mirror of
				https://github.com/apache/httpd.git
				synced 2025-10-24 10:53:08 +03:00 
			
		
		
		
	for reverse proxying with much more flexibility. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95559 13f79535-47bb-0310-9956-ffa450edef68
		
			
				
	
	
		
			618 lines
		
	
	
		
			47 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			618 lines
		
	
	
		
			47 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| <html xmlns="http://www.w3.org/TR/xhtml1/strict"><head><!-- 
 | |
|           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 | |
|                 This file is generated from xml source: DO NOT EDIT
 | |
|           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 | |
|         --><title>mod_proxy- Apache HTTP Server</title><link href="../style/manual.css" type="text/css" rel="stylesheet"/></head><body><blockquote><div align="center"><img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]"/><h3>Apache HTTP Server Version 2.0</h3></div><h1 align="center">Apache Module mod_proxy</h1><table cellspacing="1" cellpadding="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td valign="top"><span class="help">Description:</span></td><td>HTTP/1.1 proxy/gateway server</td></tr><tr><td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</a></td><td>proxy_module</td></tr></table></td></tr></table><h2>Summary</h2>
 | |
| <blockquote><table><tr><td bgcolor="#ffe5f5"><p align="center"><strong>Warning</strong></p>
 | |
| This document has been updated to take into account changes
 | |
| made in the 2.0 version of the Apache HTTP Server.  Some of the
 | |
| information may still be inaccurate, please use it
 | |
| with care.
 | |
| </td></tr></table></blockquote>
 | |
| 
 | |
| <p>This module implements a proxy/gateway for Apache. It implements
 | |
| proxying capability for
 | |
| <code>FTP</code>,
 | |
| <code>CONNECT</code> (for SSL),
 | |
| <code>HTTP/0.9</code>,
 | |
| <code>HTTP/1.0</code>, and
 | |
| <code>HTTP/1.1</code>.
 | |
| The module can be configured to connect to other proxy modules for these
 | |
| and other protocols.</p>
 | |
| 
 | |
| <p>This module was experimental in Apache 1.1.x. Improvements and bugfixes
 | |
| were made in Apache v1.2.x and Apache v1.3.x, then the module underwent a major
 | |
| overhaul for Apache v2.0. The protocol support was upgraded to HTTP/1.1,
 | |
| and filter support was enabled.</p>
 | |
| 
 | |
| <p>Please note that the <strong>caching</strong> function present in
 | |
| mod_proxy up to Apache v1.3.x has been <strong>removed</strong> from
 | |
| mod_proxy and will be incorporated into a new module, mod_cache.</p>
 | |
| 
 | |
| <blockquote><table><tr><td bgcolor="#ffe5f5"><p>Do not enable proxying with <a href="#proxyrequests" class="directive"><code class="directive">ProxyRequests</code></a> until you have 
 | |
| <a href="#access">secured your server</a>.  Open proxy servers are
 | |
| dangerous both to your network and to the Internet at large.</p></td></tr></table></blockquote>
 | |
| 
 | |
| 
 | |
| <h2>Directives</h2><ul><li><a href="#allowconnect">AllowCONNECT</a></li><li><a href="#noproxy">NoProxy</a></li><li><a href="#proxy">Proxy</a></li><li><a href="#proxyblock">ProxyBlock</a></li><li><a href="#proxydomain">ProxyDomain</a></li><li><a href="#proxyerroroverride">ProxyErrorOverride</a></li><li><a href="#proxyiobuffersize">ProxyIOBufferSize</a></li><li><a href="#proxymatch">ProxyMatch</a></li><li><a href="#proxymaxforwards">ProxyMaxForwards</a></li><li><a href="#proxypass">ProxyPass</a></li><li><a href="#proxypassreverse">ProxyPassReverse</a></li><li><a href="#proxypreservehost">ProxyPreserveHost</a></li><li><a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li><li><a href="#proxyremote">ProxyRemote</a></li><li><a href="#proxyremotematch">ProxyRemoteMatch</a></li><li><a href="#proxyrequests">ProxyRequests</a></li><li><a href="#proxytimeout">ProxyTimeout</a></li><li><a href="#proxyvia">ProxyVia</a></li></ul><h2><a name="configs">Common configuration topics</a></h2>
 | |
| 
 | |
| <ul>
 | |
| <li><a href="#forwardreverse">Forward and Reverse Proxies</a></li>
 | |
| <li><a href="#access">Controlling access to your proxy</a></li>
 | |
| <li><a href="#shortname">Using Netscape hostname shortcuts</a></li>
 | |
| <li><a href="#mimetypes">Why doesn't file type <em>xxx</em> download via FTP?</a></li>
 | |
| <li><a href="#type">How can I force an FTP ASCII download of File <em>xxx</em>?</a></li>
 | |
