httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject Re: Proxy module available... use at own risk.
Date Mon, 22 Jan 1996 19:04:00 GMT
Some comments on the proxy module uploaded to hyperreal.

What it really lacks is the code I've spent a couple of days writing,
namely checks to ensure
http://foobar/~xxx/ and http://foobar/%7exxx/ both hit the same cache entry.
I also try to ensure more HTTP/1.0 spec conformance, in particular
in accepting headers like

from the remote server, I also try to avoid breaking on
A-Header: xxx
A-Header: yyy

I'll have a go at combining your caching code with my URL code tomorrow.

More comments ...

>I've uploaded to httpd/incoming proxy_ak_v001.tar. This is a (hopefully)
>working version of my caching HTTP proxy module. It contains three files: 
>mod_proxy.c         - The actual proxy module
>util_proxy.patch    - A patch to util.c to allow certain things to work*
>alias_pass.patch    - A patch to mod_alias.c to add the Pass cmd (see below)
>* For those interested, it makes no2slash() and getparents() ignore URLs
>not beginning with / - so as to avoid mangling of what is passed to the
>proxy server. 

My solution, which I think is preferable, is to not call no2slash or
getparents for a proxy request. I added a 'proxyreq' boolean variable
to the request_rec structure to facilitate this. Part of the reason
is that http_request.c should really be changed so that if a proxy request
is received by then the server should treat it as a normal
request, rather than getting the proxy module to make a connection to

>Use <Directory> statements pointing at the URLs you want to protect. For 
><Directory http:>
><Limit GET POST>
>order deny,allow
>deny from all
>allow from 204.119.66.
>allows only clients from 204.119.66.* to access your proxy server. If you 
>installed util_proxy.patch, you can get more specific, i.e.
>which would enable restrictions for just access to And so 
>forth. Common sense probably works here.

Hmm, I chose to have all these 'filenames' prefixed with the module name,
<Directory proxy:http:*>
this wastes less of the namespace, and suggests this as a general feature
(for 1.1) for mapping 'modules' into the URL space. e.g. you write a
stats module which returns statistics about the server, you would protect it
<Directory stats:*>

Also, you need to patch directory_walk(), otherwise if you have a
sub-directory of server root called 'http:' then
<Directory http:>
might start doing strange things (like reading unexpected .htaccess files,
You also don't want to call get_path_info() or no2slash().


>Acting as a Gateway/Mirror
>If you installed alias_pass.patch, you now have a new directive, Pass. 
>This is identical to Redirect, except produces internal redirects instead 
>of external ones. This may be useful for other things (which is why I 
>made it a generic patch), but what it's mainly good for is
>Pass /apache/
>Which does the obvious.

I think it is neater (and more general) to have
Alias /apache/ proxy:

Although there's nothing wrong with providing 'Pass' for CERN diehards.


View raw message