1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5 This file is generated from xml source: DO NOT EDIT
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8 <title>mod_proxy - Apache HTTP Server</title>
9 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
12 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
14 <div id="page-header">
15 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
16 <p class="apache">Apache HTTP Server Version 2.1</p>
17 <img alt="" src="../images/feather.gif" /></div>
18 <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
20 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div>
21 <div id="page-content">
22 <div id="preamble"><h1>Apache Module mod_proxy</h1>
24 <p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
25 <a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
27 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>HTTP/1.1 proxy/gateway server</td></tr>
28 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
29 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>proxy_module</td></tr>
30 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_proxy.c</td></tr></table>
33 <div class="warning"><h3>Warning</h3>
34 <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous both to your
35 network and to the Internet at large.</p>
38 <p>This module implements a proxy/gateway for Apache. It implements
39 proxying capability for <code>AJP13</code> (Apache JServe Protocol
40 version 1.3), <code>FTP</code>, <code>CONNECT</code> (for SSL),
41 <code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and <code>HTTP/1.1</code>.
42 The module can be configured to connect to other proxy modules for these
43 and other protocols.</p>
45 <p>Apache's proxy features are divided into several modules in
46 addition to <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>:
47 <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>, <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>,
48 <code class="module"><a href="../mod/mod_proxy_ajp.html">mod_proxy_ajp</a></code>, <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code>,
49 and <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code>. Thus, if you want to use
50 one or more of the particular proxy functions, load
51 <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> <em>and</em> the appropriate module(s)
52 into the server (either statically at compile-time or dynamically
53 via the <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>
56 <p>In addition, extended features are provided by other modules.
57 Caching is provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and related
58 modules. The ability to contact remote servers using the SSL/TLS
59 protocol is provided by the <code>SSLProxy*</code> directives of
60 <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need
61 to be loaded and configured to take advantage of these features.</p>
63 <div id="quickview"><h3 class="directives">Directives</h3>
65 <li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
66 <li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
67 <li><img alt="" src="../images/down.gif" /> <a href="#proxy"><Proxy></a></li>
68 <li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
69 <li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
70 <li><img alt="" src="../images/down.gif" /> <a href="#proxydomain">ProxyDomain</a></li>
71 <li><img alt="" src="../images/down.gif" /> <a href="#proxyerroroverride">ProxyErrorOverride</a></li>
72 <li><img alt="" src="../images/down.gif" /> <a href="#proxyiobuffersize">ProxyIOBufferSize</a></li>
73 <li><img alt="" src="../images/down.gif" /> <a href="#proxymatch"><ProxyMatch></a></li>
74 <li><img alt="" src="../images/down.gif" /> <a href="#proxymaxforwards">ProxyMaxForwards</a></li>
75 <li><img alt="" src="../images/down.gif" /> <a href="#proxypass">ProxyPass</a></li>
76 <li><img alt="" src="../images/down.gif" /> <a href="#proxypassreverse">ProxyPassReverse</a></li>
77 <li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiedomain">ProxyPassReverseCookieDomain</a></li>
78 <li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiepath">ProxyPassReverseCookiePath</a></li>
79 <li><img alt="" src="../images/down.gif" /> <a href="#proxypreservehost">ProxyPreserveHost</a></li>
80 <li><img alt="" src="../images/down.gif" /> <a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
81 <li><img alt="" src="../images/down.gif" /> <a href="#proxyremote">ProxyRemote</a></li>
82 <li><img alt="" src="../images/down.gif" /> <a href="#proxyremotematch">ProxyRemoteMatch</a></li>
83 <li><img alt="" src="../images/down.gif" /> <a href="#proxyrequests">ProxyRequests</a></li>
84 <li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li>
85 <li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li>
89 <li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward and Reverse Proxies</a></li>
90 <li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
91 <li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
92 <li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
93 <li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
94 <li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
95 <li><img alt="" src="../images/down.gif" /> <a href="#request-bodies">Request Bodys</a></li>
96 </ul><h3>See also</h3>
98 <li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
99 <li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li>
100 <li><code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code></li>
101 <li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li>
102 <li><code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></li>
103 <li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
105 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
106 <div class="section">
107 <h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h2>
108 <p>Apache can be configured in both a <dfn>forward</dfn> and
109 <dfn>reverse</dfn> proxy mode.</p>
111 <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
112 server that sits between the client and the <em>origin
113 server</em>. In order to get content from the origin server,
114 the client sends a request to the proxy naming the origin server
115 as the target and the proxy then requests the content from the
116 origin server and returns it to the client. The client must be
117 specially configured to use the forward proxy to access other
120 <p>A typical usage of a forward proxy is to provide Internet
121 access to internal clients that are otherwise restricted by a
122 firewall. The forward proxy can also use caching (as provided
123 by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
125 <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
126 forward proxys allow clients to access arbitrary sites through
127 your server and to hide their true origin, it is essential that
128 you <a href="#access">secure your server</a> so that only
129 authorized clients can access the proxy before activating a
132 <p>A <dfn>reverse proxy</dfn>, by contrast, appears to the
133 client just like an ordinary web server. No special
134 configuration on the client is necessary. The client makes
135 ordinary requests for content in the name-space of the reverse
136 proxy. The reverse proxy then decides where to send those
137 requests, and returns the content as if it was itself the
140 <p>A typical usage of a reverse proxy is to provide Internet
141 users access to a server that is behind a firewall. Reverse
142 proxies can also be used to balance load among several back-end
143 servers, or to provide caching for a slower back-end server.
