<body>
<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
-<p class="apache">Apache HTTP Server Version 2.1</p>
+<p class="apache">Apache HTTP Server Version 2.3</p>
<img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
-<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div>
+<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_proxy</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
+<a href="../fr/mod/mod_proxy.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
+<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
+</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>HTTP/1.1 proxy/gateway server</td></tr>
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>proxy_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_proxy.c</td></tr></table>
<h3>Summary</h3>
-<div class="warning"><h3>Warning</h3>
-This document has been updated to take into account changes
-made in the 2.0 version of the Apache HTTP Server. Some of the
-information may still be inaccurate, please use it
-with care.
-</div>
-
-<p>This module implements a proxy/gateway for Apache. It implements
-proxying capability for
-<code>FTP</code>,
-<code>CONNECT</code> (for SSL),
-<code>HTTP/0.9</code>,
-<code>HTTP/1.0</code>, and
-<code>HTTP/1.1</code>.
-The module can be configured to connect to other proxy modules for these
-and other protocols.</p>
-
-<p>This module was experimental in Apache 1.1.x. Improvements and bugfixes
-were made in Apache v1.2.x and Apache v1.3.x, then the module underwent a major
-overhaul for Apache v2.0. The protocol support was upgraded to HTTP/1.1,
-and filter support was enabled.</p>
-
-<p>Please note that the <strong>caching</strong> function present in
-mod_proxy up to Apache v1.3.x has been <strong>removed</strong> from
-mod_proxy and will be incorporated into a new module, mod_cache. In other words:
-the Apache 2.0.x-Proxy doesn't
-cache at all - all caching functionality has been moved into mod_cache,
-which is capable of caching any content, not only content from proxy.
-</p>
-
-<p>If you need to use SSL when contacting remote servers, have a look at the
-<code>SSLProxy*</code> directives in <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>.</p>
-
-<div class="warning"><p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have
-<a href="#access">secured your server</a>. Open proxy servers are
-dangerous both to your network and to the Internet at large.</p></div>
-
-
+ <div class="warning"><h3>Warning</h3>
+ <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous both to your
+ network and to the Internet at large.</p>
+ </div>
+
+ <p>This module implements a proxy/gateway for Apache. It implements
+ proxying capability for <code>AJP13</code> (Apache JServe Protocol
+ version 1.3), <code>FTP</code>, <code>CONNECT</code> (for SSL),
+ <code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and <code>HTTP/1.1</code>.
+ The module can be configured to connect to other proxy modules for these
+ and other protocols.</p>
+
+ <p>Apache's proxy features are divided into several modules in
+ addition to <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>:
+ <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>, <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>,
+ <code class="module"><a href="../mod/mod_proxy_ajp.html">mod_proxy_ajp</a></code>, <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code>,
+ and <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code>. Thus, if you want to use
+ one or more of the particular proxy functions, load
+ <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> <em>and</em> the appropriate module(s)
+ into the server (either statically at compile-time or dynamically
+ via the <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>
+ directive).</p>
+
+ <p>In addition, extended features are provided by other modules.
+ Caching is provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and related
+ modules. The ability to contact remote servers using the SSL/TLS
+ protocol is provided by the <code>SSLProxy*</code> directives of
+ <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need
+ to be loaded and configured to take advantage of these features.</p>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#balancermember">BalancerMember</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxy"><Proxy></a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxydomain">ProxyDomain</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyerroroverride">ProxyErrorOverride</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxymatch"><ProxyMatch></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxymaxforwards">ProxyMaxForwards</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypass">ProxyPass</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxypassinterpolateenv">ProxyPassInterpolateEnv</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxypassmatch">ProxyPassMatch</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreverse">ProxyPassReverse</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiedomain">ProxyPassReverseCookieDomain</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreversecookiepath">ProxyPassReverseCookiePath</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypreservehost">ProxyPreserveHost</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremote">ProxyRemote</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremotematch">ProxyRemoteMatch</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyrequests">ProxyRequests</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxyset">ProxySet</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxystatus">ProxyStatus</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li>
</ul>
<h3>Topics</h3>
<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#configs">Common configuration topics</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward Proxies and Reverse
+ Proxies/Gateways</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#request-bodies">Request Bodies</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#x-headers">Reverse Proxy Request Headers</a></li>
+</ul><h3>See also</h3>
+<ul class="seealso">
+<li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
+<li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li>
+<li><code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code></li>
+<li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li>
+<li><code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></li>
+<li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="configs" id="configs">Common configuration topics</a></h2>
-
-<ul>
-<li><a href="#forwardreverse">Forward and Reverse Proxies</a></li>
-<li><a href="#access">Controlling access to your proxy</a></li>
-<li><a href="#mimetypes">Why doesn't file type <em>xxx</em> download via FTP?</a></li>
-<li><a href="#type">How can I force an FTP ASCII download of File <em>xxx</em>?</a></li>
-<li><a href="#percent2fhack">How can I access FTP files outside of my home directory?</a></li>
-<li><a href="#ftppass">How can I hide the FTP cleartext password in my browser's URL line?</a></li>
-<li><a href="#startup">Why does Apache start more slowly when using the
- proxy module?</a></li>
-
-<li><a href="#intranet">What other functions are useful for an intranet proxy server?</a></li>
-<li><a href="#envsettings">How can I make the proxy talk HTTP/1.0 and disable keepalives?</a></li>
-</ul>
-
-<h3><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h3>
-
-<p>Apache can be configured in both a <em>forward</em> and <em>reverse</em>
-proxy configuration.</p>
-
-<p>A <em>forward proxy</em> is an intermediate system that enables a browser to connect to a
-remote network to which it normally does not have access. A forward proxy
-can also be used to cache data, reducing load on the networks between the
-forward proxy and the remote webserver.</p>
-
-<p>Apache's mod_proxy can be figured to behave like a forward proxy
-using the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code>
-directive. In addition, caching of data can be achieved by configuring
-Apache <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>. Other dedicated forward proxy
-packages include <a href="http://www.squid.org">Squid</a>.</p>
-
-<p>A <em>reverse proxy</em> is a webserver system that is capable of serving webpages
-sourced from other webservers - in addition to webpages on disk or generated
-dynamically by CGI - making these pages look like they originated at the
-reverse proxy.</p>
-
-<p>When configured with the mod_cache module the reverse
-proxy can act as a cache for slower backend webservers. The reverse proxy
-can also enable advanced URL strategies and management techniques, allowing
-webpages served using different webserver systems or architectures to
-coexist inside the same URL space. Reverse proxy systems are also ideal for
-implementing centralised logging websites with many or diverse website
-backends. Complex multi-tier webserver systems can be constructed using an
-Apache mod_proxy frontend and any number of backend webservers.</p>
-
-<p>The reverse proxy is configured using the
-<code class="directive"><a href="#proxypass">ProxyPass</a></code> and <code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code> directives. Caching can be
-enabled using mod_cache as with the forward proxy.</p>
-
-
-
-<h3><a name="access" id="access">Controlling access to your proxy</a></h3>
-
-<p>You can control who can access your proxy via the
-<code class="directive"><a href="#proxy"><Proxy></a></code>
-control block using the following example:</p>
-
-<div class="example"><p><code>
-<Proxy *><br />
-Order Deny,Allow<br />
-Deny from all<br />
-Allow from 192.168.0<br />
-</Proxy>
-</code></p></div>
-
-<p>When configuring a reverse proxy, access control takes on the
-attributes of the normal server <code class="directive"><a href="../mod/core.html#directory"><directory></a></code> configuration.</p>
-
-
-<h3><a name="mimetypes" id="mimetypes">Why doesn't file type <em>xxx</em>
-download via FTP?</a></h3>
-
-<p>You probably don't have that particular file type defined as
-<em>application/octet-stream</em> in your proxy's mime.types configuration
-file. A useful line can be</p>
-
-<div class="example"><p><code>
-application/octet-stream bin dms lha lzh exe class tgz taz
-</code></p></div>
-
-
-<h3><a name="type" id="type">How can I force an FTP ASCII download of
-File <em>xxx</em>?</a></h3>
-
-<p>In the rare situation where you must download a specific file using the FTP
-<strong>ASCII</strong> transfer method (while the default transfer is in
-<strong>binary</strong> mode), you can override mod_proxy's default by
-suffixing the request with <code>;type=a</code> to force an ASCII transfer.
-(FTP Directory listings are always executed in ASCII mode, however.)</p>
-
-
-<h3><a name="percent2fhck" id="percent2fhck">How can I access FTP files outside
-of my home directory?</a></h3>
-
-<p>
-An FTP URI is interpreted relative to the home directory of the user
-who is logging in. Alas, to reach higher directory levels you cannot
-use /../, as the dots are interpreted by the browser and not actually
-sent to the FTP server. To address this problem, the so called "Squid
-%2f hack" was implemented in the Apache FTP proxy; it is is a solution
-which is also used by other popular proxy servers like the <a href="http://www.squid-cache.org/">Squid Proxy Cache</a>. By
-prepending /%2f to the path of your request, you can make such a proxy
-change the FTP starting directory to / (instead of the home
-directory). </p>
-
-<p><strong>Example:</strong> To retrieve the file
-<code>/etc/motd</code>, you would use the URL</p>
-<div class="example"><p><code>ftp://<em>user@host</em>/%2f/etc/motd</code></p></div>
-
-
-<h3><a name="ftppass" id="ftppass">How can I hide the FTP cleartext password
-in my browser's URL line?</a></h3>
-
-<p>
-To log in to an FTP server by username and password, Apache
-uses different strategies.
