httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject svn commit: r1673857 [17/23] - in /httpd/httpd/branches/2.2.x/docs/manual: ./ howto/ misc/ mod/ programs/ vhosts/
Date Wed, 15 Apr 2015 16:36:07 GMT
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en?rev=1673857&r1=1673856&r2=1673857&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en Wed Apr 15 16:36:04 2015
@@ -116,327 +116,6 @@
 <li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="forwardreverse" id="forwardreverse">Forward Proxies and Reverse 
-       Proxies/Gateways</a></h2>
-      <p>Apache can be configured in both a <dfn>forward</dfn> and
-      <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
-
-      <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
-      server that sits between the client and the <em>origin
-      server</em>.  In order to get content from the origin server,
-      the client sends a request to the proxy naming the origin server
-      as the target and the proxy then requests the content from the
-      origin server and returns it to the client.  The client must be
-      specially configured to use the forward proxy to access other
-      sites.</p>
-
-      <p>A typical usage of a forward proxy is to provide Internet
-      access to internal clients that are otherwise restricted by a
-      firewall.  The forward proxy can also use caching (as provided
-      by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
-
-      <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive.  Because
-      forward proxies allow clients to access arbitrary sites through
-      your server and to hide their true origin, it is essential that
-      you <a href="#access">secure your server</a> so that only
-      authorized clients can access the proxy before activating a
-      forward proxy.</p>
-
-      <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
-      contrast, appears to the client just like an ordinary web
-      server.  No special configuration on the client is necessary.
-      The client makes ordinary requests for content in the name-space
-      of the reverse proxy.  The reverse proxy then decides where to
-      send those requests, and returns the content as if it was itself
-      the origin.</p>
-
-      <p>A typical usage of a reverse proxy is to provide Internet
-      users access to a server that is behind a firewall.  Reverse
-      proxies can also be used to balance load among several back-end
-      servers, or to provide caching for a slower back-end server.
-      In addition, reverse proxies can be used simply to bring
-      several servers into the same URL space.</p>
-
-      <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
-      <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive.  It is
-      <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
-      configure a reverse proxy.</p>
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Basic Examples</a></h2>
-
-    <p>The examples below are only a very basic idea to help you
-    get started.  Please read the documentation on the individual
-    directives.</p>
-
-    <p>In addition, if you wish to have caching enabled, consult
-    the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
-
-    <div class="example"><h3>Reverse Proxy</h3><p><code>
-    ProxyPass /foo http://foo.example.com/bar<br />
-    ProxyPassReverse /foo http://foo.example.com/bar
-    </code></p></div>
-
-    <div class="example"><h3>Forward Proxy</h3><p><code>
-    ProxyRequests On<br />
-    ProxyVia On<br />
-    <br />
-    &lt;Proxy *&gt;<br />
-    <span class="indent">
-      Order deny,allow<br />
-      Deny from all<br />
-      Allow from internal.example.com<br />
-    </span>
-    &lt;/Proxy&gt;
-    </code></p></div>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="workers" id="workers">Workers</a></h2>
-      <p>The proxy manages the configuration of origin servers and their
-      communication parameters in objects called <dfn>workers</dfn>.
-      There are two built-in workers, the default forward proxy worker and the
-      default reverse proxy worker. Additional workers can be configured
-      explicitly.</p>
-
-      <p>The two default workers have a fixed configuration
-      and will be used if no other worker matches the request.
-      They do not use HTTP Keep-Alive or connection pooling.
-      The TCP connections to the origin server will instead be
-      opened and closed for each request.</p>
-
-      <p>Explicitly configured workers are identified by their URL.
-      They are usually created and configured using
-      <code class="directive"><a href="#proxypass">ProxyPass</a></code> or
-      <code class="directive"><a href="#proxypassmatch">ProxyPassMatch</a></code> when used
-      for a reverse proxy:</p>
-
-      <div class="example"><p><code>
-          ProxyPass /example http://backend.example.com connectiontimeout=5 timeout=30
-      </code></p></div>
-
-      <p>This will create a worker associated with the origin server URL
-      <code>http://backend.example.com</code> and using the given timeout
-      values. When used in a forward proxy, workers are usually defined
