Summary
Warning
Do not enable proxying with ProxyRequests
until you have secured your server. Open proxy servers are dangerous both to your
network and to the Internet at large.
This module implements a proxy/gateway for Apache. It implements
proxying capability for FTP
, CONNECT
(for SSL),
HTTP/0.9
, HTTP/1.0
, and HTTP/1.1
.
The module can be configured to connect to other proxy modules for these
and other protocols.
Apache's proxy features are divided into several modules in
addition to mod_proxy
:
mod_proxy_http
, mod_proxy_ftp
and mod_proxy_connect
. Thus, if you want to use
one or more of the particular proxy functions, load
mod_proxy
and the appropriate module(s)
into the server (either statically at compile-time or dynamically
via the LoadModule
directive).
In addition, extended features are provided by other modules.
Caching is provided by mod_cache
and related
modules. The ability to contact remote servers using the SSL/TLS
protocol is provided by the SSLProxy*
directives of
mod_ssl
. These additional modules will need
to be loaded and configured to take advantage of these features.
Directives
- AllowCONNECT
- NoProxy
- <Proxy>
- ProxyBadHeader
- ProxyBlock
- ProxyDomain
- ProxyErrorOverride
- ProxyFtpDirCharset
- ProxyIOBufferSize
- <ProxyMatch>
- ProxyMaxForwards
- ProxyPass
- ProxyPassReverse
- ProxyPreserveHost
- ProxyReceiveBufferSize
- ProxyRemote
- ProxyRemoteMatch
- ProxyRequests
- ProxyTimeout
- ProxyVia
Topics
- Forward and Reverse Proxies
- Basic Examples
- Controlling access to your proxy
- FTP Proxy
- Slow Startup
- Intranet Proxy
- Protocol Adjustments
See also
mod_cache
mod_proxy_http
mod_proxy_ftp
mod_proxy_connect
mod_ssl
Forward and Reverse Proxies
Apache can be configured in both a forward and
reverse proxy mode.
An ordinary forward proxy is an intermediate
server that sits between the client and the origin
server. In order to get content from the origin server,
the client sends a request to the proxy naming the origin server
as the target and the proxy then requests the content from the
origin server and returns it to the client. The client must be
specially configured to use the forward proxy to access other
sites.
A typical usage of a forward proxy is to provide Internet
access to internal clients that are otherwise restricted by a
firewall. The forward proxy can also use caching (as provided
by mod_cache
) to reduce network usage.
The forward proxy is activated using the ProxyRequests
directive. Because
forward proxys allow clients to access arbitrary sites through
your server and to hide their true origin, it is essential that
you secure your server so that only
authorized clients can access the proxy before activating a
forward proxy.
A reverse proxy, by contrast, appears to the
client just like an ordinary web server. No special
configuration on the client is necessary. The client makes
ordinary requests for content in the name-space of the reverse
proxy. The reverse proxy then decides where to send those
requests, and returns the content as if it was itself the
origin.
A typical usage of a reverse proxy is to provide Internet
users access to a server that is behind a firewall. Reverse
proxies can also be used to balance load among several back-end
servers, or to provide caching for a slower back-end server.
In addition, reverse proxies can be used simply to bring
several servers into the same URL space.
A reverse proxy is activated using the ProxyPass
directive or the
[P]
flag to the RewriteRule
directive. It is
not necessary to turn ProxyRequests
on in order to
configure a reverse proxy.