1
<?xml version="1.0" encoding="ISO-8859-1"?>
2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5
This file is generated from xml source: DO NOT EDIT
6
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8
<title>mod_proxy - Apache HTTP Server</title>
9
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
12
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
14
<div id="page-header">
15
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
16
<p class="apache">Apache HTTP Server Version 2.2</p>
17
<img alt="" src="../images/feather.gif" /></div>
18
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
20
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.2</a> > <a href="./">Modules</a></div>
21
<div id="page-content">
22
<div id="preamble"><h1>Apache Module mod_proxy</h1>
24
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
25
<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
27
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>HTTP/1.1 proxy/gateway server</td></tr>
28
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
29
<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>proxy_module</td></tr>
30
<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_proxy.c</td></tr></table>
33
<div class="warning"><h3>Warning</h3>
34
<p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous both to your
35
network and to the Internet at large.</p>
38
<p>This module implements a proxy/gateway for Apache. It implements
39
proxying capability for <code>AJP13</code> (Apache JServe Protocol
40
version 1.3), <code>FTP</code>, <code>CONNECT</code> (for SSL),
41
<code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and <code>HTTP/1.1</code>.
42
The module can be configured to connect to other proxy modules for these
43
and other protocols.</p>
45
<p>Apache's proxy features are divided into several modules in
46
addition to <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>:
47
<code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>, <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>,
48
<code class="module"><a href="../mod/mod_proxy_ajp.html">mod_proxy_ajp</a></code>, <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code>,
49
and <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code>. Thus, if you want to use
50
one or more of the particular proxy functions, load
51
<code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> <em>and</em> the appropriate module(s)
52
into the server (either statically at compile-time or dynamically
53
via the <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>
56
<p>In addition, extended features are provided by other modules.
57
Caching is provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and related
58
modules. The ability to contact remote servers using the SSL/TLS
59
protocol is provided by the <code>SSLProxy*</code> directives of
60
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need
61
to be loaded and configured to take advantage of these features.</p>
63
<div id="quickview"><h3 class="directives">Directives</h3>
65
<li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
66
<li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
67
<li><img alt="" src="../images/down.gif" /> <a href="#proxy"><Proxy></a></li>
68
<li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
69
<li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
70
<li><img alt="" src="../images/down.gif" /> <a href="#proxydomain">ProxyDomain</a></li>
71
<li><img alt="" src="../images/down.gif" /> <a href="#proxyerroroverride">ProxyErrorOverride</a></li>
72
<li><img alt="" src="../images/down.gif" /> <a href="#proxyiobuffersize">ProxyIOBufferSize</a></li>
73
<li><img alt="" src="../images/down.gif" /> <a href="#proxymatch"><ProxyMatch></a></li>
74
<li><img alt="" src="../images/down.gif" /> <a href="#proxymaxforwards">ProxyMaxForwards</a></li>
75
<li><img alt="" src="../images/down.gif" /> <a href="#proxypass">ProxyPass</a></li>
76
<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreverse">ProxyPassReverse</a></li>
77
<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiedomain">ProxyPassReverseCookieDomain</a></li>
78
<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiepath">ProxyPassReverseCookiePath</a></li>
79
<li><img alt="" src="../images/down.gif" /> <a href="#proxypreservehost">ProxyPreserveHost</a></li>
80
<li><img alt="" src="../images/down.gif" /> <a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
81
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremote">ProxyRemote</a></li>
82
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremotematch">ProxyRemoteMatch</a></li>
83
<li><img alt="" src="../images/down.gif" /> <a href="#proxyrequests">ProxyRequests</a></li>
84
<li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li>
85
<li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li>
89
<li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward and Reverse Proxies</a></li>
90
<li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
91
<li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
92
<li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
93
<li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
94
<li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
95
<li><img alt="" src="../images/down.gif" /> <a href="#request-bodies">Request Bodys</a></li>
96
</ul><h3>See also</h3>
98
<li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
99
<li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li>
100
<li><code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code></li>
101
<li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li>
102
<li><code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></li>
103
<li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
105
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
106
<div class="section">
107
<h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h2>
108
<p>Apache can be configured in both a <dfn>forward</dfn> and
109
<dfn>reverse</dfn> proxy mode.</p>
111
<p>An ordinary <dfn>forward proxy</dfn> is an intermediate
112
server that sits between the client and the <em>origin
113
server</em>. In order to get content from the origin server,
114
the client sends a request to the proxy naming the origin server
115
as the target and the proxy then requests the content from the
116
origin server and returns it to the client. The client must be
117
specially configured to use the forward proxy to access other
120
<p>A typical usage of a forward proxy is to provide Internet
121
access to internal clients that are otherwise restricted by a
122
firewall. The forward proxy can also use caching (as provided
123
by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
125
<p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
126
forward proxys allow clients to access arbitrary sites through
127
your server and to hide their true origin, it is essential that
128
you <a href="#access">secure your server</a> so that only
129
authorized clients can access the proxy before activating a
132
<p>A <dfn>reverse proxy</dfn>, by contrast, appears to the
133
client just like an ordinary web server. No special
134
configuration on the client is necessary. The client makes
135
ordinary requests for content in the name-space of the reverse
136
proxy. The reverse proxy then decides where to send those
137
requests, and returns the content as if it was itself the
140
<p>A typical usage of a reverse proxy is to provide Internet
141
users access to a server that is behind a firewall. Reverse
142
proxies can also be used to balance load among several back-end
143
servers, or to provide caching for a slower back-end server.