144 In addition, reverse proxies can be used simply to bring
145 several servers into the same URL space.</p>
147 <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
148 <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
149 <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
150 configure a reverse proxy.</p>
151 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
152 <div class="section">
153 <h2><a name="examples" id="examples">Basic Examples</a></h2>
155 <p>The examples below are only a very basic idea to help you
156 get started. Please read the documentation on the individual
159 <p>In addition, if you wish to have caching enabled, consult
160 the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
162 <div class="example"><h3>Forward Proxy</h3><p><code>
163 ProxyRequests On<br />
166 <Proxy *><br />
167 <span class="indent">
168 Order deny,allow<br />
170 Allow from internal.example.com<br />
175 <div class="example"><h3>Reverse Proxy</h3><p><code>
176 ProxyRequests Off<br />
178 <Proxy *><br />
179 <span class="indent">
180 Order deny,allow<br />
185 ProxyPass /foo http://foo.example.com/bar<br />
186 ProxyPassReverse /foo http://foo.example.com/bar
188 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
189 <div class="section">
190 <h2><a name="access" id="access">Controlling access to your proxy</a></h2>
191 <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
192 the following example:</p>
194 <div class="example"><p><code>
195 <Proxy *><br />
196 <span class="indent">
197 Order Deny,Allow<br />
199 Allow from 192.168.0<br />
204 <p>For more information on access control directives, see
205 <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
207 <p>Strictly limiting access is essential if you are using a
208 forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
209 Otherwise, your server can be used by any client to access
210 arbitrary hosts while hiding his or her true identity. This is
211 dangerous both for your network and for the Internet at large.
212 When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
213 <code>ProxyRequests Off</code>), access control is less
214 critical because clients can only contact the hosts that you
215 have specifically configured.</p>
217 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
218 <div class="section">
219 <h2><a name="startup" id="startup">Slow Startup</a></h2>
220 <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
221 and cached during startup for later match test. This may take a few
222 seconds (or more) depending on the speed with which the hostname lookups
224 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
225 <div class="section">
226 <h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
227 <p>An Apache proxy server situated in an intranet needs to forward
228 external requests through the company's firewall (for this, configure
229 the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
230 to forward the respective <var>scheme</var> to the firewall proxy).
231 However, when it has to
232 access resources within the intranet, it can bypass the firewall when
233 accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
234 directive is useful for specifying which hosts belong to the intranet and
235 should be accessed directly.</p>
237 <p>Users within an intranet tend to omit the local domain name from their
238 WWW requests, thus requesting "http://somehost/" instead of
239 <code>http://somehost.example.com/</code>. Some commercial proxy servers
240 let them get away with this and simply serve the request, implying a
241 configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
242 a redirect response and send the client to the correct, fully qualified,
243 server address. This is the preferred method since the user's bookmark
244 files will then contain fully qualified hosts.</p>
245 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
246 <div class="section">
247 <h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
248 <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
249 requests to an origin server that doesn't properly implement
250 keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
251 request to use HTTP/1.0 with no keepalive. These are set via the
252 <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
254 <p>These are the <code>force-proxy-request-1.0</code> and
255 <code>proxy-nokeepalive</code> notes.</p>
257 <div class="example"><p><code>
258 <Location /buggyappserver/><br />
259 <span class="indent">
260 ProxyPass http://buggyappserver:7001/foo/<br />
261 SetEnv force-proxy-request-1.0 1<br />
262 SetEnv proxy-nokeepalive 1<br />
267 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
268 <div class="section">
269 <h2><a name="request-bodies" id="request-bodies">Request Bodys</a></h2>
271 <p>Some request methods such as POST include a request body.
