httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: [PATCH] Apache as a transparent proxy
Date Thu, 23 Oct 2003 18:53:32 GMT
Tikka, Sami wrote:

> I was wondering if it would be possible to use Apache together with a Linux
> firewall to proxy HTTP even when browsers have not been configured to use a
> proxy. More specifically I was thinking of Linux firewall configured with: 
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
> addr_of_apache:port_of_apache
> The problem, of course, is that a non-proxy request (= without a full URL)
> will not be recognized as a proxy request by proxy_detect() in mod_proxy.c.
> I came up with the attached patch that seems to solve the problem. The patch
> tries to check if the Host header of the request is someone else and if so,
> construct the full URL from the Host header and other information of the
> request.
> There is one problem, though: If Apache does not have a VirtualHost directive
> in httpd.conf, it cannot detect requests meant for Apache itself. 
> Is it required to have a VirtualHost directive in httpd.conf or should I be
> using some other method to check who the request was meant for? Should there
> be an option to turn on this transparent proxy support or can it be always
> on?

I would say that if the user has a forward proxy turned on, and if 
Apache gets a request for a virtualhost that is not local to the config 
(ie it's a transparent request), then it seems reasonable for proxy to 
add the host header and the URL, and fulfil the request.

I don't see that such a thing needs any separate config of any kind - it 
would be enabled by "ProxyRequests On".


View raw message