httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Proxy module available... use at own risk.
Date Mon, 22 Jan 1996 00:14:14 GMT
Hi...

I've uploaded to httpd/incoming proxy_ak_v001.tar. This is a (hopefully)
working version of my caching HTTP proxy module. It contains three files: 

mod_proxy.c         - The actual proxy module
util_proxy.patch    - A patch to util.c to allow certain things to work*
alias_pass.patch    - A patch to mod_alias.c to add the Pass cmd (see below)

* For those interested, it makes no2slash() and getparents() ignore URLs
not beginning with / - so as to avoid mangling of what is passed to the
proxy server. 

Here are some instrutions on use of the module:


Installation:

Apply the two patches (optional - it will work without them - but a good 
idea) to Apache 1.0. Then put in mod_proxy.c, like any other module. Note 
that it has to follow mod_mime and mod_alias in order to work.


Basic Use, non-caching:

Do nothing. Just point a client at it. Plug and play. Great, huh?


Security:

Use <Directory> statements pointing at the URLs you want to protect. For 
example:

<Directory http:>
<Limit GET POST>
order deny,allow
deny from all
allow from 204.119.66.
</Limit>
</Directory>

allows only clients from 204.119.66.* to access your proxy server. If you 
installed util_proxy.patch, you can get more specific, i.e.

<Directory http://www.apache.org/>

which would enable restrictions for just access to www.apache.org. And so 
forth. Common sense probably works here.


Caching

Yes, it does caching too. It uses a file-based database, nothing fancy. 
It does stick all the files into one directory, which is quite possibly a
bad idea, but it's easily changeable, I think. (I just didn't try). 

CacheRoot /usr/local/etc/httpd/proxy
CacheSize 20

These two directives tell the server to store the proxy files in
/usr/local/etc/httpd/proxy, and to have it have a maximum size of 20 megs 
(default is five).

GcEvery 2

This tells it to garbage collect (go and remove expired files, and make
the cache directory under the size listen in CacheSize) every two hours.
Default is eight. Use "GcEvery Off" to turn off garbage collection and 
let the cache files fester.

I stole a bunch of useful commands from the CERN proxy server, with some 
modifications, which are useful somewhat:

CacheLimit 2000

This sets the max file size, in kilobytes. Anything larger than this gets 
wiped right away. The default is 4000.

CacheClean 90

In days, the maximum time to keep cache files, absolutely positively. 
Default is 30.

CacheExpireyCheck On/Off

On by default, turning this off means that it will pretend expired files 
aren't expired.

CacheNoConnect On/Off

Off by default, turning this on means that the proxy server will only 
return cached documents - it won't connect to anything.

If you've been paying attention, you'll note that you can set up a server 
to serve 'demo' web documents by loading them all into your proxy server, 
and then changing the settings to:

GcEvery Off
CacheExpireCheck Off
CacheNoConnect On


Acting as a Gateway/Mirror

If you installed alias_pass.patch, you now have a new directive, Pass. 
This is identical to Redirect, except produces internal redirects instead 
of external ones. This may be useful for other things (which is why I 
made it a generic patch), but what it's mainly good for is

Pass /apache/ http://www.apache.org/

Which does the obvious.

Well, I think that's it. If anyone wants to use it, please go ahead. If 
they don't, I don't blame them. I make absolutely no gaurentees that it 
won't eat your hard disk for lunch and use your modem to make prank calls 
to the president. Some parts of it (like the proxy stuff itself) are very 
well tested. Some parts of it (like the garbage collection code) are 
hardly tested at all.

But here it is... enjoy.

--/ Alexei Kosut <akosut@nueva.pvt.k12.ca.us> /--------/ Lefler on IRC
----------------------------/ <http://www.nueva.pvt.k12.ca.us/~akosut/>
The viewpoints expressed above are entirely false, and in no way
represent Alexei Kosut nor any other person or entity. /--------------



Mime
View raw message