| a subdirectory. eg.</p> |
| <example> |
| ProxyPass /mirror/foo/i !<br /> |
| ProxyPass /mirror/foo http://foo.com |
| </example> |
| <p>will proxy all requests to /mirror/foo to foo.com EXCEPT requests made to /mirror/foo/i</p> |
| |
| <note>NB: order is important. you need to put the exclusions BEFORE the general proxypass directive</note> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyPassReverse</name> |
| <syntax>ProxyPassReverse [<em>path</em>] <em>url</em></syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <!-- XXX: Need to document that the path is not used when placed in |
| a location section --> |
| <p>This directive lets Apache adjust the URL in the <code>Location</code>, |
| <code>Content-Location</code> and <code>URI</code> headers on |
| HTTP redirect responses. This is essential when Apache is used as |
| a reverse proxy to avoid by-passing the reverse proxy because of HTTP |
| redirects on the backend servers which stay behind the reverse proxy.</p> |
| |
| <p><em>path</em> is the name of a local virtual path.<br /> |
| <em>url</em> is a partial URL for the remote server - the same way they are |
| used for the <directive module="mod_proxy">ProxyPass</directive> directive.</p> |
| |
| <p> |
| Example:<br /> |
| Suppose the local server has address <code>http://wibble.org/</code>; then</p> |
| <example> |
| ProxyPass /mirror/foo/ http://foo.com/<br /> |
| ProxyPassReverse /mirror/foo/ http://foo.com/ |
| </example> |
| <p>will not only cause a local request for the |
| <<code>http://wibble.org/mirror/foo/bar</code>> to be internally |
| converted into a proxy request to <<code>http://foo.com/bar</code>> (the |
| functionality <code>ProxyPass</code> provides here). It also takes care of |
| redirects the server foo.com sends: when <code>http://foo.com/bar</code> is |
| redirected by him to <code>http://foo.com/quux</code> Apache adjusts this to |
| <code>http://wibble.org/mirror/foo/quux</code> before forwarding the HTTP |
| redirect response to the client. </p> |
| <p> |
| Note that this <directive>ProxyPassReverse</directive> directive can |
| also be used in conjunction with the proxy pass-through feature |
| ("<code>RewriteRule ... [P]</code>") from |
| <module>mod_rewrite</module> because its doesn't depend on a |
| corresponding <directive module="mod_proxy">ProxyPass</directive> |
| directive.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AllowCONNECT</name> |
| <syntax>AllowCONNECT <em>port</em> [<em>port</em>] ...</syntax> |
| <default>AllowCONNECT 443 563</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>The <directive>AllowCONNECT</directive> directive specifies a list |
| of port numbers to which the proxy <code>CONNECT</code> method may |
| connect. Today's browsers use this method when a <em>https</em> |
| connection is requested and proxy tunneling over <em>http</em> is in |
| effect.<br /> By default, only the default https port (443) and the |
| default snews port (563) are enabled. Use the |
| <directive>AllowCONNECT</directive> directive to overrride this default and |
| allow connections to the listed ports only.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyBlock</name> |
| <syntax>ProxyBlock *|<em>word|host|domain</em> |
| [<em>word|host|domain</em>] ...</syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>The <directive>ProxyBlock</directive> directive specifies a list of |
| words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and |
| FTP document requests to sites whose names contain matched words, |
| hosts or domains are <em>blocked</em> by the proxy server. The proxy |
| module will also attempt to determine IP addresses of list items which |
| may be hostnames during startup, and cache them for match test as |
| well. Example:</p> |
| |
| <example> |
| ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu |
| </example> |
| |
| <p>'rocky.wotsamattau.edu' would also be matched if referenced by IP |
| address.</p> |
| |
| <p>Note that 'wotsamattau' would also be sufficient to match |
| 'wotsamattau.edu'.</p> |
| |
| <p>Note also that</p> |
| |
| <example> |
| ProxyBlock * |
| </example> |
| |
| <p>blocks connections to all sites.</p> |
| |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyReceiveBufferSize</name> |
| <syntax>ProxyReceiveBufferSize <em>bytes</em></syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>The <directive>ProxyReceiveBufferSize</directive> directive |
| specifies an explicit network buffer size for outgoing HTTP and FTP |
| connections, for increased throughput. It has to be greater than 512 |
| or set to 0 to indicate that the system's default buffer size should |
| be used.</p> |