144
In addition, reverse proxies can be used simply to bring
145
several servers into the same URL space.</p>
147
<p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
148
<code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
149
<strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
150
configure a reverse proxy.</p>
151
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
152
<div class="section">
153
<h2><a name="examples" id="examples">Basic Examples</a></h2>
155
<p>The examples below are only a very basic idea to help you
156
get started. Please read the documentation on the individual
159
<p>In addition, if you wish to have caching enabled, consult
160
the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
162
<div class="example"><h3>Forward Proxy</h3><p><code>
163
ProxyRequests On<br />
166
<Proxy *><br />
167
<span class="indent">
168
Order deny,allow<br />
170
Allow from internal.example.com<br />
175
<div class="example"><h3>Reverse Proxy</h3><p><code>
176
ProxyRequests Off<br />
178
<Proxy *><br />
179
<span class="indent">
180
Order deny,allow<br />
185
ProxyPass /foo http://foo.example.com/bar<br />
186
ProxyPassReverse /foo http://foo.example.com/bar
188
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
189
<div class="section">
190
<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
191
<p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
192
the following example:</p>
194
<div class="example"><p><code>
195
<Proxy *><br />
196
<span class="indent">
197
Order Deny,Allow<br />
199
Allow from 192.168.0<br />
204
<p>For more information on access control directives, see
205
<code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
207
<p>Strictly limiting access is essential if you are using a
208
forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
209
Otherwise, your server can be used by any client to access
210
arbitrary hosts while hiding his or her true identity. This is
211
dangerous both for your network and for the Internet at large.
212
When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
213
<code>ProxyRequests Off</code>), access control is less
214
critical because clients can only contact the hosts that you
215
have specifically configured.</p>
217
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
218
<div class="section">
219
<h2><a name="startup" id="startup">Slow Startup</a></h2>
220
<p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
221
and cached during startup for later match test. This may take a few
222
seconds (or more) depending on the speed with which the hostname lookups
224
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
225
<div class="section">
226
<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
227
<p>An Apache proxy server situated in an intranet needs to forward
228
external requests through the company's firewall (for this, configure
229
the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
230
to forward the respective <var>scheme</var> to the firewall proxy).
231
However, when it has to
232
access resources within the intranet, it can bypass the firewall when
233
accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
234
directive is useful for specifying which hosts belong to the intranet and
235
should be accessed directly.</p>
237
<p>Users within an intranet tend to omit the local domain name from their
238
WWW requests, thus requesting "http://somehost/" instead of
239
<code>http://somehost.example.com/</code>. Some commercial proxy servers
240
let them get away with this and simply serve the request, implying a
241
configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
242
a redirect response and send the client to the correct, fully qualified,
243
server address. This is the preferred method since the user's bookmark
244
files will then contain fully qualified hosts.</p>
245
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
246
<div class="section">
247
<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
248
<p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
249
requests to an origin server that doesn't properly implement
250
keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
251
request to use HTTP/1.0 with no keepalive. These are set via the
252
<code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
254
<p>These are the <code>force-proxy-request-1.0</code> and
255
<code>proxy-nokeepalive</code> notes.</p>
257
<div class="example"><p><code>
258
<Location /buggyappserver/><br />
259
<span class="indent">
260
ProxyPass http://buggyappserver:7001/foo/<br />
261
SetEnv force-proxy-request-1.0 1<br />
262
SetEnv proxy-nokeepalive 1<br />
267
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
268
<div class="section">
269
<h2><a name="request-bodies" id="request-bodies">Request Bodys</a></h2>
271
<p>Some request methods such as POST include a request body.