272 The HTTP protocol requires that requests which include a body
273 either use chunked transfer encoding or send a
274 <code>Content-Length</code> request header. When passing these
275 requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
276 will always attempt to send the <code>Content-Length</code>. But
277 if the body is large and the original request used chunked
278 encoding, then chunked encoding may also be used in the upstream
279 request. You can control this selection using <a href="../env.html">environment variables</a>. Setting
280 <code>proxy-sendcl</code> ensures maximum compatibility with
281 upstream servers by always sending the
282 <code>Content-Length</code>, while setting
283 <code>proxy-sendchunked</code> minimizes resource usage by using
284 chunked encoding.</p>
287 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
288 <div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
289 <table class="directive">
290 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
292 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr>
293 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
294 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
295 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
296 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
298 <p>The <code class="directive">AllowCONNECT</code> directive specifies a list
299 of port numbers to which the proxy <code>CONNECT</code> method may
300 connect. Today's browsers use this method when a <code>https</code>
301 connection is requested and proxy tunneling over HTTP is in effect.</p>
303 <p>By default, only the default https port (<code>443</code>) and the
304 default snews port (<code>563</code>) are enabled. Use the
305 <code class="directive">AllowCONNECT</code> directive to override this default and
306 allow connections to the listed ports only.</p>
308 <p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present
309 in the server in order to get the support for the <code>CONNECT</code> at
313 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
314 <div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
315 <table class="directive">
316 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
318 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
319 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
320 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
321 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
323 <p>This directive is only useful for Apache proxy servers within
324 intranets. The <code class="directive">NoProxy</code> directive specifies a
325 list of subnets, IP addresses, hosts and/or domains, separated by
326 spaces. A request to a host which matches one or more of these is
327 always served directly, without forwarding to the configured
328 <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
330 <div class="example"><h3>Example</h3><p><code>
331 ProxyRemote * http://firewall.mycompany.com:81<br />
332 NoProxy .mycompany.com 192.168.112.0/21
335 <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
336 directive are one of the following type list:</p>
340 <dt><var><a name="domain" id="domain">Domain</a></var></dt>
342 <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
343 by a period. It represents a list of hosts which logically belong to the
344 same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
345 all ending in <var>Domain</var>).</p>
347 <div class="example"><h3>Examples</h3><p><code>
351 <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
352 have a DNS A record, too!), <var>Domain</var>s are always written with a
355 <div class="note"><h3>Note</h3>
356 <p>Domain name comparisons are done without regard to the case, and
357 <var>Domain</var>s are always assumed to be anchored in the root of the
358 DNS tree, therefore two domains <code>.MyDomain.com</code> and
359 <code>.mydomain.com.</code> (note the trailing period) are considered
360 equal. Since a domain comparison does not involve a DNS lookup, it is much
361 more efficient than subnet comparison.</p>
365 <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
367 <p>A <dfn>SubNet</dfn> is a partially qualified internet address in
368 numeric (dotted quad) form, optionally followed by a slash and the netmask,
369 specified as the number of significant bits in the <var>SubNet</var>. It is
370 used to represent a subnet of hosts which can be reached over a common
371 network interface. In the absence of the explicit net mask it is assumed
372 that omitted (or zero valued) trailing digits specify the mask. (In this
373 case, the netmask can only be multiples of 8 bits wide.) Examples:</p>
376 <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
377 <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
378 (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
379 <dt><code>192.168.112.0/21</code></dt>
380 <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
381 valid bits (also used in the form <code>255.255.248.0</code>)</dd>
384 <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
385 equivalent to an <var><a href="#ipadr">IPAddr</a></var>, while a <var>SubNet</var> with zero
386 valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
387 <var>_Default_</var>, matching any IP address.</p></dd>
390 <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
392 <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
393 numeric (dotted quad) form. Usually, this address represents a host, but
394 there need not necessarily be a DNS domain name connected with the
396 <div class="example"><h3>Example</h3><p><code>
400 <div class="note"><h3>Note</h3>
401 <p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
402 it can result in more effective apache performance.</p>
406 <dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
408 <p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
409 be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
410 DNS domain name service. It represents a logical host (in contrast to
411 <var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
412 to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
413 of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>
415 <div class="example"><h3>Examples</h3><p><code>
416 prep.ai.mit.edu<br />
420 <div class="note"><h3>Note</h3>
421 <p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
422 DNS lookup can be avoided. Name resolution in Apache can take a remarkable
423 deal of time when the connection to the name server uses a slow PPP
425 <p><var>Hostname</var> comparisons are done without regard to the case,
426 and <var>Hostname</var>s are always assumed to be anchored in the root
427 of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
428 and <code>www.mydomain.com.</code> (note the trailing period) are