| <li><a href="#percent2fhack">How can I access FTP files outside of my home directory?</a></li>
 | |
| <li><a href="#ftppass">How can I hide the FTP cleartext password in my browser's URL line?</a></li>
 | |
| <li><a href="#startup">Why does Apache start more slowly when using the
 | |
|         proxy module?</a></li>
 | |
| 
 | |
| <li><a href="#intranet">What other functions are useful for an intranet proxy server?</a></li>
 | |
| <li><a href="#envsettings">How can I make the proxy talk HTTP/1.0 and disable keepalives?</a></li>
 | |
| </ul>
 | |
| 
 | |
| <h3><a name="forwardreverse">Forward and Reverse Proxies</a></h3>
 | |
| 
 | |
| <p>Apache can be configured in both a <em>forward</em> and <em>reverse</em>
 | |
| proxy configuration.</p>
 | |
| 
 | |
| <p>A <em>forward proxy</em> is an intermediate system that enables a browser to connect to a
 | |
| remote network to which it normally does not have access. A forward proxy
 | |
| can also be used to cache data, reducing load on the networks between the
 | |
| forward proxy and the remote webserver.</p>
 | |
| 
 | |
| <p>Apache's mod_proxy can be figured to behave like a forward proxy
 | |
| using the <a href="#proxyremote" class="directive"><code class="directive">ProxyRemote</code></a>
 | |
| directive. In addition, caching of data can be achieved by configuring
 | |
| Apache <code><a href="mod_cache.html">mod_cache</a></code>. Other dedicated forward proxy
 | |
| packages include <a href="http://www.squid.org">Squid</a>.</p>
 | |
| 
 | |
| <p>A <em>reverse proxy</em> is a webserver system that is capable of serving webpages
 | |
| sourced from other webservers - in addition to webpages on disk or generated
 | |
| dynamically by CGI - making these pages look like they originated at the
 | |
| reverse proxy.</p>
 | |
| 
 | |
| <p>When configured with the mod_cache module the reverse
 | |
| proxy can act as a cache for slower backend webservers. The reverse proxy
 | |
| can also enable advanced URL strategies and management techniques, allowing
 | |
| webpages served using different webserver systems or architectures to
 | |
| coexist inside the same URL space. Reverse proxy systems are also ideal for
 | |
| implementing centralised logging websites with many or diverse website
 | |
| backends. Complex multi-tier webserver systems can be constructed using an
 | |
| Apache mod_proxy frontend and any number of backend webservers.</p>
 | |
| 
 | |
| <p>The reverse proxy is configured using the
 | |
| <a href="#proxypass" class="directive"><code class="directive">ProxyPass</code></a> and <a href="#proxypassreverse" class="directive"><code class="directive">ProxyPassReverse</code></a> directives. Caching can be
 | |
| enabled using mod_cache as with the forward proxy.</p>
 | |
| 
 | |
| 
 | |
| 
 | |
| <h3><a name="access">Controlling access to your proxy</a></h3>
 | |
| 
 | |
| <p>You can control who can access your proxy via the 
 | |
| <a href="#proxy" class="directive"><code class="directive"><Proxy></code></a>
 | |
| control block using the following example:</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| <Proxy *><br>
 | |
| Order Deny,Allow<br>
 | |
| Deny from all<br>
 | |
| Allow from 192.168.0<br>
 | |
| </Proxy>
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>When configuring a reverse proxy, access control takes on the
 | |
| attributes of the normal server <a href="core.html#directory" class="directive"><code class="directive"><directory></code></a> configuration.</p>
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| <h3><a name="mimetypes">Why doesn't file type <em>xxx</em>
 | |
| download via FTP?</a></h3>
 | |
| 
 | |
| <p>You probably don't have that particular file type defined as
 | |
| <em>application/octet-stream</em> in your proxy's mime.types configuration
 | |
| file. A useful line can be</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| application/octet-stream        bin dms lha lzh exe class tgz taz
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| 
 | |
| <h3><a name="type">How can I force an FTP ASCII download of
 | |
| File <em>xxx</em>?</a></h3>
 | |
| 
 | |
| <p>In the rare situation where you must download a specific file using the FTP
 | |
| <strong>ASCII</strong> transfer method (while the default transfer is in
 | |
| <strong>binary</strong> mode), you can override mod_proxy's default by
 | |
| suffixing the request with <code>;type=a</code> to force an ASCII transfer.
