Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 71588 invoked from network); 13 Feb 2009 06:06:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Feb 2009 06:06:28 -0000 Received: (qmail 26517 invoked by uid 500); 13 Feb 2009 06:06:21 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 26459 invoked by uid 500); 13 Feb 2009 06:06:20 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 26450 invoked by uid 99); 13 Feb 2009 06:06:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Feb 2009 22:06:20 -0800 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jeff.sadowski@gmail.com designates 209.85.221.21 as permitted sender) Received: from [209.85.221.21] (HELO mail-qy0-f21.google.com) (209.85.221.21) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Feb 2009 06:06:13 +0000 Received: by qyk14 with SMTP id 14so1482755qyk.0 for ; Thu, 12 Feb 2009 22:05:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Pcgrkwx5Ywyz7aBieF8K4qjFGJyFmCbRJwBZtJRu+7U=; b=CBVQRltO0OW4Nl5ulfDv1xzvks4/CB6RPaSoMwz0wzuGSFL4Vj9Wv/NrpjuM8UgDfI mdY9oWgJBXaumwZs96s4vsn7qI0Y8TslpBhEoSePq5ie161f9+PSVvNSHx96ac8F/XN0 39FF6+s7Ywyee6nvrId8hcR6SEqLyRBkSUahQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=psRLUmcRvEb9sPkUq8JL5VZjlI6mujwpqxiigC4LSd03v8DgipYsFTz9usVQfAtmBb esopF8ReAwoADnYkULd7VlMzHncGnzXo+drwVVmZtlRblIWMNRko59lL/epEnJFqsPk6 oOrsirW+3WbE0klVOwzs3LNh7elamfkA+zLwo= MIME-Version: 1.0 Received: by 10.224.2.138 with SMTP id 10mr2653619qaj.298.1234505152874; Thu, 12 Feb 2009 22:05:52 -0800 (PST) In-Reply-To: References: Date: Thu, 12 Feb 2009 23:05:52 -0700 Message-ID: <259313d70902122205w723a0c5fr2dafa8eee60c9a79@mail.gmail.com> Subject: Re: Transparent proxy setup works fine, but want to confirm the settings From: Jeff Sadowski To: dev@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I've never used Apache as a transparent proxy I've always used squid. On Thu, Feb 12, 2009 at 7:50 PM, Pranav Desai wrote: > Hello All, > > I am trying to setup Apache 2.2.9 as a transparent proxy. So that the > users don't have to configure their browsers. Now the URLs coming in > are relative for transparent proxy, so normally apache tries to look > it up on the filesystem and it obviously fails. So I added a > RewriteRule to convert the relative to absolute URLs. > > RewriteEngine On > RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P] > RewriteLog "logs/rewrite_log" > RewriteLogLevel 5 > > Now, it works perfectly for all traffic expect the one that is > destined for the server itself. E.g. > http://:/ > > Whenever I access the above link, the rewrite engine loops and the > server reaches the MaxClient. I have included the log below. > > So, I added some conditions to not apply the RewriteRule for HOST > destined to the server. > RewriteCond %{HTTP_HOST} !10.1.0.206.* > RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P] > > I wanted to confirm if this is the right way to do transparent proxy > or is there a better way to make it more solid ? > > Just to mention, I want it to act primarily like a proxy server, so > losing/blocking all webserver functionality is also fine, as long as I > get the /server-status page. But I dont want a single url to fail the > server. So I will be fine if there is a better way to get the > transparency working while affecting the webserver. > > Thanks for your time. > > -- Pranav > > > ============== lots of these message in the rewrite_log =============== > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite > engine with requested uri / > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern > '^/(.*)' to uri '/' > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond: > input='/' pattern='!^/server. > *' => matched > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -> > 'http://10.1.0.206:2901/' > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing > proxy-throughput with http://10.1. > 0.206:2901/ > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with > proxy request proxy:http://1 > 0.1.0.206:2901/ [OK] > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite > engine with requested uri / > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern > '^/(.*)' to uri '/' > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond: > input='/' pattern='!^/server. > *' => matched > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -> > 'http://10.1.0.206:2901/' > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing > proxy-throughput with http://10.1. > 0.206:2901/ > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with > proxy request proxy:http://1 > 0.1.0.206:2901/ [OK] >