-In absense of a user name and password in the URL altogether,
-Apache sends an anomymous login to the FTP server, i.e.,</p>
-<div class="example"><p><code>
-user: anonymous<br />
-password: apache_proxy@
-</code></p></div>
-<p>This works for all popular FTP servers which are configured for
-anonymous access.</p>
-
-<p>For a personal login with a specific username, you can embed
-the user name into the URL, like in:
-<code>ftp://<em>username@host</em>/myfile</code>. If the FTP server
-asks for a password when given this username (which it should),
-then Apache will reply with a [401 Authorization required] response,
-which causes the Browser to pop up the username/password dialog.
-Upon entering the password, the connection attempt is retried,
-and if successful, the requested resource is presented.
-The advantage of this procedure is that your browser does not
-display the password in cleartext (which it would if you had used
-<code>ftp://<em>username:password@host</em>/myfile</code> in
-the first place).</p>
-
-<div class="note"><h3>Note</h3>
-The password which is transmitted in such a way
-is not encrypted on its way. It travels between your browser and
-the Apache proxy server in a base64-encoded cleartext string, and
-between the Apache proxy and the FTP server as plaintext. You should
-therefore think twice before accessing your FTP server via HTTP
-(or before accessing your personal files via FTP at all!) When
-using unsecure channels, an eavesdropper might intercept your
-password on its way.
-</div>
-
-
-<h3><a name="startup" id="startup">Why does Apache start more slowly when
-using the proxy module?</a></h3>
-
-<p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code>
-directive, hostnames' IP addresses are looked up and cached during
-startup for later match test. This may take a few seconds (or more)
-depending on the speed with which the hostname lookups occur.</p>
-
-
-
-
-<h3><a name="intranet" id="intranet">What other functions are useful for an
-intranet proxy server?</a></h3>
-
-<p>An Apache proxy server situated in an intranet needs to forward
-external requests through the company's firewall. However, when it has
-to access resources within the intranet, it can bypass the firewall
-when accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code> directive is useful for
-specifying which hosts belong to the intranet and should be accessed
-directly.</p>
-
-<p>Users within an intranet tend to omit the local domain name from their
-WWW requests, thus requesting "http://somehost/" instead of
-"http://somehost.my.dom.ain/". Some commercial proxy servers let them get
-away with this and simply serve the request, implying a configured
-local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive
-is used and the server is <a href="#proxyrequests">configured for
-proxy service</a>, Apache can return a redirect response and send the client
-to the correct, fully qualified, server address. This is the preferred method
-since the user's bookmark files will then contain fully qualified hosts.</p>
-
-<h3><a name="envsettings" id="envsettings">How can I make the proxy talk HTTP/1.0 and
-disable keepalives?</a></h3>
-
-<p>For circumstances where you have a application server which doesn't implement
-keepalives or HTTP/1.1 properly, there are 2 environment variables which when
-set send a HTTP/1.0 with no keepalive. These are set via the <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
-<p>These are the 'force-proxy-request-1.0' and 'proxy-nokeepalive' notes.</p>
-
-<div class="example"><p><code>
-<location /buggyappserver/ ><br />
-ProxyPass http://buggyappserver:7001/foo/<br />
-SetEnv force-proxy-request-1.0 1<br />
-SetEnv proxy-nokeepalive 1<br />
-</location>
-</code></p></div>
-
-
-
-</div>
+<h2><a name="forwardreverse" id="forwardreverse">Forward Proxies and Reverse
+ Proxies/Gateways</a></h2>
+ <p>Apache can be configured in both a <dfn>forward</dfn> and
+ <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
+
+ <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
+ server that sits between the client and the <em>origin
+ server</em>. In order to get content from the origin server,
+ the client sends a request to the proxy naming the origin server
+ as the target and the proxy then requests the content from the
+ origin server and returns it to the client. The client must be
+ specially configured to use the forward proxy to access other
+ sites.</p>
+
+ <p>A typical usage of a forward proxy is to provide Internet
+ access to internal clients that are otherwise restricted by a
+ firewall. The forward proxy can also use caching (as provided
+ by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
+
+ <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
+ forward proxies allow clients to access arbitrary sites through
+ your server and to hide their true origin, it is essential that
+ you <a href="#access">secure your server</a> so that only
+ authorized clients can access the proxy before activating a
+ forward proxy.</p>
+
+ <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
+ contrast, appears to the client just like an ordinary web
+ server. No special configuration on the client is necessary.
+ The client makes ordinary requests for content in the name-space
+ of the reverse proxy. The reverse proxy then decides where to
+ send those requests, and returns the content as if it was itself
+ the origin.</p>
+
+ <p>A typical usage of a reverse proxy is to provide Internet
+ users access to a server that is behind a firewall. Reverse
+ proxies can also be used to balance load among several back-end
+ servers, or to provide caching for a slower back-end server.
+ In addition, reverse proxies can be used simply to bring
+ several servers into the same URL space.</p>
+
+ <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
+ <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
+ <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
+ configure a reverse proxy.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Basic Examples</a></h2>
+
+ <p>The examples below are only a very basic idea to help you
+ get started. Please read the documentation on the individual
+ directives.</p>
+
+ <p>In addition, if you wish to have caching enabled, consult
+ the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
+
+ <div class="example"><h3>Forward Proxy</h3><p><code>
+ ProxyRequests On<br />
+ ProxyVia On<br />
+ <br />
+ <Proxy *><br />
+ <span class="indent">
+ Order deny,allow<br />
+ Deny from all<br />
+ Allow from internal.example.com<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <div class="example"><h3>Reverse Proxy</h3><p><code>
+ ProxyRequests Off<br />
+ <br />
+ <Proxy *><br />
+ <span class="indent">
+ Order deny,allow<br />
+ Allow from all<br />
+ </span>
+ </Proxy><br />
+ <br />
+ ProxyPass /foo http://foo.example.com/bar<br />
+ ProxyPassReverse /foo http://foo.example.com/bar
+ </code></p></div>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
+ <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
+ the following example:</p>
+
+ <div class="example"><p><code>
+ <Proxy *><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from 192.168.0<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <p>For more information on access control directives, see
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
+
+ <p>Strictly limiting access is essential if you are using a
+ forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
+ Otherwise, your server can be used by any client to access
+ arbitrary hosts while hiding his or her true identity. This is
+ dangerous both for your network and for the Internet at large.
+ When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
+ <code>ProxyRequests Off</code>), access control is less
+ critical because clients can only contact the hosts that you
+ have specifically configured.</p>
+
+ <p><strong>See Also</strong> the <a href="mod_proxy_http.html#env">Proxy-Chain-Auth</a> environment variable.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="startup" id="startup">Slow Startup</a></h2>
+ <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
+ and cached during startup for later match test. This may take a few
+ seconds (or more) depending on the speed with which the hostname lookups
+ occur.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
+ <p>An Apache proxy server situated in an intranet needs to forward
+ external requests through the company's firewall (for this, configure
+ the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
+ to forward the respective <var>scheme</var> to the firewall proxy).
+ However, when it has to
+ access resources within the intranet, it can bypass the firewall when
+ accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
+ directive is useful for specifying which hosts belong to the intranet and
+ should be accessed directly.</p>
+
+ <p>Users within an intranet tend to omit the local domain name from their
+ WWW requests, thus requesting "http://somehost/" instead of
+ <code>http://somehost.example.com/</code>. Some commercial proxy servers
+ let them get away with this and simply serve the request, implying a
+ configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
+ a redirect response and send the client to the correct, fully qualified,
+ server address. This is the preferred method since the user's bookmark
+ files will then contain fully qualified hosts.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
+ <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
+ requests to an origin server that doesn't properly implement
+ keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
+ request to use HTTP/1.0 with no keepalive. These are set via the
+ <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
+
+ <p>These are the <code>force-proxy-request-1.0</code> and
+ <code>proxy-nokeepalive</code> notes.</p>
+
+ <div class="example"><p><code>
+ <Location /buggyappserver/><br />
+ <span class="indent">
+ ProxyPass http://buggyappserver:7001/foo/<br />
+ SetEnv force-proxy-request-1.0 1<br />
+ SetEnv proxy-nokeepalive 1<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>
+
+ <p>Some request methods such as POST include a request body.