 | |
| (FTP Directory listings are always executed in ASCII mode, however.)</p>
 | |
| 
 | |
| 
 | |
| <h3><a name="percent2fhck">How can I access FTP files outside
 | |
| of my home directory?</a></h3>
 | |
| 
 | |
| <p>
 | |
| An FTP URI is interpreted relative to the home directory of the user
 | |
| who is logging in. Alas, to reach higher directory levels you cannot
 | |
| use /../, as the dots are interpreted by the browser and not actually
 | |
| sent to the FTP server. To address this problem, the so called "Squid
 | |
| %2f hack" was implemented in the Apache FTP proxy; it is is a solution
 | |
| which is also used by other popular proxy servers like the <a href="http://www.squid-cache.org/">Squid Proxy Cache</a>.  By
 | |
| prepending /%2f to the path of your request, you can make such a proxy
 | |
| change the FTP starting directory to / (instead of the home
 | |
| directory). </p> 
 | |
| 
 | |
| <p><strong>Example:</strong> To retrieve the file
 | |
| <code>/etc/motd</code>, you would use the URL</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>ftp://<em>user@host</em>/%2f/etc/motd</code></td></tr></table></blockquote>
 | |
| 
 | |
| 
 | |
| <h3><a name="ftppass">How can I hide the FTP cleartext password
 | |
| in my browser's URL line?</a></h3>
 | |
| 
 | |
| <p>
 | |
| To log in to an FTP server by username and password, Apache
 | |
| uses different strategies.
 | |
| In absense of a user name and password in the URL altogether,
 | |
| Apache sends an anomymous login to the FTP server, i.e.,</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| user: anonymous<br>
 | |
| password: apache_proxy@
 | |
| </code></td></tr></table></blockquote>
 | |
| <p>This works for all popular FTP servers which are configured for
 | |
| anonymous access.</p>
 | |
| 
 | |
| <p>For a personal login with a specific username, you can embed
 | |
| the user name into the URL, like in:
 | |
| <code>ftp://<em>username@host</em>/myfile</code>. If the FTP server
 | |
| asks for a password when given this username (which it should),
 | |
| then Apache will reply with a [401 Authorization required] response,
 | |
| which causes the Browser to pop up the username/password dialog.
 | |
| Upon entering the password, the connection attempt is retried,
 | |
| and if successful, the requested resource is presented.
 | |
| The advantage of this procedure is that your browser does not
 | |
| display the password in cleartext (which it would if you had used
 | |
| <code>ftp://<em>username:password@host</em>/myfile</code> in
 | |
| the first place).</p>
 | |
| 
 | |
| <blockquote><table><tr><td bgcolor="#e0e5f5"><p align="center"><strong>Note</strong></p>
 | |
| The password which is transmitted in such a way
 | |
| is not encrypted on its way. It travels between your browser and
 | |
| the Apache proxy server in a base64-encoded cleartext string, and
 | |
| between the Apache proxy and the FTP server as plaintext. You should
 | |
| therefore think twice before accessing your FTP server via HTTP
 | |
| (or before accessing your personal files via FTP at all!) When
 | |
| using unsecure channels, an eavesdropper might intercept your
 | |
| password on its way.
 | |
| </td></tr></table></blockquote>
 | |
| 
 | |
| 
 | |
| <h3><a name="startup">Why does Apache start more slowly when
 | |
| using the proxy module?</a></h3>
 | |
| 
 | |
| <p>If you're using the <a href="#proxyblock" class="directive"><code class="directive">ProxyBlock</code></a>
 | |
| directive, hostnames' IP addresses are looked up and cached during
 | |
| startup for later match test. This may take a few seconds (or more)
 | |
| depending on the speed with which the hostname lookups occur.</p>
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| <h3><a name="intranet">What other functions are useful for an
 | |
| intranet proxy server?</a></h3>
 | |
| 
 | |
| <p>An Apache proxy server situated in an intranet needs to forward
 | |
| external requests through the company's firewall. However, when it has
 | |
| to access resources within the intranet, it can bypass the firewall
 | |
| when accessing hosts. The <a href="#noproxy" class="directive"><code class="directive">NoProxy</code></a> directive is useful for
 | |
| specifying which hosts belong to the intranet and should be accessed
 | |
| directly.</p>
 | |
| 
 | |
| <p>Users within an intranet tend to omit the local domain name from their
 | |
| WWW requests, thus requesting "http://somehost/" instead of
 | |
| "http://somehost.my.dom.ain/". Some commercial proxy servers let them get
 | |
| away with this and simply serve the request, implying a configured
 | |
| local domain. When the <a href="#proxydomain" class="directive"><code class="directive">ProxyDomain</code></a> directive
 | |
| is used and the server is <a href="#proxyrequests">configured for
 | |
| proxy service</a>, Apache can return a redirect response and send the client
 | |
| to the correct, fully qualified, server address. This is the preferred method
 | |