272
The HTTP protocol requires that requests which include a body
273
either use chunked transfer encoding or send a
274
<code>Content-Length</code> request header. When passing these
275
requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
276
will always attempt to send the <code>Content-Length</code>. But
277
if the body is large and the original request used chunked
278
encoding, then chunked encoding may also be used in the upstream
279
request. You can control this selection using <a href="../env.html">environment variables</a>. Setting
280
<code>proxy-sendcl</code> ensures maximum compatibility with
281
upstream servers by always sending the
282
<code>Content-Length</code>, while setting
283
<code>proxy-sendchunked</code> minimizes resource usage by using
284
chunked encoding.</p>
287
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
288
<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
289
<table class="directive">
290
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
292
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr>
293
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
294
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
295
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
296
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
298
<p>The <code class="directive">AllowCONNECT</code> directive specifies a list
299
of port numbers to which the proxy <code>CONNECT</code> method may
300
connect. Today's browsers use this method when a <code>https</code>
301
connection is requested and proxy tunneling over HTTP is in effect.</p>
303
<p>By default, only the default https port (<code>443</code>) and the
304
default snews port (<code>563</code>) are enabled. Use the
305
<code class="directive">AllowCONNECT</code> directive to override this default and
306
allow connections to the listed ports only.</p>
308
<p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present
309
in the server in order to get the support for the <code>CONNECT</code> at
313
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
314
<div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
315
<table class="directive">
316
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
318
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
319
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
320
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
321
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
323
<p>This directive is only useful for Apache proxy servers within
324
intranets. The <code class="directive">NoProxy</code> directive specifies a
325
list of subnets, IP addresses, hosts and/or domains, separated by
326
spaces. A request to a host which matches one or more of these is
327
always served directly, without forwarding to the configured
328
<code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
330
<div class="example"><h3>Example</h3><p><code>
331
ProxyRemote * http://firewall.mycompany.com:81<br />
332
NoProxy .mycompany.com 192.168.112.0/21
335
<p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
336
directive are one of the following type list:</p>
340
<dt><var><a name="domain" id="domain">Domain</a></var></dt>
342
<p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
343
by a period. It represents a list of hosts which logically belong to the
344
same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
345
all ending in <var>Domain</var>).</p>
347
<div class="example"><h3>Examples</h3><p><code>
351
<p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
352
have a DNS A record, too!), <var>Domain</var>s are always written with a
355
<div class="note"><h3>Note</h3>
356
<p>Domain name comparisons are done without regard to the case, and
357
<var>Domain</var>s are always assumed to be anchored in the root of the
358
DNS tree, therefore two domains <code>.MyDomain.com</code> and
359
<code>.mydomain.com.</code> (note the trailing period) are considered
360
equal. Since a domain comparison does not involve a DNS lookup, it is much
361
more efficient than subnet comparison.</p>
365
<dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
367
<p>A <dfn>SubNet</dfn> is a partially qualified internet address in
368
numeric (dotted quad) form, optionally followed by a slash and the netmask,
369
specified as the number of significant bits in the <var>SubNet</var>. It is
370
used to represent a subnet of hosts which can be reached over a common
371
network interface. In the absence of the explicit net mask it is assumed
372
that omitted (or zero valued) trailing digits specify the mask. (In this
373
case, the netmask can only be multiples of 8 bits wide.) Examples:</p>
376
<dt><code>192.168</code> or <code>192.168.0.0</code></dt>
377
<dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
378
(sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
379
<dt><code>192.168.112.0/21</code></dt>
380
<dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
381
valid bits (also used in the form <code>255.255.248.0</code>)</dd>
384
<p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
385
equivalent to an <var><a href="#ipadr">IPAddr</a></var>, while a <var>SubNet</var> with zero
386
valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
387
<var>_Default_</var>, matching any IP address.</p></dd>
390
<dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
392
<p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
393
numeric (dotted quad) form. Usually, this address represents a host, but
394
there need not necessarily be a DNS domain name connected with the
396
<div class="example"><h3>Example</h3><p><code>
400
<div class="note"><h3>Note</h3>
401
<p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
402
it can result in more effective apache performance.</p>
406
<dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
408
<p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
409
be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
410
DNS domain name service. It represents a logical host (in contrast to
411
<var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
412
to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
413
of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>
415
<div class="example"><h3>Examples</h3><p><code>
416
prep.ai.mit.edu<br />
420
<div class="note"><h3>Note</h3>
421
<p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
422
DNS lookup can be avoided. Name resolution in Apache can take a remarkable
423
deal of time when the connection to the name server uses a slow PPP
425
<p><var>Hostname</var> comparisons are done without regard to the case,
426
and <var>Hostname</var>s are always assumed to be anchored in the root
427
of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
428
and <code>www.mydomain.com.</code> (note the trailing period) are