+ The HTTP protocol requires that requests which include a body
+ either use chunked transfer encoding or send a
+ <code>Content-Length</code> request header. When passing these
+ requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
+ will always attempt to send the <code>Content-Length</code>. But
+ if the body is large and the original request used chunked
+ encoding, then chunked encoding may also be used in the upstream
+ request. You can control this selection using <a href="../env.html">environment variables</a>. Setting
+ <code>proxy-sendcl</code> ensures maximum compatibility with
+ upstream servers by always sending the
+ <code>Content-Length</code>, while setting
+ <code>proxy-sendchunked</code> minimizes resource usage by using
+ chunked encoding.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
+
+ <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),
+ <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in
+ order to pass information to the origin server. These headers
+ are:</p>
+
+ <dl>
+ <dt><code>X-Forwarded-For</code></dt>
+ <dd>The IP address of the client.</dd>
+ <dt><code>X-Forwarded-Host</code></dt>
+ <dd>The original host requested by the client in the <code>Host</code>
+ HTTP request header.</dd>
+ <dt><code>X-Forwarded-Server</code></dt>
+ <dd>The hostname of the proxy server.</dd>
+ </dl>
+
+ <p>Be careful when using these headers on the origin server, since
+ they will contain more than one (comma-separated) value if the
+ original request already contained one of these headers. For
+ example, you can use <code>%{X-Forwarded-For}i</code> in the log
+ format string of the origin server to log the original clients IP
+ address, but you may get more than one address if the request
+ passes through several proxies.</p>
+
+ <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control
+ other request headers.</p>
+
+ </div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
+<div class="directive-section"><h2><a name="BalancerMember" id="BalancerMember">BalancerMember</a> <a name="balancermember" id="balancermember">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to CONNECT through
-the proxy</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <em>port</em> [<em>port</em>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add a member to a load balancing group</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BalancerMember [<var>balancerurl</var>] <var>url</var> [<var>key=value [key=value ...]]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerMember is only available in Apache 2.2
+ and later.</td></tr>
</table>
-<p>The <code class="directive">AllowCONNECT</code> directive specifies a list
-of port numbers to which the proxy <code>CONNECT</code> method may
-connect. Today's browsers use this method when a <em>https</em>
-connection is requested and proxy tunneling over <em>http</em> is in
-effect.<br /> By default, only the default https port (443) and the
-default snews port (563) are enabled. Use the
-<code class="directive">AllowCONNECT</code> directive to overrride this default and
-allow connections to the listed ports only.</p>
+ <p>This directive adds a member to a load balancing group. It could be used
+ within a <code><Proxy <var>balancer://</var>...></code> container
+ directive, and can take any of the key value pair parameters available to
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
+ <p>One additional parameter is available only to <code class="directive"><a href="#balancermember">BalancerMember</a></code> directives:
+ <var>loadfactor</var>. This is the member load factor - a number between 1
+ (default) and 100, which defines the weighted load to be applied to the
+ member in question.</p>
+ <p>The balancerurl is only needed when not in <code><Proxy <var>balancer://</var>...></code>
+ container directive. It corresponds to the url of a balancer defined in
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected
-to directly</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <em>host</em> [<em>host</em>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
+directly</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This directive is only useful for Apache proxy servers within
-intranets. The <code class="directive">NoProxy</code> directive specifies a
-list of subnets, IP addresses, hosts and/or domains, separated by
-spaces. A request to a host which matches one or more of these is
-always served directly, without forwarding to the configured
-<code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
-
-<div class="example"><h3>Example</h3><p><code>
- ProxyRemote * http://firewall.mycompany.com:81<br />
- NoProxy .mycompany.com 192.168.112.0/21
-</code></p></div>
-
-<p>The <em>host</em> arguments to the NoProxy directive are one of the
-following type list:</p>
- <dl>
+ <p>This directive is only useful for Apache proxy servers within
+ intranets. The <code class="directive">NoProxy</code> directive specifies a
+ list of subnets, IP addresses, hosts and/or domains, separated by
+ spaces. A request to a host which matches one or more of these is
+ always served directly, without forwarding to the configured
+ <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyRemote * http://firewall.example.com:81<br />
+ NoProxy .example.com 192.168.112.0/21
+ </code></p></div>
+
+ <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
+ directive are one of the following type list:</p>
+
+ <dl>
+
+ <dt><var><a name="domain" id="domain">Domain</a></var></dt>
+ <dd>
+ <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
+ by a period. It represents a list of hosts which logically belong to the
+ same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
+ all ending in <var>Domain</var>).</p>
+
+ <div class="example"><h3>Examples</h3><p><code>
+ .com .apache.org.
+ </code></p></div>
+
+ <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
+ have a DNS A record, too!), <var>Domain</var>s are always written with a
+ leading period.</p>
- <dt><a name="domain">
- <em>Domain</em></a></dt>
- <dd>A <em>Domain</em> is a partially qualified DNS domain name, preceded
- by a period.
- It represents a list of hosts which logically belong to the same DNS
- domain or zone (<em>i.e.</em>, the suffixes of the hostnames are all ending in
- <em>Domain</em>).<br />
- Examples: <code>.com</code> <code>.apache.org.</code><br />
- To distinguish <em>Domain</em>s from <a href="#hostname"><em>Hostname</em></a>s (both
- syntactically and semantically; a DNS domain can have a DNS A record,
- too!), <em>Domain</em>s are always written
- with a leading period.<br />
- Note: Domain name comparisons are done without regard to the case,
- and <em>Domain</em>s are always assumed to be anchored in the root
- of the DNS tree, therefore two domains <code>.MyDomain.com</code> and
- <code>.mydomain.com.</code> (note the trailing period) are
- considered equal. Since a domain comparison does not involve a DNS
- lookup, it is much more efficient than subnet comparison.</dd>
+ <div class="note"><h3>Note</h3>
+ <p>Domain name comparisons are done without regard to the case, and
+ <var>Domain</var>s are always assumed to be anchored in the root of the
+ DNS tree, therefore two domains <code>.ExAmple.com</code> and
+ <code>.example.com.</code> (note the trailing period) are considered
+ equal. Since a domain comparison does not involve a DNS lookup, it is much
+ more efficient than subnet comparison.</p>
+ </div></dd>
- <dt><a name="subnet">
- <em>SubNet</em></a></dt>
- <dd>A <em>SubNet</em> is a partially qualified internet address in
- numeric (dotted quad) form, optionally followed by a slash and the
- netmask, specified as the number of significant bits in the
- <em>SubNet</em>. It is used to represent a subnet of hosts which can
- be reached over a common network interface. In the absence of the
- explicit net mask it is assumed that omitted (or zero valued)
- trailing digits specify the mask. (In this case, the netmask can
- only be multiples of 8 bits wide.)<br />
- Examples:
- <dl>
- <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
- <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
- (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
- <dt><code>192.168.112.0/21</code></dt>
- <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
- valid bits (also used in the form 255.255.248.0)</dd>
- </dl>
- As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
- equivalent to an <em>IPAddr</em>, while a <em>SubNet</em> with zero
- valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
- <em>_Default_</em>, matching any IP address. </dd>
+ <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
+ <dd>
+ <p>A <dfn>SubNet</dfn> is a partially qualified internet address in
+ numeric (dotted quad) form, optionally followed by a slash and the netmask,
+ specified as the number of significant bits in the <var>SubNet</var>. It is
+ used to represent a subnet of hosts which can be reached over a common
+ network interface. In the absence of the explicit net mask it is assumed
+ that omitted (or zero valued) trailing digits specify the mask. (In this
+ case, the netmask can only be multiples of 8 bits wide.) Examples:</p>
+
+ <dl>
+ <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
+ <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
+ (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
+ <dt><code>192.168.112.0/21</code></dt>
+ <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
+ valid bits (also used in the form <code>255.255.248.0</code>)</dd>
+ </dl>
+
+ <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
+ equivalent to an <var><a href="#ipadr">IPAddr</a></var>, while a <var>SubNet</var> with zero
+ valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
+ <var>_Default_</var>, matching any IP address.</p></dd>
- <dt><a name="ipaddr">
- <em>IPAddr</em></a></dt>
- <dd>A <em>IPAddr</em> represents a fully qualified internet address in
- numeric (dotted quad) form. Usually, this address represents a
- host, but there need not necessarily be a DNS domain name
- connected with the address.<br />
- Example: 192.168.123.7<br />
- Note: An <em>IPAddr</em> does not need to be resolved by the DNS
- system, so it can result in more effective apache performance.</dd>
+ <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
+ <dd>
+ <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
+ numeric (dotted quad) form. Usually, this address represents a host, but
+ there need not necessarily be a DNS domain name connected with the
+ address.</p>
+ <div class="example"><h3>Example</h3><p><code>
+ 192.168.123.7
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
+ it can result in more effective apache performance.</p>
+ </div></dd>
- <dt><a name="hostname">
- <em>Hostname</em></a></dt>
- <dd>A <em>Hostname</em> is a fully qualified DNS domain name which can
- be resolved to one or more <a href="#ipaddr"><em>IPAddrs</em></a> via the DNS domain name service.
