httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Vince <mich...@roq.com>
Subject [users@httpd] Using Apache2 mod_proxy as a squid replacement on FreeBSD
Date Mon, 07 Feb 2005 02:58:32 GMT
Hi All,

I have been trying to setup Apache2 as a squid replacement, it all works 
great except for the fact I simply can't make it transparent with 
"packet filter" redirection rules.

If I put in the proxy address as in 'ip address and port 8080' in the 
proxy settings of the web browser it works fine but as soon as I try to 
use it in transparent mode via PF redirection rules apache seems to stop 
proxying and tries to serve http requests from the server it self and 
not try and be a proxy which its purely configured to do.

I have my configuration below, this is a simple version for readability 
I tried a dozen different configs trying to make it work in transparent 
mode such as disabling or enabling virtual host.
My main aim is to just cache things above 1meg in size to keep overall 
speed and just save bandwidth on the big stuff.

I am using apache 2.0.52 using portupgrade.  Used something like 
portupgrade -f -m '-DWITH_PROXY_MODULES' /usr/ports/www/apache2
I am on FreeBSD 5.3 release sparc64 port with packet filter NAT firewall.

#
ServerRoot "/usr/local"
MaxKeepAliveRequests 200

Listen 80
Listen 8080

#
LoadModule access_module libexec/apache2/mod_access.so
LoadModule auth_module libexec/apache2/mod_auth.so
LoadModule auth_anon_module libexec/apache2/mod_auth_anon.so
LoadModule auth_dbm_module libexec/apache2/mod_auth_dbm.so
#LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
#LoadModule file_cache_module libexec/apache2/mod_file_cache.so
LoadModule charset_lite_module libexec/apache2/mod_charset_lite.so
LoadModule cache_module libexec/apache2/mod_cache.so
LoadModule disk_cache_module libexec/apache2/mod_disk_cache.so
LoadModule include_module libexec/apache2/mod_include.so
LoadModule deflate_module libexec/apache2/mod_deflate.so
LoadModule log_config_module libexec/apache2/mod_log_config.so
LoadModule logio_module libexec/apache2/mod_logio.so
LoadModule env_module libexec/apache2/mod_env.so
LoadModule mime_magic_module libexec/apache2/mod_mime_magic.so
LoadModule cern_meta_module libexec/apache2/mod_cern_meta.so
LoadModule expires_module libexec/apache2/mod_expires.so
LoadModule headers_module libexec/apache2/mod_headers.so
LoadModule usertrack_module libexec/apache2/mod_usertrack.so
LoadModule unique_id_module libexec/apache2/mod_unique_id.so
LoadModule setenvif_module libexec/apache2/mod_setenvif.so
LoadModule proxy_module libexec/apache2/mod_proxy.so
LoadModule proxy_connect_module libexec/apache2/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/apache2/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
<IfDefine SSL>
LoadModule ssl_module libexec/apache2/mod_ssl.so
</IfDefine>
LoadModule mime_module libexec/apache2/mod_mime.so
#LoadModule dav_module libexec/apache2/mod_dav.so
LoadModule status_module libexec/apache2/mod_status.so
LoadModule autoindex_module libexec/apache2/mod_autoindex.so
LoadModule asis_module libexec/apache2/mod_asis.so
LoadModule info_module libexec/apache2/mod_info.so
LoadModule cgi_module libexec/apache2/mod_cgi.so
#LoadModule dav_fs_module libexec/apache2/mod_dav_fs.so
LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache2/mod_negotiation.so
LoadModule dir_module libexec/apache2/mod_dir.so
LoadModule imap_module libexec/apache2/mod_imap.so
LoadModule actions_module libexec/apache2/mod_actions.so
LoadModule speling_module libexec/apache2/mod_speling.so
LoadModule userdir_module libexec/apache2/mod_userdir.so
LoadModule alias_module libexec/apache2/mod_alias.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so

UseCanonicalName Off
HostnameLookups Off

ErrorLog /var/log/httpd-error.log
LogLevel warn

LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

CustomLog /var/log/httpd-access.log combined

ServerTokens Prod

#ProxyRemote * http://127.0.0.1:8080

ServerSignature On

#<VirtualHost 127.0.0.1:8080>
<VirtualHost 192.168.46.250:8080>
    ProxyRequests On
    ErrorLog /var/log/httpd/proxy-error
    CustomLog /var/log/httpd/proxy_access.log combined
    CacheEnable disk /
    CacheRoot "/usr/local/www/cache/"

# CacheSize in Kilobytes (21gigs)
    CacheSize 21368482
    CacheDirLevels 6
    CacheDirLength 3

# Max (1900megs) and CacheMinFileSize (1megs) in Bytes
    CacheMinFileSize 1000000
    CacheMaxFileSize 1900000000
</VirtualHost>


Here are my transparent proxy rules of my /etc/pf.rules for packet filter.
# Transparent Proxy
#rdr on $int_if proto tcp from 192.168.46.42 to any port www -> 127.0.0.1 port 8080
rdr on $int_if proto tcp from 192.168.46.42 to any port www -> 127.0.0.1 port 8080
#rdr on $int_if proto tcp from 192.168.46.42 to any port www -> 192.168.46.250 port 8080
#rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 8080

#pass in on $int_if inet proto tcp from any to 127.0.0.1 port 8080 keep state
#pass in on $int_if inet proto tcp from any to 192.168.46.250 port 8080 keep state
#pass out on $ext_if inet proto tcp from any to any port www keep state



Http proxy_access.log when trying it in transparent mode via PF
192.168.46.42 - - [07/Feb/2005:12:41:38 +1100] "GET / HTTP/1.1" 404 278 "-" "Mozilla/5.0 (X11;
U; FreeBSD amd64; en-US; rv:1.7.5) Gecko/20050128"
192.168.46.42 - - [07/Feb/2005:12:41:38 +1100] "GET / HTTP/1.1" 404 278 "-" "Mozilla/5.0 (X11;
U; FreeBSD amd64; en-US; rv:1.7.5) Gecko/20050128"
192.168.46.42 - - [07/Feb/2005:12:41:38 +1100] "GET / HTTP/1.1" 404 278 "-" "Mozilla/5.0 (X11;
U; FreeBSD amd64; en-US; rv:1.7.5) Gecko/20050128"

As I said above if i put the proxy address and port in my web browser settings it all works
fine, but it looks like if I try and do transparent redirection apache tries to serve it as
local content no matter what I do, and its hard to get people to use it with out it being
transparent so I really want to do it that way.


If any one can help me out with this I would ultra appreciate it :)

Regards,
Michael





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message