429
considered equal.</p>
435
<li><a href="../dns-caveats.html">DNS Issues</a></li>
438
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
439
<div class="directive-section"><h2><a name="Proxy" id="Proxy"><Proxy></a> <a name="proxy" id="proxy">Directive</a></h2>
440
<table class="directive">
441
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
442
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <var>wildcard-url</var>> ...</Proxy></code></td></tr>
443
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
444
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
445
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
447
<p>Directives placed in <code class="directive"><Proxy></code>
448
sections apply only to matching proxied content. Shell-style wildcards are
451
<p>For example, the following will allow only hosts in
452
<code>yournetwork.example.com</code> to access content via your proxy
455
<div class="example"><p><code>
456
<Proxy *><br />
457
<span class="indent">
458
Order Deny,Allow<br />
460
Allow from yournetwork.example.com<br />
465
<p>The following example will process all files in the <code>foo</code>
466
directory of <code>example.com</code> through the <code>INCLUDES</code>
467
filter when they are sent through the proxy server:</p>
469
<div class="example"><p><code>
470
<Proxy http://example.com/foo/*><br />
471
<span class="indent">
472
SetOutputFilter INCLUDES<br />
479
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
480
<div class="directive-section"><h2><a name="ProxyBadHeader" id="ProxyBadHeader">ProxyBadHeader</a> <a name="proxybadheader" id="proxybadheader">Directive</a></h2>
481
<table class="directive">
482
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how to handle bad header lines in a
484
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBadHeader IsError|Ignore|StartBody</code></td></tr>
485
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyBadHeader IsError</code></td></tr>
486
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
487
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
488
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
489
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>available in Apache 2.0.44 and later</td></tr>
491
<p>The <code class="directive">ProxyBadHeader</code> directive determines the
492
behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> if it receives syntactically invalid
493
header lines (<em>i.e.</em> containing no colon). The following arguments
497
<dt><code>IsError</code></dt>
498
<dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
499
the default behaviour.</dd>
501
<dt><code>Ignore</code></dt>
502
<dd>Treat bad header lines as if they weren't sent.</dd>
504
<dt><code>StartBody</code></dt>
505
<dd>When receiving the first bad header line, finish reading the headers and
506
treat the remainder as body. This helps to work around buggy backend servers
507
which forget to insert an empty line between the headers and the body.</dd>
511
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
512
<div class="directive-section"><h2><a name="ProxyBlock" id="ProxyBlock">ProxyBlock</a> <a name="proxyblock" id="proxyblock">Directive</a></h2>
513
<table class="directive">
514
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Words, hosts, or domains that are banned from being
516
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<var>word</var>|<var>host</var>|<var>domain</var>
517
[<var>word</var>|<var>host</var>|<var>domain</var>] ...</code></td></tr>
518
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
519
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
520
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
522
<p>The <code class="directive">ProxyBlock</code> directive specifies a list of
523
words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
524
FTP document requests to sites whose names contain matched words,
525
hosts or domains are <em>blocked</em> by the proxy server. The proxy
526
module will also attempt to determine IP addresses of list items which
527
may be hostnames during startup, and cache them for match test as
528
well. That may slow down the startup time of the server.</p>
530
<div class="example"><h3>Example</h3><p><code>
531
ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
534
<p><code>rocky.wotsamattau.edu</code> would also be matched if referenced by
537
<p>Note that <code>wotsamattau</code> would also be sufficient to match
538
<code>wotsamattau.edu</code>.</p>
540
<p>Note also that</p>
542
<div class="example"><p><code>
546
<p>blocks connections to all sites.</p>
549
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
550
<div class="directive-section"><h2><a name="ProxyDomain" id="ProxyDomain">ProxyDomain</a> <a name="proxydomain" id="proxydomain">Directive</a></h2>
551
<table class="directive">
552
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default domain name for proxied requests</td></tr>
553
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <var>Domain</var></code></td></tr>
554
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
555
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
556
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
558
<p>This directive is only useful for Apache proxy servers within
559
intranets. The <code class="directive">ProxyDomain</code> directive specifies
560
the default domain which the apache proxy server will belong to. If a
561
request to a host without a domain name is encountered, a redirection
562
response to the same host with the configured <var>Domain</var> appended
563
will be generated.</p>
565
<div class="example"><h3>Example</h3><p><code>
566
ProxyRemote * http://firewall.mycompany.com:81<br />
567
NoProxy .mycompany.com 192.168.112.0/21<br />
568
ProxyDomain .mycompany.com
572
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
573
<div class="directive-section"><h2><a name="ProxyErrorOverride" id="ProxyErrorOverride">ProxyErrorOverride</a> <a name="proxyerroroverride" id="proxyerroroverride">Directive</a></h2>
574
<table class="directive">
575
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Override error pages for proxied content</td></tr>
576
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyErrorOverride On|Off</code></td></tr>
577
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyErrorOverride Off</code></td></tr>
578
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
579
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
580
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
581
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0 and later</td></tr>
583
<p>This directive is useful for reverse-proxy setups, where you want to
584
have a common look and feel on the error pages seen by the end user.