| <example><title>Example</title> |
| ProxyReceiveBufferSize 2048 |
| </example> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyMaxForwards</name> |
| <syntax>ProxyMaxForwards <em>number</em></syntax> |
| <default>ProxyMaxForwards 10</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| <compatibility>Available in Apache 2.0 and later</compatibility> |
| |
| <usage> |
| <p>The <directive>ProxyMaxForwards</directive> directive specifies the |
| maximum number of proxies through which a request may pass. This is |
| set to prevent infinite proxy loops, or a DoS attack.</p> |
| |
| <example><title>Example</title> |
| ProxyMaxForwards 10 |
| </example> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>NoProxy</name> |
| <syntax>NoProxy |
| <em>Domain</em>| |
| <em>SubNet</em>| |
| <em>IpAddr</em>| |
| <em>Hostname</em> |
| [<em>Domain</em>| |
| <em>SubNet</em>| |
| <em>IpAddr</em>| |
| <em>Hostname</em>] ...</syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>This directive is only useful for Apache proxy servers within |
| intranets. The <directive>NoProxy</directive> directive specifies a |
| list of subnets, IP addresses, hosts and/or domains, separated by |
| spaces. A request to a host which matches one or more of these is |
| always served directly, without forwarding to the configured |
| <directive module="mod_proxy">ProxyRemote</directive> proxy server(s).</p> |
| |
| <example><title>Example</title> |
| ProxyRemote * http://firewall.mycompany.com:81<br /> |
| NoProxy .mycompany.com 192.168.112.0/21 |
| </example> |
| |
| <p>The arguments to the NoProxy directive are one of the following type list:</p> |
| <dl> |
| <!-- ===================== Domain ======================= --> |
| <dt><a name="domain"> |
| <em>Domain</em></a></dt> |
| <dd>A <em>Domain</em> is a partially qualified DNS domain name, preceded |
| by a period. |
| It represents a list of hosts which logically belong to the same DNS |
| domain or zone (<em>i.e.</em>, the suffixes of the hostnames are all ending in |
| <em>Domain</em>).<br /> |
| Examples: <code>.com</code> <code>.apache.org.</code><br /> |
| To distinguish <em>Domain</em>s from <a href="#hostname"><em>Hostname</em></a>s (both |
| syntactically and semantically; a DNS domain can have a DNS A record, |
| too!), <em>Domain</em>s are always written |
| with a leading period.<br /> |
| Note: Domain name comparisons are done without regard to the case, |
| and <em>Domain</em>s are always assumed to be anchored in the root |
| of the DNS tree, therefore two domains <code>.MyDomain.com</code> and |
| <code>.mydomain.com.</code> (note the trailing period) are |
| considered equal. Since a domain comparison does not involve a DNS |
| lookup, it is much more efficient than subnet comparison.</dd> |
| |
| <!-- ===================== SubNet ======================= --> |
| <dt><a name="subnet"> |
| <em>SubNet</em></a></dt> |
| <dd>A <em>SubNet</em> is a partially qualified internet address in |
| numeric (dotted quad) form, optionally followed by a slash and the |
| netmask, specified as the number of significant bits in the |
| <em>SubNet</em>. It is used to represent a subnet of hosts which can |
| be reached over a common network interface. In the absence of the |
| explicit net mask it is assumed that omitted (or zero valued) |
| trailing digits specify the mask. (In this case, the netmask can |
| only be multiples of 8 bits wide.)<br /> |
| Examples: |
| <dl> |
| <dt><code>192.168</code> or <code>192.168.0.0</code></dt> |
| <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits |
| (sometimes used in the netmask form <code>255.255.0.0</code>)</dd> |
| <dt><code>192.168.112.0/21</code></dt> |
| <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21 |
| valid bits (also used in the form 255.255.248.0)</dd> |
| </dl> |
| As a degenerate case, a <em>SubNet</em> with 32 valid bits is the |
| equivalent to an <em>IPAddr</em>, while a <em>SubNet</em> with zero |
| valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant |
| <em>_Default_</em>, matching any IP address. </dd> |
| |
| <!-- ===================== IPAddr ======================= --> |
| <dt><a name="ipaddr"> |
| <em>IPAddr</em></a></dt> |
| <dd>A <em>IPAddr</em> represents a fully qualified internet address in |
| numeric (dotted quad) form. Usually, this address represents a |
| host, but there need not necessarily be a DNS domain name |
| connected with the address.<br /> |
| Example: 192.168.123.7<br /> |
| Note: An <em>IPAddr</em> does not need to be resolved by the DNS |
| system, so it can result in more effective apache performance.</dd> |
| |
| <!-- ===================== Hostname ======================= --> |