-      via the <code class="directive"><a href="#proxyset">ProxySet</a></code> directive:</p>
-
-      <div class="example"><p><code>
-          ProxySet http://backend.example.com connectiontimeout=5 timeout=30
-      </code></p></div>
-
-      <p>or alternatively using <code class="directive"><a href="#proxy">Proxy</a></code>
-      and <code class="directive"><a href="#proxyset">ProxySet</a></code>:</p>
-
-      <div class="example"><p><code>
-        &lt;Proxy http://backend.example.com&gt;<br />
-        <span class="indent">
-          ProxySet connectiontimeout=5 timeout=30
-        </span>
-        &lt;/Proxy&gt;
-      </code></p></div>
-
-      <p>Using explicitly configured workers in the forward mode is
-      not very common, because forward proxies usually communicate with many
-      different origin servers. Creating explicit workers for some of the
-      origin servers can still be useful, if they are used very often.
-      Explicitly configured workers have no concept of forward or reverse
-      proxying by themselves. They encapsulate a common concept of
-      communication with origin servers. A worker created by
-      <code class="directive"><a href="#proxypass">ProxyPass</a></code> for use in a
-      reverse proxy will be also used for forward proxy requests whenever
-      the URL to the origin server matches the worker URL and vice versa.</p>
-
-      <p>The URL identifying a direct worker is the URL of its
-      origin server including any path components given:</p>
-
-      <div class="example"><p><code>
-          ProxyPass /examples http://backend.example.com/examples<br />
-          ProxyPass /docs http://backend.example.com/docs
-      </code></p></div>
-
-      <p>This example defines two different workers, each using a separate
-      connection pool and configuration.</p>
-
-      <div class="warning"><h3>Worker Sharing</h3>
-        <p>Worker sharing happens if the worker URLs overlap, which occurs when
-        the URL of some worker is a leading substring of the URL of another
-        worker defined later in the configuration file. In the following example</p>
-
-        <div class="example"><p><code>
-            ProxyPass /apps http://backend.example.com/ timeout=60<br />
-            ProxyPass /examples http://backend.example.com/examples timeout=10
-        </code></p></div>
-
-        <p>the second worker isn't actually created. Instead the first
-        worker is used. The benefit is, that there is only one connection pool,
-        so connections are more often reused. Note that all configuration attributes
-        given explicitly for the later worker and some configuration defaults will
-        overwrite the configuration given for the first worker. This will be logged
-        as a warning. In the above example the resulting timeout value
-        for the URL <code>/apps</code> will be <code>10</code> instead
-        of <code>60</code>!</p>
-
-        <p>If you want to avoid worker sharing, sort your worker definitions
-        by URL length, starting with the longest worker URLs. If you want to maximize
-        worker sharing use the reverse sort order. See also the related warning about
-        ordering <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
-
-      </div> 
-
-      <p>Explicitly configured workers come in two flavors:
-      <dfn>direct workers</dfn> and <dfn>(load) balancer workers</dfn>.
-      They support many important configuration attributes which are
-      described below in the <code class="directive"><a href="#proxypass">ProxyPass</a></code>
-      directive. The same attributes can also be set using
-      <code class="directive"><a href="#proxyset">ProxySet</a></code>.</p>
-
-      <p>The set of options available for a direct worker
-      depends on the protocol, which is specified in the origin server URL.
-      Available protocols include <code>ajp</code>,
-      <code>ftp</code>, <code>http</code> and <code>scgi</code>.</p>
-
-      <p>Balancer workers are virtual workers that use direct workers known
-      as their members to actually handle the requests. Each balancer can
-      have multiple members. When it handles a request, it chooses a member
-      based on the configured load balancing algorithm.</p>
-
-      <p>A balancer worker is created if its worker URL uses
-      <code>balancer</code> as the protocol scheme.
-      The balancer URL uniquely identifies the balancer worker.
-      Members are added to a balancer using
-      <code class="directive"><a href="#balancermember">BalancerMember</a></code>.</p>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
-      <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy">&lt;Proxy&gt;</a></code> control block as in
-      the following example:</p>
-
-      <div class="example"><p><code>
-        &lt;Proxy *&gt;<br />
-        <span class="indent">
-          Order Deny,Allow<br />
-          Deny from all<br />
-          Allow from 192.168.0<br />
-        </span>
-        &lt;/Proxy&gt;
-      </code></p></div>
-
-      <p>For more information on access control directives, see
-      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
-
-      <p>Strictly limiting access is essential if you are using a
