httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "JeHo Park" <jhp...@elim.net>
Subject Re: [PATCH] tproxy2 patch to the apache 2.2.15
Date Wed, 04 Aug 2010 05:21:31 GMT
hello Daniel 
thanks your interest. 

----- Original Message ----- 
From: "Daniel Ruggeri" <DRuggeri@primary.net>
To: <dev@httpd.apache.org>
Sent: Wednesday, August 04, 2010 9:11 AM
Subject: Re: [PATCH] tproxy2 patch to the apache 2.2.15


> On 8/3/2010 9:57 AM, JeHo Park wrote:
>> hello ~
>> it's my first mail to apache dev .. and i am beginner of the apache. :-)
>> Anyway ... recently, i wrote transparent proxy [tproxy2] patch to the
>> httpd-2.2.15
>> because i needed web proxy and needed to know the source address of
>> any client who try to connect to my web server
>> and after all, i tested the performance of my patched tproxy with
>> AVALANCHE 2900. if anyone ask me the performance result, i will send
>> it to him [the size of the test result pdf is big size]
>> *- here is the platform infomation this patch applied ---*
>> 1. OS
>> CentOS release 5.2 (Final)
>> 2. KERNEL
>> Linux version 2.6.18-194.el5-tproxy2 (root@localhost.localdomain
>> <mailto:root@localhost.localdomain>)
>> (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46))
>> #10 SMP Wed May 26 17:35:19 KST 2010
>> 3. iptables
>> iptables-1.3.8 + tproxy2 supporting patch
>> *-- here is the usage of tproxy2 patched httpd configuration ---*
>> httpd.conf
>> <VirtualHost 192.168.200.1:80>
>> ProxyTproxy On # On/Off flag
>> ProxyTPifaddr 192.168.200.1 # IP address of bridge interface br0.
>> example) br0 = eth0 + eth1 ....
>> </VirtualHost>
>> i attach the kernel tproxy2 patch to the kernel
>> above[2.6.18-194.el5-tproxy2 ], httpd-2.2.15 tproxy2 patch and kernel
>> configuration for tproxy2
>> above all, i want to know my patch is available or not .. and want
>> feedback from anyone :-)
> 
> JeHo;
> Hi, can you help me understand what the usage case is for this patch?

as far as i know, there is another modules for IP transparency for example 
tproxy4 and X-Forwarded-For ...etc. but tproxy4 is only  available from kernel version 2.6.24
and above
X-Forwarded-For make the L3, L4 security box unavailable, 
because the main function of the x-Forwarded-for is to make the web server know client IP
address,
we can't sure whether there are some another security box [L3, L4 ..firewall ]
between the proxy and web server, in this point, X-Forwarded-For make the security box unavailable.


> What service or capability does it provide that is not currently available?
i just tested the patch in my local network. it worked right and i did performance test with
the avalanche.
but i didn't test it in field .. and various network environment. so i hope so many people
use, test this patch 



> --
> Daniel Ruggeri
>
Mime
View raw message