429 considered equal.</p>
435 <li><a href="../dns-caveats.html">DNS Issues</a></li>
438 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
439 <div class="directive-section"><h2><a name="Proxy" id="Proxy"><Proxy></a> <a name="proxy" id="proxy">Directive</a></h2>
440 <table class="directive">
441 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
442 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <var>wildcard-url</var>> ...</Proxy></code></td></tr>
443 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
444 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
445 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
447 <p>Directives placed in <code class="directive"><Proxy></code>
448 sections apply only to matching proxied content. Shell-style wildcards are
451 <p>For example, the following will allow only hosts in
452 <code>yournetwork.example.com</code> to access content via your proxy
455 <div class="example"><p><code>
456 <Proxy *><br />
457 <span class="indent">
458 Order Deny,Allow<br />
460 Allow from yournetwork.example.com<br />
465 <p>The following example will process all files in the <code>foo</code>
466 directory of <code>example.com</code> through the <code>INCLUDES</code>
467 filter when they are sent through the proxy server:</p>
469 <div class="example"><p><code>
470 <Proxy http://example.com/foo/*><br />
471 <span class="indent">
472 SetOutputFilter INCLUDES<br />
479 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
480 <div class="directive-section"><h2><a name="ProxyBadHeader" id="ProxyBadHeader">ProxyBadHeader</a> <a name="proxybadheader" id="proxybadheader">Directive</a></h2>
481 <table class="directive">
482 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how to handle bad header lines in a
484 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBadHeader IsError|Ignore|StartBody</code></td></tr>
485 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyBadHeader IsError</code></td></tr>
486 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
487 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
488 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
489 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>available in Apache 2.0.44 and later</td></tr>
491 <p>The <code class="directive">ProxyBadHeader</code> directive determines the
492 behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> if it receives syntactically invalid
493 header lines (<em>i.e.</em> containing no colon). The following arguments
497 <dt><code>IsError</code></dt>
498 <dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
499 the default behaviour.</dd>
501 <dt><code>Ignore</code></dt>
502 <dd>Treat bad header lines as if they weren't sent.</dd>
504 <dt><code>StartBody</code></dt>
505 <dd>When receiving the first bad header line, finish reading the headers and
506 treat the remainder as body. This helps to work around buggy backend servers
507 which forget to insert an empty line between the headers and the body.</dd>
511 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
512 <div class="directive-section"><h2><a name="ProxyBlock" id="ProxyBlock">ProxyBlock</a> <a name="proxyblock" id="proxyblock">Directive</a></h2>
513 <table class="directive">
514 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Words, hosts, or domains that are banned from being
516 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<var>word</var>|<var>host</var>|<var>domain</var>
517 [<var>word</var>|<var>host</var>|<var>domain</var>] ...</code></td></tr>
518 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
519 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
520 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
522 <p>The <code class="directive">ProxyBlock</code> directive specifies a list of
523 words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
524 FTP document requests to sites whose names contain matched words,
525 hosts or domains are <em>blocked</em> by the proxy server. The proxy
526 module will also attempt to determine IP addresses of list items which
527 may be hostnames during startup, and cache them for match test as
528 well. That may slow down the startup time of the server.</p>
530 <div class="example"><h3>Example</h3><p><code>
531 ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
534 <p><code>rocky.wotsamattau.edu</code> would also be matched if referenced by
537 <p>Note that <code>wotsamattau</code> would also be sufficient to match
538 <code>wotsamattau.edu</code>.</p>
540 <p>Note also that</p>
542 <div class="example"><p><code>
546 <p>blocks connections to all sites.</p>
549 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
550 <div class="directive-section"><h2><a name="ProxyDomain" id="ProxyDomain">ProxyDomain</a> <a name="proxydomain" id="proxydomain">Directive</a></h2>
551 <table class="directive">
552 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default domain name for proxied requests</td></tr>
553 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <var>Domain</var></code></td></tr>
554 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
555 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
556 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
558 <p>This directive is only useful for Apache proxy servers within
559 intranets. The <code class="directive">ProxyDomain</code> directive specifies
560 the default domain which the apache proxy server will belong to. If a
561 request to a host without a domain name is encountered, a redirection
562 response to the same host with the configured <var>Domain</var> appended
563 will be generated.</p>
565 <div class="example"><h3>Example</h3><p><code>
566 ProxyRemote * http://firewall.mycompany.com:81<br />
567 NoProxy .mycompany.com 192.168.112.0/21<br />
568 ProxyDomain .mycompany.com
572 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
573 <div class="directive-section"><h2><a name="ProxyErrorOverride" id="ProxyErrorOverride">ProxyErrorOverride</a> <a name="proxyerroroverride" id="proxyerroroverride">Directive</a></h2>
574 <table class="directive">
575 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Override error pages for proxied content</td></tr>
576 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyErrorOverride On|Off</code></td></tr>
577 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyErrorOverride Off</code></td></tr>
578 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
579 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
580 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
581 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0 and later</td></tr>
583 <p>This directive is useful for reverse-proxy setups, where you want to
584 have a common look and feel on the error pages seen by the end user.