- It represents a logical host (in contrast to
- <a href="#domain"><em>Domain</em></a>s, see
- above) and must be resolvable to at least one <a href="#ipaddr"><em>IPAddr</em></a> (or often to a list of hosts
- with different <a href="#ipaddr"><em>IPAddr</em></a>'s).<br />
- Examples: <code>prep.ai.mit.edu</code>
- <code>www.apache.org.</code><br />
- Note: In many situations, it is more effective to specify an
- <a href="#ipaddr"><em>IPAddr</em></a> in place of a
- <em>Hostname</em> since a DNS lookup
- can be avoided. Name resolution in Apache can take a remarkable deal
- of time when the connection to the name server uses a slow PPP
- link.<br />
- Note: <em>Hostname</em> comparisons are done without regard to the case,
- and <em>Hostname</em>s are always assumed to be anchored in the root
- of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
- and <code>www.mydomain.com.</code> (note the trailing period) are
- considered equal.</dd>
-</dl>
+ <dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
+ <dd>
+ <p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
+ be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
+ DNS domain name service. It represents a logical host (in contrast to
+ <var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
+ to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
+ of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>
+
+ <div class="example"><h3>Examples</h3><p><code>
+ prep.ai.example.com<br />
+ www.apache.org
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
+ DNS lookup can be avoided. Name resolution in Apache can take a remarkable
+ deal of time when the connection to the name server uses a slow PPP
+ link.</p>
+ <p><var>Hostname</var> comparisons are done without regard to the case,
+ and <var>Hostname</var>s are always assumed to be anchored in the root
+ of the DNS tree, therefore two hosts <code>WWW.ExAmple.com</code>
+ and <code>www.example.com.</code> (note the trailing period) are
+ considered equal.</p>
+ </div></dd>
+ </dl>
<h3>See also</h3>
<ul>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Proxy" id="Proxy"><Proxy></a> <a name="proxy" id="proxy">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied
-resources</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <em>wildcard-url</em>> ...</Proxy></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <var>wildcard-url</var>> ...</Proxy></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>Directives placed in <code class="directive"><Proxy></code>
+ sections apply only to matching proxied content. Shell-style wildcards are
+ allowed.</p>
+
+ <p>For example, the following will allow only hosts in
+ <code>yournetwork.example.com</code> to access content via your proxy
+ server:</p>
+
+ <div class="example"><p><code>
+ <Proxy *><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from yournetwork.example.com<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <p>The following example will process all files in the <code>foo</code>
+ directory of <code>example.com</code> through the <code>INCLUDES</code>
+ filter when they are sent through the proxy server:</p>
+
+ <div class="example"><p><code>
+ <Proxy http://example.com/foo/*><br />
+ <span class="indent">
+ SetOutputFilter INCLUDES<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#proxymatch"><ProxyMatch></a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyBadHeader" id="ProxyBadHeader">ProxyBadHeader</a> <a name="proxybadheader" id="proxybadheader">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how to handle bad header lines in a
+response</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBadHeader IsError|Ignore|StartBody</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyBadHeader IsError</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.44 and later</td></tr>
</table>
-<p>Directives placed in <code class="directive"><Proxy></code>
-sections apply only to matching proxied content. Shell-style
-wildcards are allowed.</p>
-
-<p>For example, the following will allow only hosts in
-<code>yournetwork.example.com</code> to access content via your
-proxy server:</p>
-
-<div class="example"><p><code>
-<Proxy *><br />
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from yournetwork.example.com<br />
-</Proxy>
-</code></p></div>
-
-<p>The following example will process all files in the
-<code>foo</code> directory of <code>example.com</code> through the
-<code>INCLUDES</code> filter when they are sent through the proxy
-server:</p>
-<div class="example"><p><code>
-<Proxy http://example.com/foo/*><br />
- SetOutputFilter INCLUDES<br />
-</Proxy>
-</code></p></div>
+ <p>The <code class="directive">ProxyBadHeader</code> directive determines the
+ behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> if it receives syntactically invalid
+ header lines (<em>i.e.</em> containing no colon). The following arguments
+ are possible:</p>
+
+ <dl>
+ <dt><code>IsError</code></dt>
+ <dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
+ the default behaviour.</dd>
+
+ <dt><code>Ignore</code></dt>
+ <dd>Treat bad header lines as if they weren't sent.</dd>
+
+ <dt><code>StartBody</code></dt>
+ <dd>When receiving the first bad header line, finish reading the headers and
+ treat the remainder as body. This helps to work around buggy backend servers
+ which forget to insert an empty line between the headers and the body.</dd>
+ </dl>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Words, hosts, or domains that are banned from being
proxied</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<em>word|host|domain</em>
-[<em>word|host|domain</em>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<var>word</var>|<var>host</var>|<var>domain</var>
+[<var>word</var>|<var>host</var>|<var>domain</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>The <code class="directive">ProxyBlock</code> directive specifies a list of
-words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
-FTP document requests to sites whose names contain matched words,
-hosts or domains are <em>blocked</em> by the proxy server. The proxy
-module will also attempt to determine IP addresses of list items which
-may be hostnames during startup, and cache them for match test as
-well. Example:</p>
-
-<div class="example"><p><code>
- ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
-</code></p></div>
+ <p>The <code class="directive">ProxyBlock</code> directive specifies a list of
+ words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
+ FTP document requests to sites whose names contain matched words,
+ hosts or domains are <em>blocked</em> by the proxy server. The proxy
+ module will also attempt to determine IP addresses of list items which
+ may be hostnames during startup, and cache them for match test as
+ well. That may slow down the startup time of the server.</p>
-<p>'rocky.wotsamattau.edu' would also be matched if referenced by IP
-address.</p>
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
+ </code></p></div>
-<p>Note that 'wotsamattau' would also be sufficient to match
-'wotsamattau.edu'.</p>
+ <p><code>rocky.wotsamattau.edu</code> would also be matched if referenced by
+ IP address.</p>
-<p>Note also that</p>
+ <p>Note that <code>wotsamattau</code> would also be sufficient to match
+ <code>wotsamattau.edu</code>.</p>
-<div class="example"><p><code>
-ProxyBlock *
-</code></p></div>
+ <p>Note also that</p>
-<p>blocks connections to all sites.</p>
+ <div class="example"><p><code>
+ ProxyBlock *
+ </code></p></div>
+ <p>blocks connections to all sites.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyDomain" id="ProxyDomain">ProxyDomain</a> <a name="proxydomain" id="proxydomain">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default domain name for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <em>Domain</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <var>Domain</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This directive is only useful for Apache proxy servers within
-intranets. The <code class="directive">ProxyDomain</code> directive specifies
-the default domain which the apache proxy server will belong to. If a
-request to a host without a domain name is encountered, a redirection
-response to the same host with the configured <em>Domain</em> appended
-will be generated.</p>
-
-<div class="example"><h3>Example</h3><p><code>
- ProxyRemote * http://firewall.mycompany.com:81<br />
- NoProxy .mycompany.com 192.168.112.0/21<br />
- ProxyDomain .mycompany.com
-</code></p></div>
+ <p>This directive is only useful for Apache proxy servers within
+ intranets. The <code class="directive">ProxyDomain</code> directive specifies
+ the default domain which the apache proxy server will belong to. If a
+ request to a host without a domain name is encountered, a redirection
+ response to the same host with the configured <var>Domain</var> appended
+ will be generated.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyRemote * http://firewall.example.com:81<br />
+ NoProxy .example.com 192.168.112.0/21<br />
+ ProxyDomain .example.com
+ </code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0 and later</td></tr>
</table>
-<p>This directive is useful for reverse-proxy setups, where you want to
-have a common look and feel on the error pages seen by the end user.
-This also allows for included files (via mod_include's SSI) to get
-the error code and act accordingly (default behavior would display
-the error page of the proxied server, turning this on shows the SSI
-Error message).</p>
+ <p>This directive is useful for reverse-proxy setups, where you want to
+ have a common look and feel on the error pages seen by the end user.
+ This also allows for included files (via
+ <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>'s SSI) to get
+ the error code and act accordingly (default behavior would display
+ the error page of the proxied server, turning this on shows the SSI
+ Error message).</p>
+
+ <p>This directive does not affect the processing of informational (1xx),
+ normal success (2xx), or redirect (3xx) responses.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyIOBufferSize" id="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize" id="proxyiobuffersize">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>IO buffer size for outgoing HTTP and FTP
-connections</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <em>bytes</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determine size of internal data throughput buffer</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyIOBufferSize 8192</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-
+ <p>The <code class="directive">ProxyIOBufferSize</code> directive adjusts the size
+ of the internal buffer, which is used as a scratchpad for the data between
+ input and output. The size must be at least <code>512</code>.</p>
+
+ <p>In almost every case there's no reason to change that value.</p>
+ <p>If used with AJP this directive sets the maximum AJP packet size in
+ bytes. If you change it from the default, you must also change the
+ <code>packetSize</code> attribute of your AJP connector on the
+ Tomcat side! The attribute <code>packetSize</code> is only available
+ in Tomcat <code>5.5.20+</code> and <code>6.0.2+</code></p>
+ <p>Normally it is not necessary to change the maximum packet size.