| since the user's bookmark files will then contain fully qualified hosts.</p>
 | |
| 
 | |
| <h3><a name="envsettings">How can I make the proxy talk HTTP/1.0 and 
 | |
| disable keepalives?</a></h3>
 | |
| 
 | |
| <p>For circumstances where you have a application server which doesn't implement
 | |
| keepalives or HTTP/1.1 properly, there are 2 environment variables which when
 | |
| set send a HTTP/1.0 with no keepalive. These are set via the  <a href="mod_env.html#setenv" class="directive"><code class="directive">SetEnv</code></a> directive.</p>
 | |
| <p>These are the 'force-proxy-request-1.0' and 'proxy-nokeepalive' notes.</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| <location /buggyappserver/ ><br>
 | |
| ProxyPass http://buggyappserver:7001/foo/<br>
 | |
| SetEnv force-proxy-request-1.0 1<br>
 | |
| SetEnv proxy-nokeepalive 1<br>
 | |
| </location>
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| 
 | |
| 
 | |
| <hr/><h2><a name="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Ports that are allowed to CONNECT through
 | |
| the proxy</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AllowCONNECT <em>port</em> [<em>port</em>] ...</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AllowCONNECT 443 563</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive">AllowCONNECT</code> directive specifies a list
 | |
| of port numbers to which the proxy <code>CONNECT</code> method may
 | |
| connect.  Today's browsers use this method when a <em>https</em>
 | |
| connection is requested and proxy tunneling over <em>http</em> is in
 | |
| effect.<br> By default, only the default https port (443) and the
 | |
| default snews port (563) are enabled. Use the
 | |
| <code class="directive">AllowCONNECT</code> directive to overrride this default and
 | |
| allow connections to the listed ports only.</p>
 | |
| <hr/><h2><a name="NoProxy">NoProxy</a> <a name="noproxy">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Hosts, domains, or networks that will be connected
 | |
| to directly</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>NoProxy 
 | |
|  <em>Domain</em>|
 | |
|  <em>SubNet</em>|
 | |
|  <em>IpAddr</em>| 
 | |
|  <em>Hostname</em>
 | |
| [<em>Domain</em>| 
 | |
|  <em>SubNet</em>|
 | |
|  <em>IpAddr</em>| 
 | |
|  <em>Hostname</em>] ...</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This directive is only useful for Apache proxy servers within
 | |
| intranets.  The <code class="directive">NoProxy</code> directive specifies a
 | |
| list of subnets, IP addresses, hosts and/or domains, separated by
 | |
| spaces. A request to a host which matches one or more of these is
 | |
| always served directly, without forwarding to the configured
 | |
| <a href="#proxyremote" class="directive"><code class="directive">ProxyRemote</code></a> proxy server(s).</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><p align="center"><strong>Example</strong></p><code>
 | |
|   ProxyRemote  *  http://firewall.mycompany.com:81<br>
 | |
|   NoProxy         .mycompany.com 192.168.112.0/21 
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>The arguments to the NoProxy directive are one of the following type list:</p>
 | |
|    <dl>
 | |
|     
 | |
|     <dt><a name="domain">
 | |
|     <em>Domain</em></a></dt>
 | |
|     <dd>A <em>Domain</em> is a partially qualified DNS domain name, preceded
 | |
|         by a period.
 | |
|         It represents a list of hosts which logically belong to the same DNS
 | |
|         domain or zone (<em>i.e.</em>, the suffixes of the hostnames are all ending in 
 | |
|         <em>Domain</em>).<br>
 | |
| 		Examples: <code>.com</code>   <code>.apache.org.</code><br>
 | |
|         To distinguish <em>Domain</em>s from <a href="#hostname"><em>Hostname</em></a>s (both
 | |
|         syntactically and semantically; a DNS domain can have a DNS A record,
 | |
|         too!), <em>Domain</em>s are always written
 | |
|         with a leading period.<br>
 | |
|         Note: Domain name comparisons are done without regard to the case,
 | |
|         and <em>Domain</em>s are always assumed to be anchored in the root 
 | |
|         of the DNS tree, therefore two domains <code>.MyDomain.com</code> and
 | |
|         <code>.mydomain.com.</code> (note the trailing period) are
 | |
|         considered equal. Since a domain comparison does not involve a DNS
 | |
| 	lookup, it is much more efficient than subnet comparison.</dd>
 | |
| 
 | |
|     
 | |
|     <dt><a name="subnet">
 | |
|     <em>SubNet</em></a></dt>
 | |
|     <dd>A <em>SubNet</em> is a partially qualified internet address in
 | |
|         numeric (dotted quad) form, optionally followed by a slash and the
 | |
|         netmask, specified as the number of significant bits in the
 | |
|         <em>SubNet</em>. It is used to represent a subnet of hosts which can
 | |
|         be reached over a common network interface. In the absence of the
 | |
|         explicit net mask it is assumed that omitted (or zero valued)
 | |