-      forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
-      Otherwise, your server can be used by any client to access
-      arbitrary hosts while hiding his or her true identity.  This is
-      dangerous both for your network and for the Internet at large.
-      When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
-      <code>ProxyRequests Off</code>), access control is less
-      critical because clients can only contact the hosts that you
-      have specifically configured.</p>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="startup" id="startup">Slow Startup</a></h2>
-      <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
-      and cached during startup for later match test. This may take a few
-      seconds (or more) depending on the speed with which the hostname lookups
-      occur.</p>
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
-      <p>An Apache proxy server situated in an intranet needs to forward
-      external requests through the company's firewall (for this, configure
-      the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
-      to forward the respective <var>scheme</var> to the firewall proxy).
-      However, when it has to
-      access resources within the intranet, it can bypass the firewall when
-      accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
-      directive is useful for specifying which hosts belong to the intranet and
-      should be accessed directly.</p>
-
-      <p>Users within an intranet tend to omit the local domain name from their
-      WWW requests, thus requesting "http://somehost/" instead of
-      <code>http://somehost.example.com/</code>. Some commercial proxy servers
-      let them get away with this and simply serve the request, implying a
-      configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
-      a redirect response and send the client to the correct, fully qualified,
-      server address. This is the preferred method since the user's bookmark
-      files will then contain fully qualified hosts.</p>
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
-      <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
-      requests to an origin server that doesn't properly implement
-      keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
-      request to use HTTP/1.0 with no keepalive. These are set via the
-      <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
-
-      <p>These are the <code>force-proxy-request-1.0</code> and
-      <code>proxy-nokeepalive</code> notes.</p>
-
-      <div class="example"><p><code>
-        &lt;Location /buggyappserver/&gt;<br />
-        <span class="indent">
-          ProxyPass http://buggyappserver:7001/foo/<br />
-          SetEnv force-proxy-request-1.0 1<br />
-          SetEnv proxy-nokeepalive 1<br />
-        </span>
-        &lt;/Location&gt;
-      </code></p></div>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>
-
-    <p>Some request methods such as POST include a request body.
-    The HTTP protocol requires that requests which include a body
-    either use chunked transfer encoding or send a
-    <code>Content-Length</code> request header.  When passing these
-    requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
-    will always attempt to send the <code>Content-Length</code>.  But
-    if the body is large and the original request used chunked
-    encoding, then chunked encoding may also be used in the upstream
-    request.  You can control this selection using <a href="../env.html">environment variables</a>.  Setting
-    <code>proxy-sendcl</code> ensures maximum compatibility with
-    upstream servers by always sending the
-    <code>Content-Length</code>, while setting
-    <code>proxy-sendchunked</code> minimizes resource usage by using
-    chunked encoding.</p>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
-
-    <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),
-    <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in
-    order to pass information to the origin server. These headers
-    are:</p>
-
-    <dl>
-      <dt><code>X-Forwarded-For</code></dt>
-      <dd>The IP address of the client.</dd>
-      <dt><code>X-Forwarded-Host</code></dt>
-      <dd>The original host requested by the client in the <code>Host</code> 
-       HTTP request header.</dd>
-      <dt><code>X-Forwarded-Server</code></dt>
-      <dd>The hostname of the proxy server.</dd>
-    </dl>
-
-    <p>Be careful when using these headers on the origin server, since
-    they will contain more than one (comma-separated) value if the
-    original request already contained one of these headers. For
-    example, you can use <code>%{X-Forwarded-For}i</code> in the log
-    format string of the origin server to log the original clients IP
-    address, but you may get more than one address if the request
-    passes through several proxies.</p>
-
-    <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control
-    other request headers.</p>
-
-   </div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
@@ -1550,192 +1229,513 @@ connections</td></tr>
       ProxyRemote ftp http://ftpproxy.mydomain:8080
     </code></p></div>
 