+ Problems with the default value have been reported when sending
+ certificates or certificate chains.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to regular-expression-matched
proxied resources</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <em>regex</em>> ...</ProxyMatch></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <var>regex</var>> ...</ProxyMatch></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>The <code class="directive"><ProxyMatch></code> directive is
-identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
-using regular expressions.</p>
+ <p>The <code class="directive"><ProxyMatch></code> directive is
+ identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
+ using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#proxy"><Proxy></a></code></li>
+</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyMaxForwards" id="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards" id="proxymaxforwards">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximium number of proxies that a request can be forwarded
through</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <em>number</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards 10</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards -1</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later;
+ default behaviour changed in 2.2.7/2.3</td></tr>
</table>
-<p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
-maximum number of proxies through which a request may pass. This is
-set to prevent infinite proxy loops, or a DoS attack.</p>
-
-<div class="example"><h3>Example</h3><p><code>
- ProxyMaxForwards 10
-</code></p></div>
+ <p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
+ maximum number of proxies through which a request may pass, if there's no
+ <code>Max-Forwards</code> header supplied with the request. This may
+ be set to prevent infinite proxy loops, or a DoS attack.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyMaxForwards 15
+ </code></p></div>
+
+ <p>Note that setting <code class="directive">ProxyMaxForwards</code> is a
+ violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
+ setting <code>Max-Forwards</code> if the Client didn't set it.
+ Earlier Apache versions would always set it. A negative
+ <code class="directive">ProxyMaxForwards</code> value, including the
+ default -1, gives you protocol-compliant behaviour, but may
+ leave you open to loops.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyPass" id="ProxyPass">ProxyPass</a> <a name="proxypass" id="proxypass">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server
-URL-space</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<em>path</em>] !|<em>url</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var>
+ <var>[key=value</var> ...]] [nocanon] [interpolate]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This directive allows remote servers to be mapped into the space of
-the local server; the local server does not act as a proxy in the
-conventional sense, but appears to be a mirror of the remote
-server. <em>path</em> is the name of a local virtual path;
-<em>url</em> is a partial URL for the remote server and cannot
-include a query string.</p>
-
-<p>Suppose the local server has address <code>http://wibble.org/</code>;
-then</p>
-<div class="example"><p><code>
- ProxyPass /mirror/foo/ http://foo.com/
-</code></p></div>
-<p>will cause a local request for the
-<<code>http://wibble.org/mirror/foo/bar</code>> to be
-internally converted into a proxy request to
-<<code>http://foo.com/bar</code>>.</p>
-<p>
-The ! directive is useful in situations where you don't want to reverse-proxy
-a subdirectory. eg.</p>
-<div class="example"><p><code>
- ProxyPass /mirror/foo/i !<br />
- ProxyPass /mirror/foo http://foo.com
-</code></p></div>
-<p>will proxy all requests to /mirror/foo to foo.com EXCEPT requests made to /mirror/foo/i</p>
-
-<div class="note">NB: order is important. you need to put the exclusions BEFORE the general proxypass directive</div>
-
-<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is
-ommitted and the local directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
-
-<p>If you require a more flexible reverse-proxy configuration, see
-the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive
-with the <code>[P]</code> flag.</p>
+ <p>This directive allows remote servers to be mapped into the
+ space of the local server; the local server does not act as a
+ proxy in the conventional sense, but appears to be a mirror of the
+ remote server. The local server is often called a <dfn>reverse
+ proxy</dfn> or <dfn>gateway</dfn>. The <var>path</var> is the name of
+ a local virtual path; <var>url</var> is a partial URL for the
+ remote server and cannot include a query string.</p>
+
+ <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
+ usually be set <strong>off</strong> when using
+ <code class="directive">ProxyPass</code>.</div>
+
+ <p>Suppose the local server has address <code>http://example.com/</code>;
+ then</p>
+
+ <div class="example"><p><code>
+ ProxyPass /mirror/foo/ http://backend.example.com/
+ </code></p></div>
+
+ <p>will cause a local request for
+ <code>http://example.com/mirror/foo/bar</code> to be internally converted
+ into a proxy request to <code>http://backend.example.com/bar</code>.</p>
+
+ <div class="warning">
+ <p>If the first argument ends with a trailing <strong>/</strong>, the second
+ argument should also end with a trailing <strong>/</strong> and vice
+ versa. Otherwise the resulting requests to the backend may miss some
+ needed slashes and do not deliver the expected results.
+ </p>
+ </div>
+
+ <p>The <code>!</code> directive is useful in situations where you don't want
+ to reverse-proxy a subdirectory, <em>e.g.</em></p>
+
+ <div class="example"><p><code>
+ ProxyPass /mirror/foo/i !<br />
+ ProxyPass /mirror/foo http://backend.example.com
+ </code></p></div>
+
+ <p>will proxy all requests to <code>/mirror/foo</code> to
+ <code>backend.example.com</code> <em>except</em> requests made to
+ <code>/mirror/foo/i</code>.</p>
+
+ <div class="note"><h3>Note</h3>
+ <p>Order is important: exclusions must come <em>before</em> the
+ general <code class="directive">ProxyPass</code> directive.</p>
+ </div>
+
+ <p>As of Apache 2.1, the ability to use pooled connections to a backend
+ server is available. Using the <code>key=value</code> parameters it is
+ possible to tune this connection pooling. The default for a <code>Hard
+ Maximum</code> for the number of connections is the number of threads per
+ process in the active MPM. In the Prefork MPM, this is always 1, while with
+ the Worker MPM it is controlled by the
+ <code class="directive">ThreadsPerChild</code>.</p>
+
+ <p>Setting <code>min</code> will determine how many connections will always
+ be open to the backend server. Upto the Soft Maximum or <code>smax</code>
+ number of connections will be created on demand. Any connections above
+ <code>smax</code> are subject to a time to live or <code>ttl</code>. Apache
+ will never create more than the Hard Maximum or <code>max</code> connections
+ to the backend server.</p>
+
+ <div class="example"><p><code>
+ ProxyPass /example http://backend.example.com smax=5 max=20 ttl=120 retry=300
+ </code></p></div>
+
+ <table>
+ <tr><th>Parameter</th>
+ <th>Default</th>
+ <th>Description</th></tr>
+ <tr><td>min</td>
+ <td>0</td>
+ <td>Minimum number of connections that will always
+ be open to the backend server.</td></tr>
+ <tr><td>max</td>
+ <td>1...n</td>
+ <td>Hard Maximum number of connections that will be
+ allowed to the backend server. The default for a Hard Maximum
+ for the number of connections is the number of threads per process in the
+ active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
+ it is controlled by the <code class="directive">ThreadsPerChild</code>.
+ Apache will never create more than the Hard Maximum connections
+ to the backend server.</td></tr>
+ <tr><td>smax</td>
+ <td>max</td>
+ <td>Upto the Soft Maximum
+ number of connections will be created on demand. Any connections above
+ <code>smax</code> are subject to a time to live or <code>ttl</code>.
+ </td></tr>
+ <tr><td>acquire</td>
+ <td>-</td>
+ <td>If set this will be the maximum time to wait for a free
+ connection in the connection pool, in milliseconds. If there are no free
+ connections in the pool the Apache will return <code>SERVER_BUSY</code>
+ status to the client.
+ </td></tr>
+ <tr><td>connectiontimeout</td>
+ <td>timeout</td>
+ <td>Connect timeout in seconds.
+ The number of seconds Apache waits for the creation of a connection to
+ the backend to complete. By adding a postfix of ms the timeout can be
+ also set in milliseconds.
+ </td></tr>
+ <tr><td>disablereuse</td>
+ <td>Off</td>
+ <td>This parameter should be used when you want to force mod_proxy
+ to immediately close a connection to the backend after being used, and
+ thus, disable its persistent connection and pool for that backend.
+ This helps in various situations where a firewall between Apache and
+ the backend server (regardless of protocol) tends to silently
+ drop connections or when backends themselves may be under round-
+ robin DNS. To disable connection pooling reuse,
+ set this property value to <code>On</code>.
+ </td></tr>
+ <tr><td>flushpackets</td>
+ <td>off</td>
+ <td>Determines whether the proxy module will auto-flush the output
+ brigade after each "chunk" of data. 'off' means that it will flush
+ only when needed, 'on' means after each chunk is sent and
+ 'auto' means poll/wait for a period of time and flush if
+ no input has been received for 'flushwait' milliseconds.
+ Currently this is in effect only for AJP.
+ </td></tr>
+ <tr><td>flushwait</td>
+ <td>10</td>
+ <td>The time to wait for additional input, in milliseconds, before
+ flushing the output brigade if 'flushpackets' is 'auto'.
+ </td></tr>
+ <tr><td>iobuffersize</td>
+ <td>8192</td>
+ <td>Adjusts the size of the internal scratchpad IO buffer. This allows you
+ to override the <code class="directive">ProxyIOBufferSize</code> for a specific worker.
+ This must be at least 512 or set to 0 for the system default of 8192.
+ </td></tr>
+ <tr><td>keepalive</td>
+ <td>Off</td>
+ <td>This parameter should be used when you have a firewall between your
+ Apache and the backend server, who tend to drop inactive connections.
