From: dgaudet Date: Sat, 19 Jul 1997 08:58:32 +0000 (+0000) Subject: NoProxy and ProxyDomain directives. X-Git-Tag: APACHE_1_3a1~13 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a2f26797b3e2900c104f7182625183018e983d46;p=apache NoProxy and ProxyDomain directives. Submitted by: Martin Kraemer Reviewed by: Dean Gaudet git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@78664 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_proxy.html b/docs/manual/mod/mod_proxy.html index 2cb5aee704..d3d2a17ac5 100644 --- a/docs/manual/mod/mod_proxy.html +++ b/docs/manual/mod/mod_proxy.html @@ -42,6 +42,8 @@ and other protocols.
  • ProxyRemote
  • ProxyPass
  • ProxyBlock +
  • NoProxy +
  • ProxyDomain
  • CacheRoot
  • CacheSize
  • CacheMaxExpire @@ -150,6 +152,133 @@ ProxyBlock * blocks connections to all sites. +

    NoProxy

     +Syntax: NoProxy { <Domain> + | <SubNet> + | <IpAddr> + | <Hostname> + }
    +Context: server config
    +Status: Base
    +Module: mod_proxy
    +Compatibility: NoProxy is only available in a patch to +Apache 1.2.1 and later.

    + +This directive is only useful for apache proxy servers within intranets. +The NoProxy directive specifies a list of subnets, IP addresses, hosts +and/or domains, separated by spaces. A request to a host which matches +one or more of these is always served directly, without forwarding to +the configured ProxyRemote proxy server(s).
    Example: + +

    +  ProxyRemote  *  http://firewall.mycompany.com:81
+  NoProxy         .mycompany.com 192.168.112.0/21 
+
    +The arguments to the NoProxy directive are one of the following type list: +
    + + +
    Domain +
    A Domain is a partially qualified DNS domain name, preceded + by a period. + It represents a list of hosts which logically belong to the same DNS + domain or zone (i.e. the suffixes of the hostnames are all ending in + Domain).
    + Examples: .com .apache.org. .sni.de
    + To distinguish Domains from     Hostnames (both + syntactically and semantically; a DNS domain can have a DNS A record, + too!), Domains are always written + with a leading period.
    + Note: Domain name comparisons are done without regard to the case, + and Domains are always assumed to be anchored in the root + of the DNS tree, therefore two domains .MyDomain.com and + .mydomain.com. (note the trailing period) are + considered equal. Since a domain comparison does not involve a DNS + lookup, it is much more efficient than subnet comparison. + + + +
    SubNet +
    A SubNet is a partially qualified internet address in + numeric (dotted quad) form, optionally followed by a slash and the + netmask, specified as the number of significant bits in the + SubNet. It is used to represent a subnet of hosts which can + be reached over a common network interface. In the absence of the + explicit net mask it is assumed that omitted (or zero valued) + trailing digits specify the mask. (In this case, the netmask can + only be multiples of 8 bits wide.)
    + Examples: +
    +
    192.168 or 192.168.0.0 +
    the subnet 192.168.0.0 with a netmask of 16 valid bits + (sometimes used in the netmask form 255.255.0.0) +
    139.25.112.0/21 +
    the subnet 139.25.112.0/21 with a netmask of 21 + valid bits (also used in the form 255.255.248.0) +
    + As a degenerate case, a SubNet with 32 valid bits is the + equivalent to an IPAddr, while a SubNet with zero + valid bits (e.g., 0.0.0.0/0) is the same as the constant + _Default_, matching any IP address. + + +     +
    IPAddr +
    A IPAddr represents a fully qualified internet address in + numeric (dotted quad) form. Usually, this address represents a + host, but there need not necessarily be a DNS domain name + connected with the address.
    + Example: 139.25.113.10
    + Note: An IPAddr does not need to be resolved by the DNS system, so + it can result in more effective apache performance.
    +

    See Also: +DNS Issues

    + + + +
    Hostname +
    A Hostname is a fully qualified DNS domain name which can + be resolved to one or more IPAddrs via the DNS domain name service. + It represents a logical host (in contrast to Domains, see + above) and must be resolvable to at least one IPAddr (or + often to a list of hosts with different IPAddr's).
    + Examples: prep.ai.mit.edu + www.apache.org.
    + Note: In many situations, it is more effective to specify an + IPAddr in place of a Hostname since a DNS lookup + can be avoided. Name resolution in Apache can take a remarkable deal + of time when the connection to the name server uses a slow PPP + link.
    + Note: Hostname comparisons are done without regard to the case, + and Hostnames are always assumed to be anchored in the root + of the DNS tree, therefore two hosts WWW.MyDomain.com + and www.mydomain.com. (note the trailing period) are + considered equal.
    +

    See Also: +DNS Issues

    +
    + +

    ProxyDomain

     +Syntax: ProxyDomain <Domain>
    +Context: server config
    +Status: Base
    +Module: mod_proxy
    +Compatibility: ProxyDomain is only available in a patch to +Apache 1.2.1 and later.

    + +This directive is only useful for apache proxy servers within intranets. +The ProxyDomain directive specifies the default domain which the apache +proxy server will belong to. If a request to a host without a domain name +is encountered, a redirection response to the same host +with the configured Domain appended will be generated. +
    Example: + +

    +  ProxyRemote  *  http://firewall.mycompany.com:81
+  NoProxy         .mycompany.com 192.168.112.0/21 
+  ProxyDomain     .mycompany.com
+
    +

    CacheRoot

     Syntax: CacheRoot <directory>
    Context: server config
    @@ -299,6 +428,7 @@ disables caching completely.

  • Why does Apache start more slowly when using the proxy module?
  • Can I use the Apache proxy module with my SOCKS proxy? +
  • What other functions are useful for an intranet proxy server?

    Controlling access to your proxy

    @@ -360,6 +490,24 @@ Remember that you'll also have to grant access to your Apache proxy machine by permitting connections on the appropriate ports in your SOCKS daemon's configuration.

    +

    What other functions are useful for an intranet proxy server?

    + +

    An Apache proxy server situated in an intranet needs to forward external +requests through the company's firewall. However, when it has to access +resources within the intranet, it can bypass the firewall when accessing +hosts. The NoProxy directive is useful for specifying +which hosts belong to the intranet and should be accessed directly.

    + +

    Users within an intranet tend to omit the local domain name from their +WWW requests, thus requesting "http://somehost/" instead of +"http://somehost.my.dom.ain/". Some commercial proxy servers let them get +away with this and simply serve the request, implying a configured +local domain. When the ProxyDomain directive +is used and the server is configured for +proxy service, Apache can return a redirect response and send the client +to the correct, fully qualified, server address. This is the preferred method +since the user's bookmark files will then contain fully qualified hosts.

    +