585
This also allows for included files (via
586
<code class="module"><a href="../mod/mod_include.html">mod_include</a></code>'s SSI) to get
587
the error code and act accordingly (default behavior would display
588
the error page of the proxied server, turning this on shows the SSI
592
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
593
<div class="directive-section"><h2><a name="ProxyIOBufferSize" id="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize" id="proxyiobuffersize">Directive</a></h2>
594
<table class="directive">
595
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determine size of internal data throughput buffer</td></tr>
596
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <var>bytes</var></code></td></tr>
597
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyIOBufferSize 8192</code></td></tr>
598
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
599
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
600
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
602
<p>The <code class="directive">ProxyIOBufferSize</code> directive adjusts the size
603
of the internal buffer, which is used as a scratchpad for the data between
604
input and output. The size must be less or equal <code>8192</code>.</p>
606
<p>In almost every case there's no reason to change that value.</p>
609
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
610
<div class="directive-section"><h2><a name="ProxyMatch" id="ProxyMatch"><ProxyMatch></a> <a name="proxymatch" id="proxymatch">Directive</a></h2>
611
<table class="directive">
612
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to regular-expression-matched
613
proxied resources</td></tr>
614
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <var>regex</var>> ...</ProxyMatch></code></td></tr>
615
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
616
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
617
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
619
<p>The <code class="directive"><ProxyMatch></code> directive is
620
identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
621
using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
624
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
625
<div class="directive-section"><h2><a name="ProxyMaxForwards" id="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards" id="proxymaxforwards">Directive</a></h2>
626
<table class="directive">
627
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximium number of proxies that a request can be forwarded
629
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <var>number</var></code></td></tr>
630
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards 10</code></td></tr>
631
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
632
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
633
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
634
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later</td></tr>
636
<p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
637
maximum number of proxies through which a request may pass, if there's no
638
<code>Max-Forwards</code> header supplied with the request. This is
639
set to prevent infinite proxy loops, or a DoS attack.</p>
641
<div class="example"><h3>Example</h3><p><code>
646
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
647
<div class="directive-section"><h2><a name="ProxyPass" id="ProxyPass">ProxyPass</a> <a name="proxypass" id="proxypass">Directive</a></h2>
648
<table class="directive">
649
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space</td></tr>
650
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var> <var>key=value</var> ...]]</code></td></tr>
651
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
652
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
653
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
655
<p>This directive allows remote servers to be mapped into the space of
656
the local server; the local server does not act as a proxy in the
657
conventional sense, but appears to be a mirror of the remote
658
server. <var>path</var> is the name of a local virtual path; <var>url</var>
659
is a partial URL for the remote server and cannot include a query
662
<div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
663
usually be set <strong>off</strong> when using
664
<code class="directive">ProxyPass</code>.</div>
666
<p>Suppose the local server has address <code>http://example.com/</code>;
669
<div class="example"><p><code>
670
ProxyPass /mirror/foo/ http://backend.example.com/
673
<p>will cause a local request for
674
<code>http://example.com/mirror/foo/bar</code> to be internally converted
675
into a proxy request to <code>http://backend.example.com/bar</code>.</p>
677
<p>The <code>!</code> directive is useful in situations where you don't want
678
to reverse-proxy a subdirectory, <em>e.g.</em></p>
680
<div class="example"><p><code>
681
ProxyPass /mirror/foo/i !<br />
682
ProxyPass /mirror/foo http://backend.example.com
685
<p>will proxy all requests to <code>/mirror/foo</code> to
686
<code>backend.example.com</code> <em>except</em> requests made to
687
<code>/mirror/foo/i</code>.</p>
689
<div class="note"><h3>Note</h3>
690
<p>Order is important. you need to put the exclusions <em>before</em> the
691
general <code class="directive">ProxyPass</code> directive.</p>
694
<p>As of Apache 2.1, the ability to use pooled connections to a backend
695
server is available. Using the <code>key=value</code> parameters it is
696
possible to tune this connection pooling. The default for a <code>Hard
697
Maximum</code> for the number of connections is the number of threads per
698
process in the active MPM. In the Prefork MPM, this is always 1, while with
699
the Worker MPM it is controlled by the
700
<code class="directive">ThreadsPerChild</code>.</p>
702
<p>Setting <code>min</code> will determine how many connections will always
703
be open to the backend server. Upto the Soft Maximum or <code>smax</code>
704
number of connections will be created on demand. Any connections above
705
<code>smax</code> are subject to a time to live or <code>ttl</code>. Apache
706
will never create more than the Hard Maximum or <code>max</code> connections
707
to the backend server.</p>
709
<div class="example"><p><code>
710
ProxyPass /example http://backend.example.com smax=5 max=20 ttl=120 retry=300
714
<tr><th>Parameter</th>
716
<th>Description</th></tr>
719
<td>Minumum number of connections that will always
720
be open to the backend server.</td></tr>
723
<td>Hard Maximum number of connections that will be
724
allowed to the backend server. The default for a Hard Maximum
725
for the number of connections is the number of threads per process in the
726
active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
727
it is controlled by the <code class="directive">ThreadsPerChild</code>.