+ This flag will tell the Operating System to send <code>KEEP_ALIVE</code>
+ messages on inactive connections (interval depends on global OS settings,
+ generally 120ms), and thus prevent the firewall to drop the connection.
+ To enable keepalive set this property value to <code>On</code>.
+ </td></tr>
+ <tr><td>lbset</td>
+ <td>0</td>
+ <td>Sets the load balancer cluster set that the worker is a member
+ of. The load balancer will try all members of a lower numbered
+ lbset before trying higher numbered ones.
+ </td></tr>
+ <tr><td>ping</td>
+ <td>0</td>
+ <td>Ping property tells webserver to send a <code>CPING</code>
+ request on ajp13 connection before forwarding a request.
+ The parameter is the delay in seconds to wait for the
+ <code>CPONG</code> reply.
+ This features has been added to avoid problem with hung and
+ busy Tomcat's and require ajp13 ping/pong support which has
+ been implemented on Tomcat 3.3.2+, 4.1.28+ and 5.0.13+.
+ This will increase the network traffic during the normal operation
+ which could be an issue, but it will lower the
+ traffic in case some of the cluster nodes are down or busy.
+ Currently this has an effect only for AJP.
+ By adding a postfix of ms the delay can be also set in
+ milliseconds.
+ </td></tr>
+ <tr><td>receivebuffersize</td>
+ <td>0</td>
+ <td>Adjusts the size of the explicit (TCP/IP) network buffer size for
+ proxied connections. This allows you to override the
+ <code class="directive">ProxyReceiveBufferSize</code> for a specific worker.
+ This must be at least 512 or set to 0 for the system default.
+ </td></tr>
+ <tr><td>redirect</td>
+ <td>-</td>
+ <td>Redirection Route of the worker. This value is usually
+ set dynamically to enable safe removal of the node from
+ the cluster. If set all requests without session id will be
+ redirected to the BalancerMember that has route parametar
+ equal as this value.
+ </td></tr>
+ <tr><td>retry</td>
+ <td>60</td>
+ <td>Connection pool worker retry timeout in seconds.
+ If the connection pool worker to the backend server is in the error state,
+ Apache will not forward any requests to that server until the timeout
+ expires. This enables to shut down the backend server for maintenance,
+ and bring it back online later. A value of 0 means always retry workers
+ in an error state with no timeout.
+ </td></tr>
+ <tr><td>route</td>
+ <td>-</td>
+ <td>Route of the worker when used inside load balancer.
+ The route is a value appended to session id.
+ </td></tr>
+ <tr><td>status</td>
+ <td>-</td>
+ <td>Single letter value defining the initial status of
+ this worker: 'D' is disabled, 'S' is stopped, 'I' is ignore-errors,
+ 'H' is hot-standby and 'E' is in an error state. Status
+ can be set (which is the default) by prepending with '+' or
+ cleared by prepending with '-'.
+ Thus, a setting of 'S-E' sets this worker to Stopped and
+ clears the in-error flag.
+ </td></tr>
+ <tr><td>timeout</td>
+ <td><code class="directive"><a href="#proxytimeout">ProxyTimeout</a></code></td>
+ <td>Connection timeout in seconds.
+ The number of seconds Apache waits for data sent by / to the backend.
+ </td></tr>
+ <tr><td>ttl</td>
+ <td>-</td>
+ <td>Time To Live for the inactive connections above the
+ <code>smax</code> connections in seconds. Apache will close all
+ connections that has not been used inside that time period.
+ </td></tr>
+
+ </table>
+
+ <p>If the Proxy directive scheme starts with the
+ <code>balancer://</code> (eg: <code>balancer://cluster/</code>,
+ any path information is ignored) then a virtual worker that does not really
+ communicate with the backend server will be created. Instead it is responsible
+ for the management of several "real" workers. In that case the special set of
+ parameters can be add to this virtual worker. See <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code>
+ for more information about how the balancer works.
+ </p>
+ <table>
+ <tr><th>Parameter</th>
+ <th>Default</th>
+ <th>Description</th></tr>
+ <tr><td>lbmethod</td>
+ <td>byrequests</td>
+ <td>Balancer load-balance method. Select the load-balancing scheduler
+ method to use. Either <code>byrequests</code>, to perform weighted
+ request counting, <code>bytraffic</code>, to perform weighted
+ traffic byte count balancing, or <code>bybusyness</code>, to perform
+ pending request balancing. Default is <code>byrequests</code>.
+ </td></tr>
+ <tr><td>maxattempts</td>
+ <td>1</td>
+ <td>Maximum number of failover attempts before giving up.
+ </td></tr>
+ <tr><td>nofailover</td>
+ <td>Off</td>
+ <td>If set to <code>On</code> the session will break if the worker is in
+ error state or disabled. Set this value to On if backend servers do not
+ support session replication.
+ </td></tr>
+ <tr><td>stickysession</td>
+ <td>-</td>
+ <td>Balancer sticky session name. The value is usually set to something
+ like <code>JSESSIONID</code> or <code>PHPSESSIONID</code>,
+ and it depends on the backend application server that support sessions.
+ If the backend application server uses different name for cookies
+ and url encoded id (like servlet containers) use | to to separate them.
+ The first part is for the cookie the second for the path.
+ </td></tr>
+ <tr><td>scolonpathdelim</td>
+ <td>Off</td>
+ <td>If set to <code>On</code> the semi-colon character ';' will be
+ used as an additional sticky session path deliminator/separator. This
+ is mainly used to emulate mod_jk's behavior when dealing with paths such
+ as <code>JSESSIONID=6736bcf34;foo=aabfa</code>
+ </td></tr>
+ <tr><td>timeout</td>
+ <td>0</td>
+ <td>Balancer timeout in seconds. If set this will be the maximum time
+ to wait for a free worker. Default is not to wait.
+ </td></tr>
+
+ </table>
+ <p>A sample balancer setup</p>
+ <div class="example"><p><code>
+ ProxyPass /special-area http://special.example.com smax=5 max=10<br />
+ ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On<br />
+ <Proxy balancer://mycluster><br />
+ <span class="indent">
+ BalancerMember http://1.2.3.4:8009<br />
+ BalancerMember http://1.2.3.5:8009 smax=10<br />
+ # Less powerful server, don't send as many requests there<br />
+ BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=20<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <p>Setting up a hot-standby, that will only be used if no other
+ members are available</p>
+ <div class="example"><p><code>
+ ProxyPass / balancer://hotcluster/ <br />
+ <Proxy balancer://hotcluster><br />
+ <span class="indent">
+ BalancerMember http://1.2.3.4:8009 loadfactor=1<br />
+ BalancerMember http://1.2.3.5:8009 loadfactor=2<br />
+ # The below is the hot standby<br />
+ BalancerMember http://1.2.3.6:8009 status=+H<br />
+ ProxySet lbmethod=bytraffic
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <p>Normally, mod_proxy will canonicalise ProxyPassed URLs.
+ But this may be incompatible with some backends, particularly those
+ that make use of <var>PATH_INFO</var>. The optional <var>nocanon</var>
+ keyword suppresses this, and passes the URL path "raw" to the
+ backend. Note that may affect the security of your backend, as it
+ removes the normal limited protection against URL-based attacks
+ provided by the proxy.</p>
+
+ <p>The optional <var>interpolate</var> keyword (available in
+ httpd 2.2.9 and later), in combination with
+ <code class="directive">ProxyPassInterpolateEnv</code> causes the ProxyPass
+ to interpolate environment variables, using the syntax
+ <var>${VARNAME}</var>. Note that many of the standard CGI-derived
+ environment variables will not exist when this interpolation happens,
+ so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+ for complex rules.</p>
+
+ <p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
+ directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
+
+ <p>If you require a more flexible reverse-proxy configuration, see the
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
+ <code>[P]</code> flag.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyPassInterpolateEnv" id="ProxyPassInterpolateEnv">ProxyPassInterpolateEnv</a> <a name="proxypassinterpolateenv" id="proxypassinterpolateenv">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable Environment Variable interpolation in Reverse Proxy configurations</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassInterpolateEnv On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyPassInterpolateEnv Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in httpd 2.2.9 and later</td></tr>
+</table>
+ <p>This directive, together with the <var>interpolate</var> argument to
+ <code class="directive">ProxyPass</code>, <code class="directive">ProxyPassReverse</code>,
+ <code class="directive">ProxyPassReverseCookieDomain</code> and
+ <code class="directive">ProxyPassReverseCookiePath</code>
+ enables reverse proxies to be dynamically
+ configured using environment variables, which may be set by
+ another module such as <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+ It affects the <code class="directive">ProxyPass</code>,
+ <code class="directive">ProxyPassReverse</code>,
+ <code class="directive">ProxyPassReverseCookieDomain</code>, and
+ <code class="directive">ProxyPassReverseCookiePath</code> directives,
+ and causes them to substitute the value of an environment
+ variable <code>varname</code> for the string <code>${varname}</code>
+ in configuration directives.</p>
+ <p>Keep this turned off (for server performance) unless you need it!</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyPassMatch" id="ProxyPassMatch">ProxyPassMatch</a> <a name="proxypassmatch" id="proxypassmatch">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space using regular expressions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassMatch [<var>regex</var>] !|<var>url</var> [<var>key=value</var>
+ <var>[key=value</var> ...]]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>This directive is equivalent to <code class="directive"><a href="#proxypass">ProxyPass</a></code>,
+ but makes use of regular expressions, instead of simple prefix matching. The
+ supplied regular expression is matched against the <var>url</var>, and if it
+ matches, the server will substitute any parenthesized matches into the given
+ string and use it as a new <var>url</var>.</p>
+
+ <p>Suppose the local server has address <code>http://example.com/</code>;
+ then</p>
+
+ <div class="example"><p><code>
+ ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com$1
+ </code></p></div>
+
+ <p>will cause a local request for
+ <code>http://example.com/foo/bar.gif</code> to be internally converted
+ into a proxy request to <code>http://backend.example.com/foo/bar.gif</code>.</p>
+ <div class="note"><h3>Note</h3>
+ <p>The URL argument must be parsable as a URL <em>before</em> regexp
+ substitutions (as well as after). This limits the matches you can use.