|         trailing digits specify the mask. (In this case, the netmask can
 | |
|         only be multiples of 8 bits wide.)<br>
 | |
|         Examples:
 | |
|         <dl>
 | |
|          <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
 | |
|          <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
 | |
|              (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
 | |
|          <dt><code>192.168.112.0/21</code></dt>
 | |
|          <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
 | |
|              valid bits (also used in the form 255.255.248.0)</dd>
 | |
|         </dl>
 | |
| 	As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
 | |
|         equivalent to an <em>IPAddr</em>, while a <em>SubNet</em> with zero
 | |
|         valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
 | |
|         <em>_Default_</em>, matching any IP address. </dd>
 | |
| 
 | |
|     
 | |
|     <dt><a name="ipaddr">
 | |
|     <em>IPAddr</em></a></dt>
 | |
|     <dd>A <em>IPAddr</em> represents a fully qualified internet address in
 | |
|         numeric (dotted quad) form. Usually, this address represents a
 | |
|         host, but there need not necessarily be a DNS domain name
 | |
|         connected with the address.<br>
 | |
| 		Example: 192.168.123.7<br>
 | |
|         Note: An <em>IPAddr</em> does not need to be resolved by the DNS
 | |
| 	system, so it can result in more effective apache performance.</dd>
 | |
| 
 | |
|     
 | |
|     <dt><a name="hostname">
 | |
|     <em>Hostname</em></a></dt>
 | |
|     <dd>A <em>Hostname</em> is a fully qualified DNS domain name which can
 | |
|         be resolved to one or more <a href="#ipaddr"><em>IPAddrs</em></a> via the DNS domain name service. 
 | |
|         It represents a logical host (in contrast to
 | |
| 	<a href="#domain"><em>Domain</em></a>s, see 
 | |
|         above) and must be resolvable to at least one <a href="#ipaddr"><em>IPAddr</em></a> (or often to a list of hosts
 | |
| 	with different <a href="#ipaddr"><em>IPAddr</em></a>'s).<br> 
 | |
| 		Examples: <code>prep.ai.mit.edu</code>
 | |
|                   <code>www.apache.org.</code><br>
 | |
|         Note: In many situations, it is more effective to specify an
 | |
|         <a href="#ipaddr"><em>IPAddr</em></a> in place of a
 | |
| 	<em>Hostname</em> since a DNS lookup 
 | |
|         can be avoided. Name resolution in Apache can take a remarkable deal
 | |
|         of time when the connection to the name server uses a slow PPP
 | |
|         link.<br>
 | |
|         Note: <em>Hostname</em> comparisons are done without regard to the case,
 | |
|         and <em>Hostname</em>s are always assumed to be anchored in the root
 | |
|         of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
 | |
|         and <code>www.mydomain.com.</code> (note the trailing period) are
 | |
|         considered equal.</dd>
 | |
| </dl>
 | |
| <p><strong>See also </strong></p><ul><li><a href="../dns-caveats.html">DNS Issues</a></li></ul><hr/><h2><a name="Proxy"><Proxy></a> <a name="proxy">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Container for directives applied to proxied 
 | |
| resources</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td><Proxy <em>wildcard-url</em>> ...</Proxy></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>Directives placed in <code class="directive"><Proxy></code>
 | |
| sections apply only to matching proxied content.  Shell-style
 | |
| wildcards are allowed.</p>
 | |
| 
 | |
| <p>For example, the following will allow only hosts in
 | |
| <code>yournetwork.example.com</code> to access content via your
 | |
| proxy server:</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| <Proxy *><br>
 | |
|   Order Deny,Allow<br>
 | |
|   Deny from all<br>
 | |
|   Allow from yournetwork.example.com<br>
 | |
| </Proxy>
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>The following example will process all files in the
 | |
| <code>foo</code> directory of <code>example.com</code> through the
 | |
| <code>INCLUDES</code> filter when they are sent through the proxy
 | |
| server:</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| <Proxy http://example.com/foo/*><br>
 | |
|   SetOutputFilter INCLUDES<br>
 | |
| </Proxy>
 | |
| </code></td></tr></table></blockquote>
 | |
| <hr/><h2><a name="ProxyBlock">ProxyBlock</a> <a name="proxyblock">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Words, hosts, or domains that are banned from being
 | |
| proxied</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyBlock *|<em>word|host|domain</em>
 | |
| [<em>word|host|domain</em>] ...</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive">ProxyBlock</code> directive specifies a list of
 | |
| words, hosts and/or domains, separated by spaces.  HTTP, HTTPS, and
 | |
| FTP document requests to sites whose names contain matched words,
 | |
| hosts or domains are <em>blocked</em> by the proxy server. The proxy
 | |
| module will also attempt to determine IP addresses of list items which
