What other functions are useful for an intranet proxy server?
An Apache proxy server situated in an intranet needs to forward external requests through the company's firewall (for this, configure the ProxyRemote directive to forward the respective scheme to the firewall proxy). However, when it has to access resources within the intranet, it can bypass the firewall when accessing hosts. The NoProxy directive is useful for specifying which hosts belong to the intranet and should be accessed directly.Users within an intranet tend to omit the local domain name from their WWW requests, thus requesting "http://somehost/" instead of "http://somehost.my.dom.ain/". Some commercial proxy servers let them get away with this and simply serve the request, implying a configured local domain. When the ProxyDomain directive is used and the server is configured for proxy service, Apache can return a redirect response and send the client to the correct, fully qualified, server address. This is the preferred method since the user's bookmark files will then contain fully qualified hosts.
ProxyRequests directive
Syntax: ProxyRequests on|offDefault:
ProxyRequests Off
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: ProxyRequests is only available in Apache 1.1 and later. This allows or prevents Apache from functioning as a forward proxy server. Setting ProxyRequests to 'off' does not disable use of the ProxyPass directive.
Warning: Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
ProxyRemote directive
Syntax: ProxyRemote match remote-serverDefault: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: ProxyRemote is only available in Apache 1.1 and later. This defines remote proxies to this proxy. match is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or '*' to indicate the server should be contacted for all requests. remote-server is a partial URL for the remote server. Syntax:
remote-server = protocol://hostname[:port]protocol is the protocol that should be used to communicate with the remote server; only "http" is supported by this module. Example:
ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000 ProxyRemote * http://cleversite.com ProxyRemote ftp http://ftpproxy.mydomain.com:8080In the last example, the proxy will forward FTP requests, encapsulated as yet another HTTP proxy request, to another proxy which can handle them.
ProxyPass directive
Syntax: ProxyPass path urlDefault: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: ProxyPass is only available in Apache 1.1 and later. This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a proxy in the conventional sense, but appears to be a mirror of the remote server. path is the name of a local virtual path; url is a partial URL for the remote server.
Suppose the local server has address http://wibble.org/; then
ProxyPass /mirror/foo/ http://foo.com/will cause a local request for the <http://wibble.org/mirror/foo/bar> to be internally converted into a proxy request to <http://foo.com/bar>.
Warning: The
ProxyRequests
directive should usually be set off when using ProxyPass
. ProxyPassReverse directive
Syntax: ProxyPassReverse path urlDefault: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: ProxyPassReverse is only available in Apache 1.3b6 and later. This directive lets Apache adjust the URL in the Location header on HTTP redirect responses. For instance this is essential when Apache is used as a reverse proxy to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.
path is the name of a local virtual path.
url is a partial URL for the remote server - the same way they are used for the ProxyPass directive.
Example:
Suppose the local server has address http://wibble.org/; then
ProxyPass /mirror/foo/ http://foo.com/ ProxyPassReverse /mirror/foo/ http://foo.com/will not only cause a local request for the <http://wibble.org/mirror/foo/bar> to be internally converted into a proxy request to <http://foo.com/bar> (the functionality ProxyPass provides here). It also takes care of redirects the server foo.com sends: when http://foo.com/bar is redirected by him to http://foo.com/quux Apache adjusts this to http://wibble.org/mirror/foo/quux before forwarding the HTTP redirect response to the client. Note that this ProxyPassReverse directive can also be used in conjunction with the proxy pass-through feature ("RewriteRule ... [P]") from mod_rewrite because its doesn't depend on a corresponding ProxyPass directive.
# # Use name-based virtual hosting. # NameVirtualHost *:80 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name.ServerName siva.example.com DocumentRoot /var/www/html ServerName siva1.example.com ProxyRequests Off ProxyPass / http://192.168.1.150/ #Wireless AP ProxyPassReverse / http://192.168.1.150/ #Order Allow,Deny Allow from all # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #
REFERENCES
http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypass