You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modproxy-dev@apache.org by Eli Marmor <ma...@netmask.it> on 2002/01/30 01:17:48 UTC

Re: patch: proxy-preserve-host (+ background about 0.9)

g.russell@ieee.org wrote:

> This would be useful during regular proxying - as this option would be
> needed for transparent proxying to work.
> 
> This patch looks quite useful, as it answers Eli Marmor's transparent
> proxy question as well.

Ha folks :-)

I must admit that I didn't imagine a so fast solution for it...

My intention was to look at this issue, and try to implement it.

Unfortunately, such tries of me to improve mod_proxy, usually don't
reach anything; for example, one time I decided that proxyreq should
not be boolean, but should have a different value for reverse proxy;
However, it took me so much time to do it, and even after finishing it
- I was afraid to be flamed, so I kept improving my code to fit the
writing style of ASF. The expected end, as you probably know, was that
somebody else did a similar patch...

Regarding HTTP-0.9, and even 1.0, when there is no "Host:":

I think that squid handles it. This is a usual task of proxies in ISPs,
and a short background from me may help:

Such a transparent proxy, is usually installed in a gateway that the
ISP's users must pass (to simplify things, I'll ignore the case when
the packet is redirected from such a gateway to another host, where the
real proxy runs).

Under most platforms, this is done by NAT. For example, under Linux 2.4
it is done this way:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 80

(I omitted some important flags, to simplify things).

That rule redirects packets which PASS this machine but are destined to
port 80 of ANOTHER host, to port 80 of THIS host.

Unfortunately, Apache can't use the destination IP address of the
packet to find the original destination, because the above rule
replaced it by OUR address (otherwise, this packet would continue its
way to the original host, rather than reaching our Apache).

There is probably another way to find the original destination; Does
anybody here know squid internals?
If it looks important, I can try to investigate it; However, I think
that all the popular browsers send "Host:" headers, so it is not so
important...
-- 
Eli Marmor
marmor@netmask.it
CTO, Founder
Netmask (El-Mar) Internet Technologies Ltd.
__________________________________________________________
Tel.:   +972-9-766-1020          8 Yad-Harutzim St.
Fax.:   +972-9-766-1314          P.O.B. 7004
Mobile: +972-50-23-7338          Kfar-Saba 44641, Israel