 | |
| may be hostnames during startup, and cache them for match test as
 | |
| well. Example:</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|   ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>'rocky.wotsamattau.edu' would also be matched if referenced by IP
 | |
| address.</p>
 | |
| 
 | |
| <p>Note that 'wotsamattau' would also be sufficient to match
 | |
| 'wotsamattau.edu'.</p>
 | |
| 
 | |
| <p>Note also that</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
| ProxyBlock *
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>blocks connections to all sites.</p>
 | |
| 
 | |
| <hr/><h2><a name="ProxyDomain">ProxyDomain</a> <a name="proxydomain">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Default domain name for proxied requests</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyDomain <em>Domain</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This directive is only useful for Apache proxy servers within
 | |
| intranets.  The <code class="directive">ProxyDomain</code> directive specifies
 | |
| the default domain which the apache proxy server will belong to. If a
 | |
| request to a host without a domain name is encountered, a redirection
 | |
| response to the same host with the configured <em>Domain</em> appended
 | |
| will be generated.</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><p align="center"><strong>Example</strong></p><code>
 | |
|   ProxyRemote  *  http://firewall.mycompany.com:81<br>
 | |
|   NoProxy         .mycompany.com 192.168.112.0/21<br>
 | |
|   ProxyDomain     .mycompany.com
 | |
| </code></td></tr></table></blockquote>
 | |
| <hr/><h2><a name="ProxyErrorOverride">ProxyErrorOverride</a> <a name="proxyerroroverride">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Override error pages for proxied content</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyErrorOverride On|Off</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyErrorOverride Off</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr><tr><td nowrap="nowrap" align="left" valign="top"><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in version 2.0 and later</td></tr></table></td></tr></table>
 | |
| <p>This directive is useful for reverse-proxy setups, where you want to 
 | |
| have a common look and feel on the error pages seen by the end user. 
 | |
| This also allows for included files (via mod_include's SSI) to get
 | |
| the error code and act accordingly (default behavior would display
 | |
| the error page of the proxied server, turning this on shows the SSI
 | |
| Error message).</p>
 | |
| <hr/><h2><a name="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>IO buffer size for outgoing HTTP and FTP 
 | |
| connections</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyIOBufferSize <em>bytes</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| 
 | |
| <hr/><h2><a name="ProxyMatch"><ProxyMatch></a> <a name="proxymatch">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Container for directives applied to regular-expression-matched 
 | |
| proxied resources</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td><Proxy <em>regex</em>> ...</Proxy></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive"><ProxyMatch></code> directive is
 | |
| identical to the <a href="#proxy" class="directive"><code class="directive"><Proxy></code></a> directive, except it matches URLs
 | |
| using regular expressions.</p>
 | |
| <hr/><h2><a name="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Maximium number of proxies that a request can be forwarded
 | |
| through</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyMaxForwards <em>number</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyMaxForwards 10</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr><tr><td nowrap="nowrap" align="left" valign="top"><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in Apache 2.0 and later</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
 | |
| maximum number of proxies through which a request may pass. This is
 | |
| set to prevent infinite proxy loops, or a DoS attack.</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><p align="center"><strong>Example</strong></p><code>
 | |
|   ProxyMaxForwards 10
 | |
| </code></td></tr></table></blockquote>
 | |
| <hr/><h2><a name="ProxyPass">ProxyPass</a> <a name="proxypass">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Maps remote servers into the local server 
 | |
| URL-space</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyPass [<em>path</em>] !|<em>url</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This directive allows remote servers to be mapped into the space of
 | |
| the local server; the local server does not act as a proxy in the
 | |
| conventional sense, but appears to be a mirror of the remote
 | |
| server. <em>path</em> is the name of a local virtual path;
 | |
| <em>url</em> is a partial URL for the remote server and cannot
 | |
| include a query string.</p>
 | |