585 This also allows for included files (via
586 <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>'s SSI) to get
587 the error code and act accordingly (default behavior would display
588 the error page of the proxied server, turning this on shows the SSI
592 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
593 <div class="directive-section"><h2><a name="ProxyIOBufferSize" id="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize" id="proxyiobuffersize">Directive</a></h2>
594 <table class="directive">
595 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determine size of internal data throughput buffer</td></tr>
596 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <var>bytes</var></code></td></tr>
597 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyIOBufferSize 8192</code></td></tr>
598 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
599 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
600 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
602 <p>The <code class="directive">ProxyIOBufferSize</code> directive adjusts the size
603 of the internal buffer, which is used as a scratchpad for the data between
604 input and output. The size must be less or equal <code>8192</code>.</p>
606 <p>In almost every case there's no reason to change that value.</p>
609 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
610 <div class="directive-section"><h2><a name="ProxyMatch" id="ProxyMatch"><ProxyMatch></a> <a name="proxymatch" id="proxymatch">Directive</a></h2>
611 <table class="directive">
612 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to regular-expression-matched
613 proxied resources</td></tr>
614 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <var>regex</var>> ...</ProxyMatch></code></td></tr>
615 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
616 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
617 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
619 <p>The <code class="directive"><ProxyMatch></code> directive is
620 identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
621 using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
624 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
625 <div class="directive-section"><h2><a name="ProxyMaxForwards" id="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards" id="proxymaxforwards">Directive</a></h2>
626 <table class="directive">
627 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximium number of proxies that a request can be forwarded
629 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <var>number</var></code></td></tr>
630 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards 10</code></td></tr>
631 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
632 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
633 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
634 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later</td></tr>
636 <p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
637 maximum number of proxies through which a request may pass, if there's no
638 <code>Max-Forwards</code> header supplied with the request. This is
639 set to prevent infinite proxy loops, or a DoS attack.</p>
641 <div class="example"><h3>Example</h3><p><code>
646 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
647 <div class="directive-section"><h2><a name="ProxyPass" id="ProxyPass">ProxyPass</a> <a name="proxypass" id="proxypass">Directive</a></h2>
648 <table class="directive">
649 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space</td></tr>
650 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var> <var>key=value</var> ...]]</code></td></tr>
651 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
652 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
653 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
655 <p>This directive allows remote servers to be mapped into the space of
656 the local server; the local server does not act as a proxy in the
657 conventional sense, but appears to be a mirror of the remote
658 server. <var>path</var> is the name of a local virtual path; <var>url</var>
659 is a partial URL for the remote server and cannot include a query
662 <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
663 usually be set <strong>off</strong> when using
664 <code class="directive">ProxyPass</code>.</div>
666 <p>Suppose the local server has address <code>http://example.com/</code>;
669 <div class="example"><p><code>
670 ProxyPass /mirror/foo/ http://backend.example.com/
673 <p>will cause a local request for
674 <code>http://example.com/mirror/foo/bar</code> to be internally converted
675 into a proxy request to <code>http://backend.example.com/bar</code>.</p>
677 <p>The <code>!</code> directive is useful in situations where you don't want
678 to reverse-proxy a subdirectory, <em>e.g.</em></p>
680 <div class="example"><p><code>
681 ProxyPass /mirror/foo/i !<br />
682 ProxyPass /mirror/foo http://backend.example.com
685 <p>will proxy all requests to <code>/mirror/foo</code> to
686 <code>backend.example.com</code> <em>except</em> requests made to
687 <code>/mirror/foo/i</code>.</p>
689 <div class="note"><h3>Note</h3>
690 <p>Order is important. you need to put the exclusions <em>before</em> the
691 general <code class="directive">ProxyPass</code> directive.</p>
694 <p>New in Apache 2.1, is the ability to use pooled connections to a
695 backend server. Using the <code>key=value</code> parameters it is possible
696 to tune this connection pooling. The default for a <code>Hard Maximum</code>
697 for the number of connections is the number of threads per process in the
698 active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
699 it is controlled by the <code class="directive">ThreadsPerChild</code>.</p>
701 <p>Setting <code>min</code> will determine how many connections will always
702 be open to the backend server. Upto the Soft Maximum or <code>smax</code>
703 number of connections will be created on demand. Any connections above
704 <code>smax</code> are subject to a time to live or <code>ttl</code>. Apache
705 will never create more than the Hard Maximum or <code>max</code> connections
706 to the backend server.</p>
708 <div class="example"><p><code>
709 ProxyPass /example http://backend.example.com smax=5 max=20 ttl=120 retry=300
713 <tr><th>Parameter</th>
715 <th>Description</th></tr>
718 <td>Minumum number of connections that will always
719 be open to the backend server.</td></tr>
722 <td>Hard Maximum number of connections that will be
723 allowed to the backend server. The default for a Hard Maximum
724 for the number of connections is the number of threads per process in the
725 active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
726 it is controlled by the <code class="directive">ThreadsPerChild</code>.