-    <p>In the last example, the proxy will forward FTP requests, encapsulated
-    as yet another HTTP proxy request, to another proxy which can handle
-    them.</p>
+    <p>In the last example, the proxy will forward FTP requests, encapsulated
+    as yet another HTTP proxy request, to another proxy which can handle
+    them.</p>
+
+    <p>This option also supports reverse proxy configuration - a backend
+    webserver can be embedded within a virtualhost URL space even if that
+    server is hidden by another forward proxy.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
+expressions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+    <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
+    <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
+    first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
+    match against the requested URL.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+    <p>This allows or prevents Apache from functioning as a forward proxy
+    server. (Setting ProxyRequests to <code>Off</code> does not disable use of
+    the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
+
+    <p>In a typical reverse proxy or gateway configuration, this
+    option should be set to
+    <code>Off</code>.</p>
+
+    <p>In order to get the functionality of proxying HTTP or FTP sites, you
+    need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
+    (or both) present in the server.</p>
+
+    <p>In order to get the functionality of (forward) proxying HTTPS sites, you
+    need <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> enabled in the server.</p>
+
+    <div class="warning"><h3>Warning</h3>
+      <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>.  Open proxy servers are dangerous
+      both to your network and to the Internet at large.</p>
+    </div>
+
+<h3>See also</h3>
+<ul>
+<li><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxySet" id="ProxySet">ProxySet</a> <a name="proxyset" id="proxyset">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set various Proxy balancer or member parameters</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxySet <var>url</var> <var>key=value [key=value ...]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxySet is only available in Apache 2.2
+	and later.</td></tr>
+</table>
+    <p>This directive is used as an alternate method of setting any of the
+    parameters available to Proxy balancers and workers normally done via the
+    <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive. If used
+    within a <code>&lt;Proxy <var>balancer url|worker url</var>&gt;</code>
+    container directive, the <var>url</var> argument is not required. As a side
+    effect the respective balancer or worker gets created. This can be useful
+    when doing reverse proxying via a
+    <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
+    <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+
+    <div class="example"><p><code>
+      &lt;Proxy balancer://hotcluster&gt;<br />
+      <span class="indent">
+        BalancerMember http://www2.example.com:8080 loadfactor=1<br />
+        BalancerMember http://www3.example.com:8080 loadfactor=2<br />
+        ProxySet lbmethod=bytraffic<br />
+      </span>
+      &lt;/Proxy&gt;
+    </code></p></div>
+
+    <div class="example"><p><code>
+      &lt;Proxy http://backend&gt;<br />
+      <span class="indent">
+        ProxySet keepalive=On<br />
+      </span>
+      &lt;/Proxy&gt;
+    </code></p></div>
+
+    <div class="example"><p><code>
+        ProxySet balancer://foo lbmethod=bytraffic timeout=15
+    </code></p></div>
+
+    <div class="example"><p><code>
+        ProxySet ajp://backend:7001 timeout=15
+    </code></p></div>
+
+   <div class="warning"><h3>Warning</h3>
+      <p>Keep in mind that the same parameter key can have a different meaning
+      depending whether it is applied to a balancer or a worker as shown by the two
+      examples above regarding timeout.</p>
+   </div>
 
