httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tikka, Sami" <Sami.Ti...@F-Secure.com>
Subject [PATCH] Apache as a transparent proxy
Date Wed, 22 Oct 2003 14:23:28 GMT
I was wondering if it would be possible to use Apache together with a Linux
firewall to proxy HTTP even when browsers have not been configured to use a
proxy. More specifically I was thinking of Linux firewall configured with: 

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
addr_of_apache:port_of_apache

The problem, of course, is that a non-proxy request (= without a full URL)
will not be recognized as a proxy request by proxy_detect() in mod_proxy.c.

I came up with the attached patch that seems to solve the problem. The patch
tries to check if the Host header of the request is someone else and if so,
construct the full URL from the Host header and other information of the
request.

There is one problem, though: If Apache does not have a VirtualHost directive
in httpd.conf, it cannot detect requests meant for Apache itself. 

Is it required to have a VirtualHost directive in httpd.conf or should I be
using some other method to check who the request was meant for? Should there
be an option to turn on this transparent proxy support or can it be always
on?

-- 
Sami Tikka, senior software engineer, F-Secure Corporation
tel: +358 9 2520 5115, fax: +358 9 2520 5015
http://www.F-Secure.com
F-Secure: Securing the Mobile Enterprise

Mime
View raw message