727 Apache will never create more than the Hard Maximum connections
728 to the backend server.</td></tr>
731 <td>Upto the Soft Maximum
732 number of connections will be created on demand. Any connections above
733 <code>smax</code> are subject to a time to live or <code>ttl</code>.
737 <td>Time To Live for the inactive connections above the
738 <code>smax</code> connections in seconds. Apache will close all
739 connections that has not been used inside that time period.
742 <td><code class="directive">Timeout</code></td>
743 <td>Connection timeout in seconds.
744 If not set the Apache will wait until the free connection
745 is available. This directive is used for limiting the number
746 of connections to the backend server together with <code>max</code>
751 <td>If set this will be the maximum time to wait for a free
752 connection in the connection pool. If there are no free connections
753 in the pool the Apache will return <code>SERVER_BUSY</code> status to
756 <tr><td>keepalive</td>
758 <td>This parameter should be used when you have a firewall between your
759 Apache and the backend server, who tend to drop inactive connections.
760 This flag will tell the Operating System to send <code>KEEP_ALIVE</code>
761 messages on inactive connections (interval depends on global OS settings,
762 generally 120ms), and thus prevent the firewall to drop the connection.
763 To enable keepalive set this property value to <code>On</code>.
767 <td>Connection pool worker retry timeout in seconds.
768 If the connection pool worker to the backend server is in the error state,
769 Apache will not forward any requests to that server until the timeout
770 expires. This enables to shut down the backend server for maintenance,
771 and bring it back online later.
773 <tr><td>loadfactor</td>
775 <td>Worker load factor. Used with BalancerMember.
776 It is a number between 1 and 100 and defines the normalized weighted
777 load applied to the worker.
781 <td>Route of the worker when used inside load balancer.
782 The route is a value appended to seesion id.
784 <tr><td>redirect</td>
786 <td>Redirection Route of the worker. This value is usually
787 set dynamically to enable safe removal of the node from
788 the cluster. If set all requests without session id will be
789 redirected to the BalancerMember that has route parametar
795 <p>If the Proxy directive scheme starts with the
796 <code>balancer://</code> then a virtual worker that does not really
797 communicate with the backend server will be created. Instead it is responsible
798 for the management of several "real" workers. In that case the special set of
799 parameters can be add to this virtual worker.
802 <tr><th>Parameter</th>
804 <th>Description</th></tr>
805 <tr><td>lbmethod</td>
807 <td>Balancer load-balance method. Select the load-balancing scheduler
808 method to use. Either <code>byrequests</code>, to perform weighted
809 request counting or <code>bytraffic</code>, to perform weighted
810 traffic byte count balancing. Default is <code>byrequests</code>.
812 <tr><td>stickysession</td>
814 <td>Balancer sticky session name. The value is usually set to something
815 like <code>JSESSIONID</code> or <code>PHPSESSIONID</code>,
816 and it depends on the backend application server that support sessions.
818 <tr><td>nofailover</td>
820 <td>If set to <code>On</code> the session will break if the worker is in
821 error state or disabled. Set this value to On if backend servers do not
822 support session replication.
826 <td>Balancer timeout in seconds. If set this will be the maximum time
827 to wait for a free worker. Default is not to wait.
829 <tr><td>maxattempts</td>
831 <td>Maximum number of failover attempts before giving up.
835 <div class="example"><p><code>
836 ProxyPass /special-area http://special.example.com/ smax=5 max=10<br />
837 ProxyPass / balancer://mycluster stickysession=jsessionid nofailover=On<br />
838 <Proxy balancer://mycluster><br />
839 <span class="indent">
840 BalancerMember http://1.2.3.4:8009<br />
841 BalancerMember http://1.2.3.5:8009 smax=10<br />
842 # Less powerful server, don't send as many requests there<br />
843 BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=20<br />
848 <p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
849 directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
851 <p>If you require a more flexible reverse-proxy configuration, see the
852 <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
853 <code>[P]</code> flag.</p>
856 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
857 <div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse" id="proxypassreverse">Directive</a></h2>
858 <table class="directive">
859 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the URL in HTTP response headers sent from a reverse
860 proxied server</td></tr>
861 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverse [<var>path</var>] <var>url</var></code></td></tr>
862 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
863 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
864 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
866 <p>This directive lets Apache adjust the URL in the <code>Location</code>,
867 <code>Content-Location</code> and <code>URI</code> headers on HTTP redirect
868 responses. This is essential when Apache is used as a reverse proxy to avoid
869 by-passing the reverse proxy because of HTTP redirects on the backend
870 servers which stay behind the reverse proxy.</p>
872 <p>Only the HTTP response headers specifically mentioned above
873 will be rewritten. Apache will not rewrite other response
874 headers, nor will it rewrite URL references inside HTML pages.