-    <p>This option also supports reverse proxy configuration - a backend
-    webserver can be embedded within a virtualhost URL space even if that
-    server is hidden by another forward proxy.</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
+<div class="directive-section"><h2><a name="ProxyStatus" id="ProxyStatus">ProxyStatus</a> <a name="proxystatus" id="proxystatus">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
-expressions</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Show Proxy LoadBalancer status in mod_status</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyStatus Off|On|Full</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyStatus Off</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2 and later</td></tr>
 </table>
-    <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
-    <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
-    first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
-    match against the requested URL.</p>
+    <p>This directive determines whether or not proxy
+    loadbalancer status data is displayed via the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>
+    server-status page.</p>
+    <div class="note"><h3>Note</h3>
+      <p><strong>Full</strong> is synonymous with <strong>On</strong></p>
+    </div>
+
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
+<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Value of <code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
 </table>
-    <p>This allows or prevents Apache from functioning as a forward proxy
-    server. (Setting ProxyRequests to <code>Off</code> does not disable use of
-    the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
+    <p>This directive allows a user to specify a timeout on proxy requests.
+    This is useful when you have a slow/buggy appserver which hangs, and you
+    would rather just return a timeout and fail gracefully instead of waiting
+    however long it takes the server to return.</p>
 
-    <p>In a typical reverse proxy or gateway configuration, this
-    option should be set to
-    <code>Off</code>.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
+header for proxied requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+    <p>This directive controls the use of the <code>Via:</code> HTTP
+    header by the proxy. Its intended use is to control the flow of
+    proxy requests along a chain of proxy servers.  See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
+    14.45 for an explanation of <code>Via:</code> header lines.</p>
+
+    <ul>
+    <li>If set to <code>Off</code>, which is the default, no special processing
+    is performed. If a request or reply contains a <code>Via:</code> header,
+    it is passed through unchanged.</li>
+
+    <li>If set to <code>On</code>, each request and reply will get a
+    <code>Via:</code> header line added for the current host.</li>
+
+    <li>If set to <code>Full</code>, each generated <code>Via:</code> header
+    line will additionally have the Apache server version shown as a
+    <code>Via:</code> comment field.</li>
+
+    <li>If set to <code>Block</code>, every proxy request will have all its
+    <code>Via:</code> header lines removed. No new <code>Via:</code> header will
+    be generated.</li>
+    </ul>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="forwardreverse" id="forwardreverse">Forward Proxies and Reverse 
+       Proxies/Gateways</a></h2>
+      <p>Apache can be configured in both a <dfn>forward</dfn> and
+      <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
+
+      <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
+      server that sits between the client and the <em>origin
+      server</em>.  In order to get content from the origin server,
+      the client sends a request to the proxy naming the origin server
+      as the target and the proxy then requests the content from the
+      origin server and returns it to the client.  The client must be
+      specially configured to use the forward proxy to access other
+      sites.</p>
+
+      <p>A typical usage of a forward proxy is to provide Internet
+      access to internal clients that are otherwise restricted by a
+      firewall.  The forward proxy can also use caching (as provided
+      by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
+
+      <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive.  Because
+      forward proxies allow clients to access arbitrary sites through
+      your server and to hide their true origin, it is essential that
+      you <a href="#access">secure your server</a> so that only
+      authorized clients can access the proxy before activating a
+      forward proxy.</p>
+
+      <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
+      contrast, appears to the client just like an ordinary web
+      server.  No special configuration on the client is necessary.
+      The client makes ordinary requests for content in the name-space
+      of the reverse proxy.  The reverse proxy then decides where to
+      send those requests, and returns the content as if it was itself
+      the origin.</p>
+
+      <p>A typical usage of a reverse proxy is to provide Internet
+      users access to a server that is behind a firewall.  Reverse
+      proxies can also be used to balance load among several back-end
+      servers, or to provide caching for a slower back-end server.
+      In addition, reverse proxies can be used simply to bring
+      several servers into the same URL space.</p>
+
+      <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
+      <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive.  It is
+      <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
+      configure a reverse proxy.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Basic Examples</a></h2>
+
+    <p>The examples below are only a very basic idea to help you