| 
 | |
| <p>Suppose the local server has address <code>http://wibble.org/</code>; 
 | |
| then</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|    ProxyPass /mirror/foo/ http://foo.com/
 | |
| </code></td></tr></table></blockquote>
 | |
| <p>will cause a local request for the
 | |
| <<code>http://wibble.org/mirror/foo/bar</code>> to be
 | |
| internally converted into a proxy request to
 | |
| <<code>http://foo.com/bar</code>>.</p>
 | |
| <p>
 | |
| The ! directive is useful in situations where you don't want to reverse-proxy
 | |
| a subdirectory. eg.</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|         ProxyPass /mirror/foo/i !<br>
 | |
|         ProxyPass /mirror/foo http://foo.com
 | |
| </code></td></tr></table></blockquote>
 | |
| <p>will proxy all requests to /mirror/foo to foo.com EXCEPT requests made to /mirror/foo/i</p>
 | |
| 
 | |
| <blockquote><table><tr><td bgcolor="#e0e5f5">NB: order is important. you need to put the exclusions BEFORE the general proxypass directive</td></tr></table></blockquote>
 | |
| 
 | |
| <p>When used inside a <a href="core.html#location" class="directive"><code class="directive"><Location></code></a> section, the first argument is
 | |
| ommitted and the local directory is obtained from the <a href="core.html#location" class="directive"><code class="directive"><Location></code></a>.</p>
 | |
| 
 | |
| <p>If you require a more flexible reverse-proxy configuration, see
 | |
| the <a href="mod_rewrite.html#rewriterule" class="directive"><code class="directive">RewriteRule</code></a> directive
 | |
| with the <code>[P]</code> flag.</p>
 | |
| 
 | |
| <hr/><h2><a name="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Adjusts the URL in HTTP response headers sent from
 | |
| a reverse proxied server</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyPassReverse [<em>path</em>] <em>url</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This directive lets Apache adjust the URL in the <code>Location</code>,
 | |
| <code>Content-Location</code> and <code>URI</code> headers on
 | |
| HTTP redirect responses. This is essential when Apache is used as
 | |
| a reverse proxy to avoid by-passing the reverse proxy because of HTTP
 | |
| redirects on the backend servers which stay behind the reverse proxy.</p>
 | |
| 
 | |
| <p><em>path</em> is the name of a local virtual path.<br>
 | |
| <em>url</em> is a partial URL for the remote server - the same way they are
 | |
| used for the <a href="#proxypass" class="directive"><code class="directive">ProxyPass</code></a> directive.</p>
 | |
| 
 | |
| <p>
 | |
| Example:<br>
 | |
| Suppose the local server has address <code>http://wibble.org/</code>; then</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|    ProxyPass         /mirror/foo/ http://foo.com/<br>
 | |
|    ProxyPassReverse  /mirror/foo/ http://foo.com/
 | |
| </code></td></tr></table></blockquote>
 | |
| <p>will not only cause a local request for the
 | |
| <<code>http://wibble.org/mirror/foo/bar</code>> to be internally
 | |
| converted into a proxy request to <<code>http://foo.com/bar</code>> (the
 | |
| functionality <code>ProxyPass</code> provides here). It also takes care of
 | |
| redirects the server foo.com sends: when <code>http://foo.com/bar</code> is
 | |
| redirected by him to <code>http://foo.com/quux</code> Apache adjusts this to
 | |
| <code>http://wibble.org/mirror/foo/quux</code> before forwarding the HTTP
 | |
| redirect response to the client. </p>
 | |
| <p>
 | |
| Note that this <code class="directive">ProxyPassReverse</code> directive can
 | |
| also be used in conjunction with the proxy pass-through feature
 | |
| ("<code>RewriteRule ...  [P]</code>") from
 | |
| <code><a href="mod_rewrite.html">mod_rewrite</a></code> because its doesn't depend on a
 | |
| corresponding <a href="#proxypass" class="directive"><code class="directive">ProxyPass</code></a>
 | |
| directive.</p>
 | |
| 
 | |
| <p>When used inside a <a href="core.html#location" class="directive"><code class="directive"><Location></code></a> section, the first argument is
 | |
| ommitted and the local directory is obtained from the <a href="core.html#location" class="directive"><code class="directive"><Location></code></a>.</p>
 | |
| 
 | |
| <hr/><h2><a name="ProxyPreserveHost">ProxyPreserveHost</a> <a name="proxypreservehost">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Use incoming Host HTTP request header for
 | |
| proxy request</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyPreserveHost on|off</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyPreserveHost Off</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr><tr><td nowrap="nowrap" align="left" valign="top"><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in
 | |
| Apache 2.0.31 and later.</td></tr></table></td></tr></table>
 | |
| <p>When enabled, this option will pass the Host: line from the
 | |
| incoming request to the proxied host, instead of the hostname
 | |
| specified in the proxypass line.
