httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Sutherland <>
Subject Re: [module porting] mod_proxy
Date Wed, 15 Mar 2000 10:37:49 GMT
On Wed, 15 Mar 2000, Graham Leggett wrote:

> James Sutherland wrote:
> > Sorry - I wasn't meaning a full-blown proxy. Rather, I was thinking in
> > terms of the setup many big Apache installations use - a reverse proxy
> > front-end, with "full size" Apache backend servers. This proxy doesn't
> > handle FTP, or indeed connections to anything other than the backend
> > Apache daemons.
> I have this exact setup running here.

Except that you are using Apache, and using it to do caching and logging
as well.

> > Neither case calls for a full Apache server for the front end - the
> > latter, in particular, is nothing more than a buffered relay, but for the
> > ability to pass information like the remote IP address etc. to the backend
> > machines. Squid comes fairly close, but can't handle the encryption for
> > the first case, and isn't transparent - the backend boxes see and log
> > incoming connections from the front-end, not from the client.
> The back end boxes need not see the client IP addresses, they shouldn't
> be doing the logging in the first place, as the caching effect of the
> frontend proxy would make the logs inaccurate.

If the front-end is doing caching, then yes. You then also have to do any
IP based access control on the front-end, along with logging, parsing

> We use a front end Apache setup to hide an whole assortment of NT
> machines, Unix machines, NSES webservers, Infoseek, etc. None of these
> backend boxes do any logging at all - it's all done on the front end.
> Suddenly what was a huge problem collating log files in different
> formats and on different machines became a simple one - we log in one
> place, and in one format.
> Multi-tier webserver architectures are normally suggested for load
> balancing and failover, but their best use is website management.

Yes, this sounds like a good arrangement - but Apache isn't ideally suited
to this, IMO...

Trying to add encryption support to this, for example, could be quite


View raw message