+    get started.  Please read the documentation on the individual
+    directives.</p>
+
+    <p>In addition, if you wish to have caching enabled, consult
+    the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
+
+    <div class="example"><h3>Reverse Proxy</h3><p><code>
+    ProxyPass /foo http://foo.example.com/bar<br />
+    ProxyPassReverse /foo http://foo.example.com/bar
+    </code></p></div>
+
+    <div class="example"><h3>Forward Proxy</h3><p><code>
+    ProxyRequests On<br />
+    ProxyVia On<br />
+    <br />
+    &lt;Proxy *&gt;<br />
+    <span class="indent">
+      Order deny,allow<br />
+      Deny from all<br />
+      Allow from internal.example.com<br />
+    </span>
+    &lt;/Proxy&gt;
+    </code></p></div>
+
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="workers" id="workers">Workers</a></h2>
+      <p>The proxy manages the configuration of origin servers and their
+      communication parameters in objects called <dfn>workers</dfn>.
+      There are two built-in workers, the default forward proxy worker and the
+      default reverse proxy worker. Additional workers can be configured
+      explicitly.</p>
+
+      <p>The two default workers have a fixed configuration
+      and will be used if no other worker matches the request.
+      They do not use HTTP Keep-Alive or connection pooling.
+      The TCP connections to the origin server will instead be
+      opened and closed for each request.</p>
+
+      <p>Explicitly configured workers are identified by their URL.
+      They are usually created and configured using
+      <code class="directive"><a href="#proxypass">ProxyPass</a></code> or
+      <code class="directive"><a href="#proxypassmatch">ProxyPassMatch</a></code> when used
+      for a reverse proxy:</p>
+
+      <div class="example"><p><code>
+          ProxyPass /example http://backend.example.com connectiontimeout=5 timeout=30
+      </code></p></div>
+
+      <p>This will create a worker associated with the origin server URL
+      <code>http://backend.example.com</code> and using the given timeout
+      values. When used in a forward proxy, workers are usually defined
+      via the <code class="directive"><a href="#proxyset">ProxySet</a></code> directive:</p>
+
+      <div class="example"><p><code>
+          ProxySet http://backend.example.com connectiontimeout=5 timeout=30
+      </code></p></div>
+
+      <p>or alternatively using <code class="directive"><a href="#proxy">Proxy</a></code>
+      and <code class="directive"><a href="#proxyset">ProxySet</a></code>:</p>
+
+      <div class="example"><p><code>
+        &lt;Proxy http://backend.example.com&gt;<br />
+        <span class="indent">
+          ProxySet connectiontimeout=5 timeout=30
+        </span>
+        &lt;/Proxy&gt;
+      </code></p></div>
+
+      <p>Using explicitly configured workers in the forward mode is
+      not very common, because forward proxies usually communicate with many
+      different origin servers. Creating explicit workers for some of the
+      origin servers can still be useful, if they are used very often.
+      Explicitly configured workers have no concept of forward or reverse
+      proxying by themselves. They encapsulate a common concept of
+      communication with origin servers. A worker created by
+      <code class="directive"><a href="#proxypass">ProxyPass</a></code> for use in a
+      reverse proxy will be also used for forward proxy requests whenever
+      the URL to the origin server matches the worker URL and vice versa.</p>
+
+      <p>The URL identifying a direct worker is the URL of its
+      origin server including any path components given:</p>
+
+      <div class="example"><p><code>
+          ProxyPass /examples http://backend.example.com/examples<br />
+          ProxyPass /docs http://backend.example.com/docs
+      </code></p></div>
+
+      <p>This example defines two different workers, each using a separate
+      connection pool and configuration.</p>
+
+      <div class="warning"><h3>Worker Sharing</h3>
+        <p>Worker sharing happens if the worker URLs overlap, which occurs when
+        the URL of some worker is a leading substring of the URL of another
+        worker defined later in the configuration file. In the following example</p>
+
+        <div class="example"><p><code>
+            ProxyPass /apps http://backend.example.com/ timeout=60<br />
+            ProxyPass /examples http://backend.example.com/examples timeout=10
+        </code></p></div>
+
+        <p>the second worker isn't actually created. Instead the first
+        worker is used. The benefit is, that there is only one connection pool,
+        so connections are more often reused. Note that all configuration attributes
+        given explicitly for the later worker and some configuration defaults will
+        overwrite the configuration given for the first worker. This will be logged
+        as a warning. In the above example the resulting timeout value
+        for the URL <code>/apps</code> will be <code>10</code> instead
+        of <code>60</code>!</p>
+
+        <p>If you want to avoid worker sharing, sort your worker definitions
+        by URL length, starting with the longest worker URLs. If you want to maximize
+        worker sharing use the reverse sort order. See also the related warning about
+        ordering <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
+
+      </div> 
+
+      <p>Explicitly configured workers come in two flavors:
+      <dfn>direct workers</dfn> and <dfn>(load) balancer workers</dfn>.
+      They support many important configuration attributes which are
+      described below in the <code class="directive"><a href="#proxypass">ProxyPass</a></code>
+      directive. The same attributes can also be set using
+      <code class="directive"><a href="#proxyset">ProxySet</a></code>.</p>
 