728
Apache will never create more than the Hard Maximum connections
729
to the backend server.</td></tr>
732
<td>Upto the Soft Maximum
733
number of connections will be created on demand. Any connections above
734
<code>smax</code> are subject to a time to live or <code>ttl</code>.
738
<td>Time To Live for the inactive connections above the
739
<code>smax</code> connections in seconds. Apache will close all
740
connections that has not been used inside that time period.
743
<td><code class="directive">Timeout</code></td>
744
<td>Connection timeout in seconds.
745
If not set the Apache will wait until the free connection
746
is available. This directive is used for limiting the number
747
of connections to the backend server together with <code>max</code>
752
<td>If set this will be the maximum time to wait for a free
753
connection in the connection pool. If there are no free connections
754
in the pool the Apache will return <code>SERVER_BUSY</code> status to
757
<tr><td>keepalive</td>
759
<td>This parameter should be used when you have a firewall between your
760
Apache and the backend server, who tend to drop inactive connections.
761
This flag will tell the Operating System to send <code>KEEP_ALIVE</code>
762
messages on inactive connections (interval depends on global OS settings,
763
generally 120ms), and thus prevent the firewall to drop the connection.
764
To enable keepalive set this property value to <code>On</code>.
768
<td>Connection pool worker retry timeout in seconds.
769
If the connection pool worker to the backend server is in the error state,
770
Apache will not forward any requests to that server until the timeout
771
expires. This enables to shut down the backend server for maintenance,
772
and bring it back online later.
774
<tr><td>loadfactor</td>
776
<td>Worker load factor. Used with BalancerMember.
777
It is a number between 1 and 100 and defines the normalized weighted
778
load applied to the worker.
782
<td>Route of the worker when used inside load balancer.
783
The route is a value appended to seesion id.
785
<tr><td>redirect</td>
787
<td>Redirection Route of the worker. This value is usually
788
set dynamically to enable safe removal of the node from
789
the cluster. If set all requests without session id will be
790
redirected to the BalancerMember that has route parametar
796
<p>If the Proxy directive scheme starts with the
797
<code>balancer://</code> then a virtual worker that does not really
798
communicate with the backend server will be created. Instead it is responsible
799
for the management of several "real" workers. In that case the special set of
800
parameters can be add to this virtual worker.
803
<tr><th>Parameter</th>
805
<th>Description</th></tr>
806
<tr><td>lbmethod</td>
808
<td>Balancer load-balance method. Select the load-balancing scheduler
809
method to use. Either <code>byrequests</code>, to perform weighted
810
request counting or <code>bytraffic</code>, to perform weighted
811
traffic byte count balancing. Default is <code>byrequests</code>.
813
<tr><td>stickysession</td>
815
<td>Balancer sticky session name. The value is usually set to something
816
like <code>JSESSIONID</code> or <code>PHPSESSIONID</code>,
817
and it depends on the backend application server that support sessions.
819
<tr><td>nofailover</td>
821
<td>If set to <code>On</code> the session will break if the worker is in
822
error state or disabled. Set this value to On if backend servers do not
823
support session replication.
827
<td>Balancer timeout in seconds. If set this will be the maximum time
828
to wait for a free worker. Default is not to wait.
830
<tr><td>maxattempts</td>
832
<td>Maximum number of failover attempts before giving up.
836
<div class="example"><p><code>
837
ProxyPass /special-area http://special.example.com/ smax=5 max=10<br />
838
ProxyPass / balancer://mycluster stickysession=jsessionid nofailover=On<br />
839
<Proxy balancer://mycluster><br />
840
<span class="indent">
841
BalancerMember http://1.2.3.4:8009<br />
842
BalancerMember http://1.2.3.5:8009 smax=10<br />
843
# Less powerful server, don't send as many requests there<br />
844
BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=20<br />
849
<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
850
directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
852
<p>If you require a more flexible reverse-proxy configuration, see the
853
<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
854
<code>[P]</code> flag.</p>
857
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
858
<div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse" id="proxypassreverse">Directive</a></h2>
859
<table class="directive">
860
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the URL in HTTP response headers sent from a reverse
861
proxied server</td></tr>
862
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverse [<var>path</var>] <var>url</var></code></td></tr>
863
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
864
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
865
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
867
<p>This directive lets Apache adjust the URL in the <code>Location</code>,
868
<code>Content-Location</code> and <code>URI</code> headers on HTTP redirect
869
responses. This is essential when Apache is used as a reverse proxy to avoid
870
by-passing the reverse proxy because of HTTP redirects on the backend
871
servers which stay behind the reverse proxy.</p>
873
<p>Only the HTTP response headers specifically mentioned above
874
will be rewritten. Apache will not rewrite other response
875
headers, nor will it rewrite URL references inside HTML pages.