+ For instance, if we had used</p>
+ <div class="example"><p><code>
+ ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com:8000$1
+ </code></p></div>
+ <p>in our previous example, it would fail with a syntax error
+ at server startup. This is a bug (PR 46665 in the ASF bugzilla),
+ and the workaround is to reformulate the match:</p>
+ <div class="example"><p><code>
+ ProxyPassMatch ^/(.*\.gif)$ http://backend.example.com:8000/$1
+ </code></p></div>
+ </div>
+ <p>The <code>!</code> directive is useful in situations where you don't want
+ to reverse-proxy a subdirectory.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse" id="proxypassreverse">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the URL in HTTP response headers sent from
-a reverse proxied server</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverse [<em>path</em>] <em>url</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the URL in HTTP response headers sent from a reverse
+proxied server</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverse [<var>path</var>] <var>url</var>
+[<var>interpolate</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This directive lets Apache adjust the URL in the <code>Location</code>,
-<code>Content-Location</code> and <code>URI</code> headers on
-HTTP redirect responses. This is essential when Apache is used as
-a reverse proxy to avoid by-passing the reverse proxy because of HTTP
-redirects on the backend servers which stay behind the reverse proxy.</p>
-
-<p><em>path</em> is the name of a local virtual path.<br />
-<em>url</em> is a partial URL for the remote server - the same way they are
-used for the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
-
-<p>
-Example:<br />
-Suppose the local server has address <code>http://wibble.org/</code>; then</p>
-<div class="example"><p><code>
- ProxyPass /mirror/foo/ http://foo.com/<br />
- ProxyPassReverse /mirror/foo/ http://foo.com/
-</code></p></div>
-<p>will not only cause a local request for the
-<<code>http://wibble.org/mirror/foo/bar</code>> to be internally
-converted into a proxy request to <<code>http://foo.com/bar</code>> (the
-functionality <code>ProxyPass</code> provides here). It also takes care of
-redirects the server foo.com sends: when <code>http://foo.com/bar</code> is
-redirected by him to <code>http://foo.com/quux</code> Apache adjusts this to
-<code>http://wibble.org/mirror/foo/quux</code> before forwarding the HTTP
-redirect response to the client. </p>
-<p>
-Note that this <code class="directive">ProxyPassReverse</code> directive can
-also be used in conjunction with the proxy pass-through feature
-("<code>RewriteRule ... [P]</code>") from
-<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> because its doesn't depend on a
-corresponding <code class="directive"><a href="#proxypass">ProxyPass</a></code>
-directive.</p>
-
-<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is
-ommitted and the local directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
+ <p>This directive lets Apache adjust the URL in the <code>Location</code>,
+ <code>Content-Location</code> and <code>URI</code> headers on HTTP
+ redirect responses. This is essential when Apache is used as a
+ reverse proxy (or gateway) to avoid by-passing the reverse proxy
+ because of HTTP redirects on the backend servers which stay behind
+ the reverse proxy.</p>
+
+ <p>Only the HTTP response headers specifically mentioned above
+ will be rewritten. Apache will not rewrite other response
+ headers, nor will it rewrite URL references inside HTML pages.
+ This means that if the proxied content contains absolute URL
+ references, they will by-pass the proxy. A third-party module
+ that will look inside the HTML and rewrite URL references is Nick
+ Kew's <a href="http://apache.webthing.com/mod_proxy_html/">mod_proxy_html</a>.</p>
+
+ <p><var>path</var> is the name of a local virtual path. <var>url</var> is a
+ partial URL for the remote server - the same way they are used for the
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+
+ <p>For example, suppose the local server has address
+ <code>http://example.com/</code>; then</p>
+
+ <div class="example"><p><code>
+ ProxyPass /mirror/foo/ http://backend.example.com/<br />
+ ProxyPassReverse /mirror/foo/ http://backend.example.com/<br />
+ ProxyPassReverseCookieDomain backend.example.com public.example.com<br />
+ ProxyPassReverseCookiePath / /mirror/foo/
+ </code></p></div>
+
+ <p>will not only cause a local request for the
+ <code>http://example.com/mirror/foo/bar</code> to be internally converted
+ into a proxy request to <code>http://backend.example.com/bar</code>
+ (the functionality <code>ProxyPass</code> provides here). It also takes care
+ of redirects the server <code>backend.example.com</code> sends: when
+ <code>http://backend.example.com/bar</code> is redirected by him to
+ <code>http://backend.example.com/quux</code> Apache adjusts this to
+ <code>http://example.com/mirror/foo/quux</code> before forwarding the HTTP
+ redirect response to the client. Note that the hostname used for
+ constructing the URL is chosen in respect to the setting of the <code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code> directive.</p>
+
+ <p>Note that this <code class="directive">ProxyPassReverse</code> directive can
+ also be used in conjunction with the proxy pass-through feature
+ (<code>RewriteRule ... [P]</code>) from <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+ because it doesn't depend on a corresponding <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+
+ <p>The optional <var>interpolate</var> keyword (available in
+ httpd 2.2.9 and later), used together with
+ <code class="directive">ProxyPassInterpolateEnv</code>, enables interpolation
+ of environment variables specified using the format <var>${VARNAME}</var>.
+ </p>
+
+ <p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
+ directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyPassReverseCookieDomain" id="ProxyPassReverseCookieDomain">ProxyPassReverseCookieDomain</a> <a name="proxypassreversecookiedomain" id="proxypassreversecookiedomain">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Domain string in Set-Cookie headers from a reverse-
+proxied server</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookieDomain <var>internal-domain</var>
+<var>public-domain</var> [<var>interpolate</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+<p>Usage is basically similar to
+<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
+rewriting headers that are a URL, this rewrites the <code>domain</code>
+string in <code>Set-Cookie</code> headers.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyPassReverseCookiePath" id="ProxyPassReverseCookiePath">ProxyPassReverseCookiePath</a> <a name="proxypassreversecookiepath" id="proxypassreversecookiepath">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adjusts the Path string in Set-Cookie headers from a reverse-
+proxied server</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPassReverseCookiePath <var>internal-path</var>
+<var>public-path</var> [<var>interpolate</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+<p>Usage is basically similar to
+<code class="directive"><a href="#proxypassreverse">ProxyPassReverse</a></code>, but instead of
+rewriting headers that are a URL, this rewrites the <code>path</code>
+string in <code>Set-Cookie</code> headers.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyPreserveHost" id="ProxyPreserveHost">ProxyPreserveHost</a> <a name="proxypreservehost" id="proxypreservehost">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use incoming Host HTTP request header for
-proxy request</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPreserveHost on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use incoming Host HTTP request header for proxy
+request</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPreserveHost On|Off</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyPreserveHost Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in
-Apache 2.0.31 and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later.</td></tr>
</table>
-<p>When enabled, this option will pass the Host: line from the
-incoming request to the proxied host, instead of the hostname
-specified in the proxypass line.