| <dt><a name="hostname"> |
| <em>Hostname</em></a></dt> |
| <dd>A <em>Hostname</em> is a fully qualified DNS domain name which can |
| be resolved to one or more <a |
| href="#ipaddr"><em>IPAddrs</em></a> via the DNS domain name service. |
| It represents a logical host (in contrast to |
| <a href="#domain"><em>Domain</em></a>s, see |
| above) and must be resolvable to at least one <a |
| href="#ipaddr"><em>IPAddr</em></a> (or often to a list of hosts |
| with different <a href="#ipaddr"><em>IPAddr</em></a>'s).<br /> |
| Examples: <code>prep.ai.mit.edu</code> |
| <code>www.apache.org.</code><br /> |
| Note: In many situations, it is more effective to specify an |
| <a href="#ipaddr"><em>IPAddr</em></a> in place of a |
| <em>Hostname</em> since a DNS lookup |
| can be avoided. Name resolution in Apache can take a remarkable deal |
| of time when the connection to the name server uses a slow PPP |
| link.<br /> |
| Note: <em>Hostname</em> comparisons are done without regard to the case, |
| and <em>Hostname</em>s are always assumed to be anchored in the root |
| of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code> |
| and <code>www.mydomain.com.</code> (note the trailing period) are |
| considered equal.</dd> |
| </dl> |
| </usage> |
| <seealso><a href="../dns-caveats.html">DNS Issues</a></seealso> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyTimeout</name> |
| <syntax>ProxyTimeout <em>seconds</em></syntax> |
| <default>ProxyTimeout 300</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| <compatibility>Available in |
| Apache 2.0.31 and later</compatibility> |
| |
| <usage> |
| <p>This directive allows a user to specifiy a timeout on proxy requests. |
| This is usefull when you have a slow/buggy appserver which hangs, |
| and you would rather just return a timeout and fail gracefully instead |
| of waiting however long it takes the server to return |
| </p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyDomain</name> |
| <syntax>ProxyDomain <em>Domain</em></syntax> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>This directive is only useful for Apache proxy servers within |
| intranets. The <directive>ProxyDomain</directive> directive specifies |
| the default domain which the apache proxy server will belong to. If a |
| request to a host without a domain name is encountered, a redirection |
| response to the same host with the configured <em>Domain</em> appended |
| will be generated.</p> |
| |
| <example><title>Example</title> |
| ProxyRemote * http://firewall.mycompany.com:81<br /> |
| NoProxy .mycompany.com 192.168.112.0/21<br /> |
| ProxyDomain .mycompany.com |
| </example> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyVia</name> |
| <syntax>ProxyVia on|off|full|block</syntax> |
| <default>ProxyVia off</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| |
| <usage> |
| <p>This directive controls the use of the <code>Via:</code> HTTP |
| header by the proxy. Its intended use is to control the flow of of |
| proxy requests along a chain of proxy servers. See RFC2068 (HTTP/1.1) |
| for an explanation of <code>Via:</code> header lines.</p> |
| |
| <ul> <li>If set |
| to <em>off</em>, which is the default, no special processing is |
| performed. If a request or reply contains a <code>Via:</code> header, |
| it is passed through unchanged.</li> |
| |
| <li>If set to <em>on</em>, each |
| request and reply will get a <code>Via:</code> header line added for |
| the current host.</li> |
| |
| <li>If set to <em>full</em>, each generated <code>Via:</code> header |
| line will additionally have the Apache server version shown as a |
| <code>Via:</code> comment field.</li> |
| |
| <li>If set to <em>block</em>, every |
| proxy request will have all its <code>Via:</code> header lines |
| removed. No new <code>Via:</code> header will be generated.</li> |
| </ul> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>ProxyErrorOverride</name> |
| <syntax>ProxyErrorOverride On|Off</syntax> |
| <default>ProxyErrorOverride Off</default> |
| <contextlist><context>server config</context> |
| <context>virtual host</context> |
| </contextlist> |
| <compatibility>Available in version 2.0 and later</compatibility> |
| |
| <usage> |
| <p>This directive is useful for reverse-proxy setups, where you want to |
| have a common look and feel on the error pages seen by the end user. |
| This also allows for included files (via mod_include's SSI) to get |
| the error code and act accordingly (default behavior would display |
| the error page of the proxied server, turning this on shows the SSI |
| Error message).</p> |
| </usage> |
| </directivesynopsis> |
| </modulesynopsis> |