httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Transparent Proxy Server Installation
Date Thu, 23 Jul 2009 09:27:17 GMT
Brian Kim wrote:
> Hi all.
> 
> The basic configuration is as follows
> 
>   (1)               (2)                       (3)                    (4)
> Users -------- switch -------- (eth2 ------ eth0) ------ WWW
> 
> 
> Users located in (1) will access WWW via http Apache server in (3).
> 
> For non-transparent proxy, every user across the proxy has to set up
> proxy configuration
> 
> by putting proxy IP address. Again, I just want to make users access
> WWW without the setup.
> 
> In other words, (3) proxy should be transparent.
> 

I think there might be a flaw in your thinking above.
Most probably, the real setup is not *only* what you indicate above.
In reality, it is like this :

 >   (1)               (2)                       (3)                    (4)
 > Users -------- switch -------- (eth2 ------ eth0) ------ WWW
                     |
                  (router)
                     |
                    WWW

In other words, when the user enters "http://www.google.com" in the URL 
bar of his browser, what happens is :

- the browser does a DNS lookup for "www.google.com", and obtains an IP 
address. Say this is : 74.125.39.99  (just guessing).

- then the browser sets up a TCP connection with the IP address 
74.125.39.99, port 80, and sends a HTTP request like :
GET / HTTP/1.1
Host: www.google.com

on that connection

- most likely, this TCP connection goes through (router), not through 
(eth2--eth0).  That is because the users workstations probably have 
"(router)" set up as their default gateway (at the TCP network setup 
level, not at the browser level).

If you do not "tell" these browsers that for HTTP connections, they have 
to use "(eth2--eth0)" as a "proxy", then how are they going to know any 
different ?






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message