875 This means that if the proxied content contains absolute URL
876 references, they will by-pass the proxy. A third-party module
877 that will look inside the HTML and rewrite URL references is Nick
878 Kew's <a href="http://apache.webthing.com/mod_proxy_html/">mod_proxy_html</a>.</p>
880 <p><var>path</var> is the name of a local virtual path. <var>url</var> is a
881 partial URL for the remote server - the same way they are used for the
882 <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
884 <p>For example, suppose the local server has address
885 <code>http://example.com/</code>; then</p>
887 <div class="example"><p><code>
888 ProxyPass /mirror/foo/ http://backend.example.com/<br />
889 ProxyPassReverse /mirror/foo/ http://backend.example.com/<br />
890 ProxyPassReverseCookieDomain backend.example.com public.example.com<br />
891 ProxyPassReverseCookiePath / /mirror/foo/
894 <p>will not only cause a local request for the
895 <code>http://example.com/mirror/foo/bar</code> to be internally converted
896 into a proxy request to <code>http://backend.example.com/bar</code>
897 (the functionality <code>ProxyPass</code> provides here). It also takes care
898 of redirects the server <code>backend.example.com</code> sends: when
899 <code>http://backend.example.com/bar</code> is redirected by him to
900 <code>http://backend.example.com/quux</code> Apache adjusts this to
901 <code>http://example.com/mirror/foo/quux</code> before forwarding the HTTP
902 redirect response to the client. Note that the hostname used for
903 constructing the URL is chosen in respect to the setting of the <code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code> directive.</p>
905 <p>Note that this <code class="directive">ProxyPassReverse</code> directive can
906 also be used in conjunction with the proxy pass-through feature
907 (<code>RewriteRule ... [P]</code>) from <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
908 because it doesn't depend on a corresponding <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
910 <p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
911 directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
914 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
915 <div class="directive-section"><h2><a name="ProxyPassReverseCookieDomain" id="ProxyPassReverseCookieDomain">ProxyPassReverseCookieDomain</a> <a name="proxypassreversecookiedomain" id="proxypassreversecookiedomain">Directive</a></h2>
916 <table class="directive">
917 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Domain string in Set-Cookie headers from a reverse-
918 proxied server</td></tr>
919 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookieDomain <var>internal-domain</var> <var>public-domain</var></code></td></tr>
920 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
921 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
922 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
924 <p>Usage is basically similar to
925 <code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
926 rewriting headers that are a URL, this rewrites the <code>domain</code>
927 string in <code>Set-Cookie</code> headers.</p>
930 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
931 <div class="directive-section"><h2><a name="ProxyPassReverseCookiePath" id="ProxyPassReverseCookiePath">ProxyPassReverseCookiePath</a> <a name="proxypassreversecookiepath" id="proxypassreversecookiepath">Directive</a></h2>
932 <table class="directive">
933 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Path string in Set-Cookie headers from a reverse-
934 proxied server</td></tr>
935 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookiePath <var>internal-path</var> <var>public-path</var></code></td></tr>
936 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
937 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
938 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
940 <p>Usage is basically similar to
941 <code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
942 rewriting headers that are a URL, this rewrites the <code>path</code>
943 string in <code>Set-Cookie</code> headers.</p>
946 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
947 <div class="directive-section"><h2><a name="ProxyPreserveHost" id="ProxyPreserveHost">ProxyPreserveHost</a> <a name="proxypreservehost" id="proxypreservehost">Directive</a></h2>
948 <table class="directive">
949 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use incoming Host HTTP request header for proxy
951 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPreserveHost On|Off</code></td></tr>
952 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyPreserveHost Off</code></td></tr>
953 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
954 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
955 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
956 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later.</td></tr>
958 <p>When enabled, this option will pass the Host: line from the incoming
959 request to the proxied host, instead of the hostname specified in the
960 <code class="directive">ProxyPass</code> line.</p>
962 <p>This option should normally be turned <code>Off</code>. It is mostly
963 useful in special configurations like proxied mass name-based virtual
964 hosting, where the original Host header needs to be evaluated by the
968 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
969 <div class="directive-section"><h2><a name="ProxyReceiveBufferSize" id="ProxyReceiveBufferSize">ProxyReceiveBufferSize</a> <a name="proxyreceivebuffersize" id="proxyreceivebuffersize">Directive</a></h2>
970 <table class="directive">
971 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network buffer size for proxied HTTP and FTP
972 connections</td></tr>
973 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyReceiveBufferSize <var>bytes</var></code></td></tr>
974 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyReceiveBufferSize 0</code></td></tr>
975 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
976 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
977 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
979 <p>The <code class="directive">ProxyReceiveBufferSize</code> directive specifies an
980 explicit (TCP/IP) network buffer size for proxied HTTP and FTP connections,
981 for increased throughput. It has to be greater than <code>512</code> or set
982 to <code>0</code> to indicate that the system's default buffer size should