-    <p>In order to get the functionality of proxying HTTP or FTP sites, you
-    need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
-    (or both) present in the server.</p>
+      <p>The set of options available for a direct worker
+      depends on the protocol, which is specified in the origin server URL.
+      Available protocols include <code>ajp</code>,
+      <code>ftp</code>, <code>http</code> and <code>scgi</code>.</p>
 
-    <p>In order to get the functionality of (forward) proxying HTTPS sites, you
-    need <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> enabled in the server.</p>
+      <p>Balancer workers are virtual workers that use direct workers known
+      as their members to actually handle the requests. Each balancer can
+      have multiple members. When it handles a request, it chooses a member
+      based on the configured load balancing algorithm.</p>
 
-    <div class="warning"><h3>Warning</h3>
-      <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>.  Open proxy servers are dangerous
-      both to your network and to the Internet at large.</p>
-    </div>
+      <p>A balancer worker is created if its worker URL uses
+      <code>balancer</code> as the protocol scheme.
+      The balancer URL uniquely identifies the balancer worker.
+      Members are added to a balancer using
+      <code class="directive"><a href="#balancermember">BalancerMember</a></code>.</p>
 
-<h3>See also</h3>
-<ul>
-<li><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxySet" id="ProxySet">ProxySet</a> <a name="proxyset" id="proxyset">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set various Proxy balancer or member parameters</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxySet <var>url</var> <var>key=value [key=value ...]</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxySet is only available in Apache 2.2
-	and later.</td></tr>
-</table>
-    <p>This directive is used as an alternate method of setting any of the
-    parameters available to Proxy balancers and workers normally done via the
-    <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive. If used
-    within a <code>&lt;Proxy <var>balancer url|worker url</var>&gt;</code>
-    container directive, the <var>url</var> argument is not required. As a side
-    effect the respective balancer or worker gets created. This can be useful
-    when doing reverse proxying via a
-    <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
-    <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
+      <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy">&lt;Proxy&gt;</a></code> control block as in
+      the following example:</p>
 
-    <div class="example"><p><code>
-      &lt;Proxy balancer://hotcluster&gt;<br />
-      <span class="indent">
-        BalancerMember http://www2.example.com:8080 loadfactor=1<br />
-        BalancerMember http://www3.example.com:8080 loadfactor=2<br />
-        ProxySet lbmethod=bytraffic<br />
-      </span>
-      &lt;/Proxy&gt;
-    </code></p></div>
+      <div class="example"><p><code>
+        &lt;Proxy *&gt;<br />
+        <span class="indent">
+          Order Deny,Allow<br />
+          Deny from all<br />
+          Allow from 192.168.0<br />
+        </span>
+        &lt;/Proxy&gt;
+      </code></p></div>
 
-    <div class="example"><p><code>
-      &lt;Proxy http://backend&gt;<br />
-      <span class="indent">
-        ProxySet keepalive=On<br />
-      </span>
-      &lt;/Proxy&gt;
-    </code></p></div>
+      <p>For more information on access control directives, see
+      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
 
-    <div class="example"><p><code>
-        ProxySet balancer://foo lbmethod=bytraffic timeout=15
-    </code></p></div>
+      <p>Strictly limiting access is essential if you are using a
+      forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
+      Otherwise, your server can be used by any client to access
+      arbitrary hosts while hiding his or her true identity.  This is
+      dangerous both for your network and for the Internet at large.
+      When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
+      <code>ProxyRequests Off</code>), access control is less
+      critical because clients can only contact the hosts that you
+      have specifically configured.</p>
 
-    <div class="example"><p><code>
-        ProxySet ajp://backend:7001 timeout=15
-    </code></p></div>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="startup" id="startup">Slow Startup</a></h2>
+      <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
+      and cached during startup for later match test. This may take a few
+      seconds (or more) depending on the speed with which the hostname lookups
+      occur.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
+      <p>An Apache proxy server situated in an intranet needs to forward
+      external requests through the company's firewall (for this, configure
+      the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
+      to forward the respective <var>scheme</var> to the firewall proxy).
+      However, when it has to
+      access resources within the intranet, it can bypass the firewall when
+      accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
+      directive is useful for specifying which hosts belong to the intranet and
+      should be accessed directly.</p>
 
-   <div class="warning"><h3>Warning</h3>
-      <p>Keep in mind that the same parameter key can have a different meaning
-      depending whether it is applied to a balancer or a worker as shown by the two
-      examples above regarding timeout.</p>
-   </div>
+      <p>Users within an intranet tend to omit the local domain name from their
+      WWW requests, thus requesting "http://somehost/" instead of
+      <code>http://somehost.example.com/</code>. Some commercial proxy servers
+      let them get away with this and simply serve the request, implying a
+      configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
+      a redirect response and send the client to the correct, fully qualified,
+      server address. This is the preferred method since the user's bookmark
+      files will then contain fully qualified hosts.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
+      <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
+      requests to an origin server that doesn't properly implement
+      keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
+      request to use HTTP/1.0 with no keepalive. These are set via the
+      <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
 