876
This means that if the proxied content contains absolute URL
877
references, they will by-pass the proxy. A third-party module
878
that will look inside the HTML and rewrite URL references is Nick
879
Kew's <a href="http://apache.webthing.com/mod_proxy_html/">mod_proxy_html</a>.</p>
881
<p><var>path</var> is the name of a local virtual path. <var>url</var> is a
882
partial URL for the remote server - the same way they are used for the
883
<code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
885
<p>For example, suppose the local server has address
886
<code>http://example.com/</code>; then</p>
888
<div class="example"><p><code>
889
ProxyPass /mirror/foo/ http://backend.example.com/<br />
890
ProxyPassReverse /mirror/foo/ http://backend.example.com/<br />
891
ProxyPassReverseCookieDomain backend.example.com public.example.com<br />
892
ProxyPassReverseCookiePath / /mirror/foo/
895
<p>will not only cause a local request for the
896
<code>http://example.com/mirror/foo/bar</code> to be internally converted
897
into a proxy request to <code>http://backend.example.com/bar</code>
898
(the functionality <code>ProxyPass</code> provides here). It also takes care
899
of redirects the server <code>backend.example.com</code> sends: when
900
<code>http://backend.example.com/bar</code> is redirected by him to
901
<code>http://backend.example.com/quux</code> Apache adjusts this to
902
<code>http://example.com/mirror/foo/quux</code> before forwarding the HTTP
903
redirect response to the client. Note that the hostname used for
904
constructing the URL is chosen in respect to the setting of the <code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code> directive.</p>
906
<p>Note that this <code class="directive">ProxyPassReverse</code> directive can
907
also be used in conjunction with the proxy pass-through feature
908
(<code>RewriteRule ... [P]</code>) from <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
909
because it doesn't depend on a corresponding <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
911
<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
912
directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
915
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
916
<div class="directive-section"><h2><a name="ProxyPassReverseCookieDomain" id="ProxyPassReverseCookieDomain">ProxyPassReverseCookieDomain</a> <a name="proxypassreversecookiedomain" id="proxypassreversecookiedomain">Directive</a></h2>
917
<table class="directive">
918
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Domain string in Set-Cookie headers from a reverse-
919
proxied server</td></tr>
920
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookieDomain <var>internal-domain</var> <var>public-domain</var></code></td></tr>
921
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
922
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
923
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
925
<p>Usage is basically similar to
926
<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
927
rewriting headers that are a URL, this rewrites the <code>domain</code>
928
string in <code>Set-Cookie</code> headers.</p>
931
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
932
<div class="directive-section"><h2><a name="ProxyPassReverseCookiePath" id="ProxyPassReverseCookiePath">ProxyPassReverseCookiePath</a> <a name="proxypassreversecookiepath" id="proxypassreversecookiepath">Directive</a></h2>
933
<table class="directive">
934
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Path string in Set-Cookie headers from a reverse-
935
proxied server</td></tr>
936
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookiePath <var>internal-path</var> <var>public-path</var></code></td></tr>
937
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
938
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
939
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
941
<p>Usage is basically similar to
942
<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
943
rewriting headers that are a URL, this rewrites the <code>path</code>
944
string in <code>Set-Cookie</code> headers.</p>
947
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
948
<div class="directive-section"><h2><a name="ProxyPreserveHost" id="ProxyPreserveHost">ProxyPreserveHost</a> <a name="proxypreservehost" id="proxypreservehost">Directive</a></h2>
949
<table class="directive">
950
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use incoming Host HTTP request header for proxy
952
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPreserveHost On|Off</code></td></tr>
953
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyPreserveHost Off</code></td></tr>
954
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
955
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
956
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
957
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later.</td></tr>
959
<p>When enabled, this option will pass the Host: line from the incoming
960
request to the proxied host, instead of the hostname specified in the
961
<code class="directive">ProxyPass</code> line.</p>
963
<p>This option should normally be turned <code>Off</code>. It is mostly
964
useful in special configurations like proxied mass name-based virtual
965
hosting, where the original Host header needs to be evaluated by the
969
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
970
<div class="directive-section"><h2><a name="ProxyReceiveBufferSize" id="ProxyReceiveBufferSize">ProxyReceiveBufferSize</a> <a name="proxyreceivebuffersize" id="proxyreceivebuffersize">Directive</a></h2>
971
<table class="directive">
972
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network buffer size for proxied HTTP and FTP
973
connections</td></tr>
974
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyReceiveBufferSize <var>bytes</var></code></td></tr>
975
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyReceiveBufferSize 0</code></td></tr>
976
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
977
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
978
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
980
<p>The <code class="directive">ProxyReceiveBufferSize</code> directive specifies an
981
explicit (TCP/IP) network buffer size for proxied HTTP and FTP connections,
982
for increased throughput. It has to be greater than <code>512</code> or set
983
to <code>0</code> to indicate that the system's default buffer size should
986