985 <div class="example"><h3>Example</h3><p><code>
986 ProxyReceiveBufferSize 2048
990 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
991 <div class="directive-section"><h2><a name="ProxyRemote" id="ProxyRemote">ProxyRemote</a> <a name="proxyremote" id="proxyremote">Directive</a></h2>
992 <table class="directive">
993 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle certain requests</td></tr>
994 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemote <var>match</var> <var>remote-server</var></code></td></tr>
995 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
996 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
997 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
999 <p>This defines remote proxies to this proxy. <var>match</var> is either the
1000 name of a URL-scheme that the remote server supports, or a partial URL
1001 for which the remote server should be used, or <code>*</code> to indicate
1002 the server should be contacted for all requests. <var>remote-server</var> is
1003 a partial URL for the remote server. Syntax:</p>
1005 <div class="example"><p><code>
1006 <dfn>remote-server</dfn> =
1007 <var>scheme</var>://<var>hostname</var>[:<var>port</var>]
1010 <p><var>scheme</var> is effectively the protocol that should be used to
1011 communicate with the remote server; only <code>http</code> is supported by
1014 <div class="example"><h3>Example</h3><p><code>
1015 ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br />
1016 ProxyRemote * http://cleversite.com<br />
1017 ProxyRemote ftp http://ftpproxy.mydomain.com:8080
1020 <p>In the last example, the proxy will forward FTP requests, encapsulated
1021 as yet another HTTP proxy request, to another proxy which can handle
1024 <p>This option also supports reverse proxy configuration - a backend
1025 webserver can be embedded within a virtualhost URL space even if that
1026 server is hidden by another forward proxy.</p>
1029 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1030 <div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
1031 <table class="directive">
1032 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
1033 expressions</td></tr>
1034 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
1035 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1036 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1037 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1039 <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
1040 <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
1041 first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
1042 match against the requested URL.</p>
1045 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1046 <div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
1047 <table class="directive">
1048 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
1049 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
1050 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
1051 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1052 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1053 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1055 <p>This allows or prevents Apache from functioning as a forward proxy
1056 server. (Setting ProxyRequests to <code>Off</code> does not disable use of
1057 the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
1059 <p>In a typical reverse proxy configuration, this option should be set to
1060 <code>Off</code>.</p>
1062 <p>In order to get the functionality of proxying HTTP or FTP sites, you
1063 need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
1064 (or both) present in the server.</p>
1066 <div class="warning"><h3>Warning</h3>
1067 <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous
1068 both to your network and to the Internet at large.</p>
1072 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1073 <div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
1074 <table class="directive">
1075 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
1076 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
1077 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyTimeout 300</code></td></tr>
1078 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1079 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1080 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1081 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
1083 <p>This directive allows a user to specifiy a timeout on proxy requests.
1084 This is useful when you have a slow/buggy appserver which hangs, and you
1085 would rather just return a timeout and fail gracefully instead of waiting
1086 however long it takes the server to return.</p>
1089 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
1090 <div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
1091 <table class="directive">
1092 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
1093 header for proxied requests</td></tr>
1094 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
1095 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
1096 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
1097 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
1098 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
1100 <p>This directive controls the use of the <code>Via:</code> HTTP
1101 header by the proxy. Its intended use is to control the flow of
1102 proxy requests along a chain of proxy servers. See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
1103 14.45 for an explanation of <code>Via:</code> header lines.</p>
1106 <li>If set to <code>Off</code>, which is the default, no special processing
1107 is performed. If a request or reply contains a <code>Via:</code> header,
1108 it is passed through unchanged.</li>
1110 <li>If set to <code>On</code>, each request and reply will get a
1111 <code>Via:</code> header line added for the current host.</li>
1113 <li>If set to <code>Full</code>, each generated <code>Via:</code> header
1114 line will additionally have the Apache server version shown as a
1115 <code>Via:</code> comment field.</li>
1117 <li>If set to <code>Block</code>, every proxy request will have all its
1118 <code>Via:</code> header lines removed. No new <code>Via:</code> header will
1124 <div class="bottomlang">
1125 <p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
1126 <a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
1127 </div><div id="footer">
1128 <p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
1129 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>