-</p>
-<p>This option should normally be turned 'off'.</p>
+ <p>When enabled, this option will pass the Host: line from the incoming
+ request to the proxied host, instead of the hostname specified in the
+ <code class="directive">ProxyPass</code> line.</p>
+
+ <p>This option should normally be turned <code>Off</code>. It is mostly
+ useful in special configurations like proxied mass name-based virtual
+ hosting, where the original Host header needs to be evaluated by the
+ backend server.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyReceiveBufferSize" id="ProxyReceiveBufferSize">ProxyReceiveBufferSize</a> <a name="proxyreceivebuffersize" id="proxyreceivebuffersize">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network buffer size for outgoing HTTP and FTP
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network buffer size for proxied HTTP and FTP
connections</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyReceiveBufferSize <em>bytes</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyReceiveBufferSize <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyReceiveBufferSize 0</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>The <code class="directive">ProxyReceiveBufferSize</code> directive
-specifies an explicit network buffer size for outgoing HTTP and FTP
-connections, for increased throughput. It has to be greater than 512
-or set to 0 to indicate that the system's default buffer size should
-be used.</p>
-<div class="example"><h3>Example</h3><p><code>
- ProxyReceiveBufferSize 2048
-</code></p></div>
+ <p>The <code class="directive">ProxyReceiveBufferSize</code> directive specifies an
+ explicit (TCP/IP) network buffer size for proxied HTTP and FTP connections,
+ for increased throughput. It has to be greater than <code>512</code> or set
+ to <code>0</code> to indicate that the system's default buffer size should
+ be used.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyReceiveBufferSize 2048
+ </code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyRemote" id="ProxyRemote">ProxyRemote</a> <a name="proxyremote" id="proxyremote">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle certain requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemote <em>match remote-server</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemote <var>match</var> <var>remote-server</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This defines remote proxies to this proxy. <em>match</em> is either the
-name of a URL-scheme that the remote server supports, or a partial URL
-for which the remote server should be used, or '*' to indicate the
-server should be contacted for all requests. <em>remote-server</em> is a
-partial URL for the remote server. Syntax:</p>
-
-<pre>
- remote-server = protocol://hostname[:port]
-</pre>
-
-<p><em>protocol</em> is the protocol that should be used to communicate
-with the remote server; only "http" is supported by this module.</p>
-
-<p>
-Example:</p>
-<div class="example"><p><code>
- ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br />
- ProxyRemote * http://cleversite.com<br />
- ProxyRemote ftp http://ftpproxy.mydomain.com:8080
-</code></p></div>
-
-<p>In the last example, the proxy will forward FTP requests, encapsulated
-as yet another HTTP proxy request, to another proxy which can handle
-them.</p>
-
-<p>This option also supports reverse proxy configuration - a backend
-webserver can be embedded within a virtualhost URL space even if that
-server is hidden by another forward proxy.</p>
+ <p>This defines remote proxies to this proxy. <var>match</var> is either the
+ name of a URL-scheme that the remote server supports, or a partial URL
+ for which the remote server should be used, or <code>*</code> to indicate
+ the server should be contacted for all requests. <var>remote-server</var> is
+ a partial URL for the remote server. Syntax:</p>
+
+ <div class="example"><p><code>
+ <dfn>remote-server</dfn> =
+ <var>scheme</var>://<var>hostname</var>[:<var>port</var>]
+ </code></p></div>
+
+ <p><var>scheme</var> is effectively the protocol that should be used to
+ communicate with the remote server; only <code>http</code> and <code>https</code>
+ are supported by this module. When using <code>https</code>, the requests
+ are forwarded through the remote proxy using the HTTP CONNECT method.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000<br />
+ ProxyRemote * http://cleverproxy.localdomain<br />
+ ProxyRemote ftp http://ftpproxy.mydomain:8080
+ </code></p></div>
+
+ <p>In the last example, the proxy will forward FTP requests, encapsulated
+ as yet another HTTP proxy request, to another proxy which can handle
+ them.</p>
+
+ <p>This option also supports reverse proxy configuration - a backend
+ webserver can be embedded within a virtualhost URL space even if that
+ server is hidden by another forward proxy.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests
-matched by regular expressions</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <em>regex remote-server</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
+expressions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>The <code class="directive">ProxyRemoteMatch</code> is identical
-to the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code>
-directive, except the first argument is a regular expression
-match against the requested URL.</p>
+ <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
+ <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
+ first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
+ match against the requested URL.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This allows or prevents Apache from functioning as a forward proxy
-server. (Setting ProxyRequests to 'off' does not disable use of the
-<code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
+ <p>This allows or prevents Apache from functioning as a forward proxy
+ server. (Setting ProxyRequests to <code>Off</code> does not disable use of
+ the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
+
+ <p>In a typical reverse proxy or gateway configuration, this
+ option should be set to
+ <code>Off</code>.</p>
+
+ <p>In order to get the functionality of proxying HTTP or FTP sites, you
+ need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
+ (or both) present in the server.</p>
+
+ <div class="warning"><h3>Warning</h3>
+ <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous
+ both to your network and to the Internet at large.</p>
+ </div>
+
+<h3>See also</h3>
+<ul>
+<li><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxySet" id="ProxySet">ProxySet</a> <a name="proxyset" id="proxyset">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set various Proxy balancer or member parameters</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxySet <var>url</var> <var>key=value [key=value ...]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxySet is only available in Apache 2.2
+ and later.</td></tr>
+</table>
+ <p>This directive is used as an alternate method of setting any of the
+ parameters available to Proxy balancers and workers normally done via the
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive. If used
+ within a <code><Proxy <var>balancer url|worker url</var>></code>
+ container directive, the <var>url</var> argument is not required. As a side
+ effect the respective balancer or worker gets created. This can be useful
+ when doing reverse proxying via a
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+
+ <div class="example"><p><code>
+ <Proxy balancer://hotcluster><br />
+ <span class="indent">
+ BalancerMember http://www2.example.com:8009 loadfactor=1<br />
+ BalancerMember http://www3.example.com:8009 loadfactor=2<br />
+ ProxySet lbmethod=bytraffic<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <div class="example"><p><code>
+ <Proxy http://backend><br />
+ <span class="indent">
+ ProxySet keepalive=On<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <div class="example"><p><code>
+ ProxySet balancer://foo lbmethod=bytraffic timeout=15
+ </code></p></div>
+
+ <div class="example"><p><code>
+ ProxySet ajp://backend:7001 timeout=15
+ </code></p></div>
+
+ <div class="warning"><h3>Warning</h3>
+ <p>Keep in mind that the same parameter key can have a different meaning
+ depending whether it is applied to a balancer or a worker as shown by the two
+ examples above regarding timeout.</p>
+ </div>
-<p>In a typical reverse proxy configuration, this option should be set to
-'off'.</p>
-<div class="warning"><p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have
-<a href="#access">secured your server</a>. Open proxy servers are
-dangerous both to your network and to the Internet at large.</p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyStatus" id="ProxyStatus">ProxyStatus</a> <a name="proxystatus" id="proxystatus">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Show Proxy LoadBalancer status in mod_status</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyStatus Off|On|Full</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyStatus Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2 and later</td></tr>
+</table>
+ <p>This directive determines whether or not proxy
+ loadbalancer status data is displayed via the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>
+ server-status page.</p>
+ <div class="note"><h3>Note</h3>
+ <p><strong>Full</strong> is synonymous with <strong>On</strong></p>
+ </div>
</div>
<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <em>seconds</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyTimeout 300</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Value of <code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in
-Apache 2.0.31 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
</table>
-<p>This directive allows a user to specifiy a timeout on proxy requests.
-This is usefull when you have a slow/buggy appserver which hangs,
-and you would rather just return a timeout and fail gracefully instead
-of waiting however long it takes the server to return
-</p>
+ <p>This directive allows a user to specifiy a timeout on proxy requests.
+ This is useful when you have a slow/buggy appserver which hangs, and you
+ would rather just return a timeout and fail gracefully instead of waiting
+ however long it takes the server to return.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the Via HTTP response
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
header for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia on|off|full|block</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia off</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
-<p>This directive controls the use of the <code>Via:</code> HTTP
-header by the proxy. Its intended use is to control the flow of of
-proxy requests along a chain of proxy servers. See RFC2068 (HTTP/1.1)
-for an explanation of <code>Via:</code> header lines.</p>
-
-<ul> <li>If set
-to <em>off</em>, which is the default, no special processing is
-performed. If a request or reply contains a <code>Via:</code> header,
-it is passed through unchanged.</li>
-
-<li>If set to <em>on</em>, each
-request and reply will get a <code>Via:</code> header line added for
-the current host.</li>
-
-<li>If set to <em>full</em>, each generated <code>Via:</code> header
-line will additionally have the Apache server version shown as a
-<code>Via:</code> comment field.</li>
-
-<li>If set to <em>block</em>, every
-proxy request will have all its <code>Via:</code> header lines
-removed. No new <code>Via:</code> header will be generated.</li>
-</ul>
+ <p>This directive controls the use of the <code>Via:</code> HTTP
+ header by the proxy. Its intended use is to control the flow of
+ proxy requests along a chain of proxy servers. See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
+ 14.45 for an explanation of <code>Via:</code> header lines.</p>
+
+ <ul>
+ <li>If set to <code>Off</code>, which is the default, no special processing
+ is performed. If a request or reply contains a <code>Via:</code> header,
+ it is passed through unchanged.</li>
+
+ <li>If set to <code>On</code>, each request and reply will get a
+ <code>Via:</code> header line added for the current host.</li>
+
+ <li>If set to <code>Full</code>, each generated <code>Via:</code> header
+ line will additionally have the Apache server version shown as a
+ <code>Via:</code> comment field.</li>
+
+ <li>If set to <code>Block</code>, every proxy request will have all its
+ <code>Via:</code> header lines removed. No new <code>Via:</code> header will
+ be generated.</li>
+ </ul>
</div>
</div>
-<div id="footer">
-<p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
+<a href="../fr/mod/mod_proxy.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
+<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2010 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>
\ No newline at end of file