<div class="example"><h3>Example</h3><p><code>
987
ProxyReceiveBufferSize 2048
991
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
992
<div class="directive-section"><h2><a name="ProxyRemote" id="ProxyRemote">ProxyRemote</a> <a name="proxyremote" id="proxyremote">Directive</a></h2>
993
<table class="directive">
994
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle certain requests</td></tr>
995
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemote <var>match</var> <var>remote-server</var></code></td></tr>
996
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
997
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
998
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1000
<p>This defines remote proxies to this proxy. <var>match</var> is either the
1001
name of a URL-scheme that the remote server supports, or a partial URL
1002
for which the remote server should be used, or <code>*</code> to indicate
1003
the server should be contacted for all requests. <var>remote-server</var> is
1004
a partial URL for the remote server. Syntax:</p>
1006
<div class="example"><p><code>
1007
<dfn>remote-server</dfn> =
1008
<var>scheme</var>://<var>hostname</var>[:<var>port</var>]
1011
<p><var>scheme</var> is effectively the protocol that should be used to
1012
communicate with the remote server; only <code>http</code> is supported by
1015
<div class="example"><h3>Example</h3><p><code>
1016
ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br />
1017
ProxyRemote * http://cleversite.com<br />
1018
ProxyRemote ftp http://ftpproxy.mydomain.com:8080
1021
<p>In the last example, the proxy will forward FTP requests, encapsulated
1022
as yet another HTTP proxy request, to another proxy which can handle
1025
<p>This option also supports reverse proxy configuration - a backend
1026
webserver can be embedded within a virtualhost URL space even if that
1027
server is hidden by another forward proxy.</p>
1030
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1031
<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
1032
<table class="directive">
1033
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
1034
expressions</td></tr>
1035
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
1036
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1037
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1038
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1040
<p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
1041
<code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
1042
first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
1043
match against the requested URL.</p>
1046
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1047
<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
1048
<table class="directive">
1049
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
1050
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
1051
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
1052
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1053
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1054
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1056
<p>This allows or prevents Apache from functioning as a forward proxy
1057
server. (Setting ProxyRequests to <code>Off</code> does not disable use of
1058
the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
1060
<p>In a typical reverse proxy configuration, this option should be set to
1061
<code>Off</code>.</p>
1063
<p>In order to get the functionality of proxying HTTP or FTP sites, you
1064
need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
1065
(or both) present in the server.</p>
1067
<div class="warning"><h3>Warning</h3>
1068
<p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous
1069
both to your network and to the Internet at large.</p>
1073
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1074
<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
1075
<table class="directive">
1076
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
1077
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
1078
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyTimeout 300</code></td></tr>
1079
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1080
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1081
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1082
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
1084
<p>This directive allows a user to specifiy a timeout on proxy requests.
1085
This is useful when you have a slow/buggy appserver which hangs, and you
1086
would rather just return a timeout and fail gracefully instead of waiting
1087
however long it takes the server to return.</p>
1090
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1091
<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
1092
<table class="directive">
1093
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
1094
header for proxied requests</td></tr>
1095
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
1096
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
1097
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1098
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1099
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1101
<p>This directive controls the use of the <code>Via:</code> HTTP
1102
header by the proxy. Its intended use is to control the flow of
1103
proxy requests along a chain of proxy servers. See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
1104
14.45 for an explanation of <code>Via:</code> header lines.</p>
1107
<li>If set to <code>Off</code>, which is the default, no special processing
1108
is performed. If a request or reply contains a <code>Via:</code> header,
1109
it is passed through unchanged.</li>
1111
<li>If set to <code>On</code>, each request and reply will get a
1112
<code>Via:</code> header line added for the current host.</li>
1114
<li>If set to <code>Full</code>, each generated <code>Via:</code> header
1115
line will additionally have the Apache server version shown as a
1116
<code>Via:</code> comment field.</li>
1118
<li>If set to <code>Block</code>, every proxy request will have all its
1119
<code>Via:</code> header lines removed. No new <code>Via:</code> header will
1125
<div class="bottomlang">
1126
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
1127
<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
1128
</div><div id="footer">
1129
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
1130
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
b'\\ No newline at end of file'