+      <p>These are the <code>force-proxy-request-1.0</code> and
+      <code>proxy-nokeepalive</code> notes.</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyStatus" id="ProxyStatus">ProxyStatus</a> <a name="proxystatus" id="proxystatus">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Show Proxy LoadBalancer status in mod_status</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyStatus Off|On|Full</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyStatus Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2 and later</td></tr>
-</table>
-    <p>This directive determines whether or not proxy
-    loadbalancer status data is displayed via the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>
-    server-status page.</p>
-    <div class="note"><h3>Note</h3>
-      <p><strong>Full</strong> is synonymous with <strong>On</strong></p>
-    </div>
+      <div class="example"><p><code>
+        &lt;Location /buggyappserver/&gt;<br />
+        <span class="indent">
+          ProxyPass http://buggyappserver:7001/foo/<br />
+          SetEnv force-proxy-request-1.0 1<br />
+          SetEnv proxy-nokeepalive 1<br />
+        </span>
+        &lt;/Location&gt;
+      </code></p></div>
 
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Value of <code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
-</table>
-    <p>This directive allows a user to specify a timeout on proxy requests.
-    This is useful when you have a slow/buggy appserver which hangs, and you
-    would rather just return a timeout and fail gracefully instead of waiting
-    however long it takes the server to return.</p>
+    <p>Some request methods such as POST include a request body.
+    The HTTP protocol requires that requests which include a body
+    either use chunked transfer encoding or send a
+    <code>Content-Length</code> request header.  When passing these
+    requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
+    will always attempt to send the <code>Content-Length</code>.  But
+    if the body is large and the original request used chunked
+    encoding, then chunked encoding may also be used in the upstream
+    request.  You can control this selection using <a href="../env.html">environment variables</a>.  Setting
+    <code>proxy-sendcl</code> ensures maximum compatibility with
+    upstream servers by always sending the
+    <code>Content-Length</code>, while setting
+    <code>proxy-sendchunked</code> minimizes resource usage by using
+    chunked encoding.</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
-header for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
-    <p>This directive controls the use of the <code>Via:</code> HTTP
-    header by the proxy. Its intended use is to control the flow of
-    proxy requests along a chain of proxy servers.  See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
-    14.45 for an explanation of <code>Via:</code> header lines.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
 
-    <ul>
-    <li>If set to <code>Off</code>, which is the default, no special processing
-    is performed. If a request or reply contains a <code>Via:</code> header,
-    it is passed through unchanged.</li>
+    <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),
+    <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in
+    order to pass information to the origin server. These headers
+    are:</p>
 
-    <li>If set to <code>On</code>, each request and reply will get a
-    <code>Via:</code> header line added for the current host.</li>
+    <dl>
+      <dt><code>X-Forwarded-For</code></dt>
+      <dd>The IP address of the client.</dd>
+      <dt><code>X-Forwarded-Host</code></dt>
+      <dd>The original host requested by the client in the <code>Host</code> 
+       HTTP request header.</dd>
+      <dt><code>X-Forwarded-Server</code></dt>
+      <dd>The hostname of the proxy server.</dd>
+    </dl>
 
-    <li>If set to <code>Full</code>, each generated <code>Via:</code> header
-    line will additionally have the Apache server version shown as a
-    <code>Via:</code> comment field.</li>
+    <p>Be careful when using these headers on the origin server, since
+    they will contain more than one (comma-separated) value if the
+    original request already contained one of these headers. For
+    example, you can use <code>%{X-Forwarded-For}i</code> in the log
+    format string of the origin server to log the original clients IP
+    address, but you may get more than one address if the request
+    passes through several proxies.</p>
 
-    <li>If set to <code>Block</code>, every proxy request will have all its
-    <code>Via:</code> header lines removed. No new <code>Via:</code> header will
-    be generated.</li>
-    </ul>
+    <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control
+    other request headers.</p>
 
-</div>
+   </div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English">&nbsp;en&nbsp;</a> |



Mime
View raw message