 | |
| </p>
 | |
| <p>This option should normally be turned 'off'.</p>
 | |
| <hr/><h2><a name="ProxyReceiveBufferSize">ProxyReceiveBufferSize</a> <a name="proxyreceivebuffersize">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Network buffer size for outgoing HTTP and FTP 
 | |
| connections</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyReceiveBufferSize <em>bytes</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive">ProxyReceiveBufferSize</code> directive
 | |
| specifies an explicit network buffer size for outgoing HTTP and FTP
 | |
| connections, for increased throughput.  It has to be greater than 512
 | |
| or set to 0 to indicate that the system's default buffer size should
 | |
| be used.</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><p align="center"><strong>Example</strong></p><code>
 | |
|   ProxyReceiveBufferSize 2048
 | |
| </code></td></tr></table></blockquote>
 | |
| <hr/><h2><a name="ProxyRemote">ProxyRemote</a> <a name="proxyremote">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Remote proxy used to handle certain requests</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyRemote <em>match remote-server</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This defines remote proxies to this proxy. <em>match</em> is either the
 | |
| name of a URL-scheme that the remote server supports, or a partial URL
 | |
| for which the remote server should be used, or '*' to indicate the
 | |
| server should be contacted for all requests. <em>remote-server</em> is a
 | |
| partial URL for the remote server. Syntax:</p>
 | |
| 
 | |
| <pre>
 | |
|   remote-server = protocol://hostname[:port]
 | |
| </pre>
 | |
| 
 | |
| <p><em>protocol</em> is the protocol that should be used to communicate
 | |
| with the remote server; only "http" is supported by this module.</p>
 | |
| 
 | |
| <p>
 | |
| Example:</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|   ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br>
 | |
|   ProxyRemote * http://cleversite.com<br>
 | |
|   ProxyRemote ftp http://ftpproxy.mydomain.com:8080
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <p>In the last example, the proxy will forward FTP requests, encapsulated
 | |
| as yet another HTTP proxy request, to another proxy which can handle
 | |
| them.</p>
 | |
| 
 | |
| <p>This option also supports reverse proxy configuration - a backend
 | |
| webserver can be embedded within a virtualhost URL space even if that
 | |
| server is hidden by another forward proxy.</p>
 | |
| <hr/><h2><a name="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Remote proxy used to handle requests
 | |
| matched by regular expressions</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyRemote <em>regex remote-server</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>The <code class="directive">ProxyRemoteMatch</code> is identical
 | |
| to the <a href="#proxyremote" class="directive"><code class="directive">ProxyRemote</code></a>
 | |
| directive, except the first argument is a regular expression
 | |
| match against the requested URL.</p>
 | |
| <hr/><h2><a name="ProxyRequests">ProxyRequests</a> <a name="proxyrequests">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Enables forward (standard) proxy requests</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyRequests on|off</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyRequests Off</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This allows or prevents Apache from functioning as a forward proxy
 | |
| server. (Setting ProxyRequests to 'off' does not disable use of the 
 | |
| <a href="#proxypass" class="directive"><code class="directive">ProxyPass</code></a> directive.)</p>
 | |
| 
 | |
| <p>In a typical reverse proxy configuration, this option should be set to
 | |
| 'off'.</p>
 | |
| 
 | |
| <blockquote><table><tr><td bgcolor="#ffe5f5"><p>Do not enable proxying with <a href="#proxyrequests" class="directive"><code class="directive">ProxyRequests</code></a> until you have 
 | |
| <a href="#access">secured your server</a>.  Open proxy servers are
 | |
| dangerous both to your network and to the Internet at large.</p></td></tr></table></blockquote>
 | |
| 
 | |
| <hr/><h2><a name="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Network timeout for proxied requests</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyTimeout <em>seconds</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyTimeout 300</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr><tr><td nowrap="nowrap" align="left" valign="top"><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in
 | |
| Apache 2.0.31 and later</td></tr></table></td></tr></table>
 | |
| <p>This directive allows a user to specifiy a timeout on proxy requests.
 | |
| This is usefull when you have a slow/buggy appserver which hangs,
 | |
| and you would rather just return a timeout and fail gracefully instead
 | |
| of waiting however long it takes the server to return
 | |
| </p>
 | |
| <hr/><h2><a name="ProxyVia">ProxyVia</a> <a name="proxyvia">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Information provided in the Via HTTP response
 | |
| header for proxied requests</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>ProxyVia on|off|full|block</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>ProxyVia off</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config, virtual host</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_proxy</td></tr></table></td></tr></table>
 | |
| <p>This directive controls the use of the <code>Via:</code> HTTP
 | |
| header by the proxy. Its intended use is to control the flow of of
 | |
| proxy requests along a chain of proxy servers.  See RFC2068 (HTTP/1.1)
 | |
| for an explanation of <code>Via:</code> header lines.</p>
 | |
| 
 | |
| <ul> <li>If set
 | |
| to <em>off</em>, which is the default, no special processing is
 | |
| performed. If a request or reply contains a <code>Via:</code> header,
 | |
| it is passed through unchanged.</li>
 | |
| 
 | |
| <li>If set to <em>on</em>, each
 | |
| request and reply will get a <code>Via:</code> header line added for
 | |
| the current host.</li>
 | |
| 
 | |
| <li>If set to <em>full</em>, each generated <code>Via:</code> header
 | |
| line will additionally have the Apache server version shown as a
 | |
| <code>Via:</code> comment field.</li>
 | |
| 
 | |
| <li>If set to <em>block</em>, every
 | |
| proxy request will have all its <code>Via:</code> header lines
 | |
| removed. No new <code>Via:</code> header will be generated.</li>
 | |
| </ul>
 | |
| <hr/></blockquote><h3 align="center">Apache HTTP Server Version 2.0</h3><a href="./"><img src="../images/index.gif" alt="Index"/></a><a href="../"><img src="../images/home.gif" alt="Home"/></a></body></html> |