Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 86955 invoked from network); 23 Oct 2003 18:54:16 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 23 Oct 2003 18:54:16 -0000 Received: (qmail 43467 invoked by uid 500); 23 Oct 2003 18:53:58 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 43358 invoked by uid 500); 23 Oct 2003 18:53:57 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 43338 invoked from network); 23 Oct 2003 18:53:56 -0000 Received: from unknown (HELO gatekeeper.fma.co.za) (196.30.143.210) by daedalus.apache.org with SMTP; 23 Oct 2003 18:53:56 -0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by gatekeeper.fma.co.za (Postfix) with ESMTP id DF67A33501 for ; Thu, 23 Oct 2003 20:53:32 +0200 (SAST) Received: from gatekeeper.fma.co.za ([127.0.0.1]) by localhost (gatekeeper.fma.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29170-07 for ; Thu, 23 Oct 2003 20:53:32 +0200 (SAST) Received: from sharp.fm (gatekeeper.fma.co.za [196.30.143.210]) by gatekeeper.fma.co.za (Postfix) with ESMTP id 7C24433500 for ; Thu, 23 Oct 2003 20:53:32 +0200 (SAST) Message-ID: <3F9823AC.4030206@sharp.fm> Date: Thu, 23 Oct 2003 20:53:32 +0200 From: Graham Leggett User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030807 X-Accept-Language: en-za, en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: [PATCH] Apache as a transparent proxy References: <30B026EA81B98D4082E2FD73B14CB81201C05E2C@fsfimail1.fi.f-secure.com> In-Reply-To: <30B026EA81B98D4082E2FD73B14CB81201C05E2C@fsfimail1.fi.f-secure.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at fma.co.za X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Tikka, Sami wrote: > I was wondering if it would be possible to use Apache together with a Linux > firewall to proxy HTTP even when browsers have not been configured to use a > proxy. More specifically I was thinking of Linux firewall configured with: > > /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to > addr_of_apache:port_of_apache > > The problem, of course, is that a non-proxy request (= without a full URL) > will not be recognized as a proxy request by proxy_detect() in mod_proxy.c. > > I came up with the attached patch that seems to solve the problem. The patch > tries to check if the Host header of the request is someone else and if so, > construct the full URL from the Host header and other information of the > request. > > There is one problem, though: If Apache does not have a VirtualHost directive > in httpd.conf, it cannot detect requests meant for Apache itself. > > Is it required to have a VirtualHost directive in httpd.conf or should I be > using some other method to check who the request was meant for? Should there > be an option to turn on this transparent proxy support or can it be always > on? I would say that if the user has a forward proxy turned on, and if Apache gets a request for a virtualhost that is not local to the config (ie it's a transparent request), then it seems reasonable for proxy to add the host header and the URL, and fulfil the request. I don't see that such a thing needs any separate config of any kind - it would be enabled by "ProxyRequests On". Regards, Graham --