You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by "Alan M. Carroll (JIRA)" <ji...@apache.org> on 2010/04/08 01:37:36 UTC

[jira] Created: (TS-291) Enable transparent forward proxying

Enable transparent forward proxying
-----------------------------------

                 Key: TS-291
                 URL: https://issues.apache.org/jira/browse/TS-291
             Project: Traffic Server
          Issue Type: Improvement
          Components: Network
         Environment: Linux
            Reporter: Alan M. Carroll
            Priority: Minor


Currently ATS provides only explicit forward proxying. It should support this transparently as well.

Transparent means

* No configuration on clients.
* Origin server sees the client IP address as the source address of the cache fill request.

This should be an option set via configuration variables because transparent proxying is not always the correct mode of operation. In addition, it requires a Linux kernel with TPROXY support and so will not run in all environments.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (TS-291) Enable transparent forward proxying

Posted by "Alan M. Carroll (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TS-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854733#action_12854733 ] 

Alan M. Carroll commented on TS-291:
------------------------------------

Issue 1

HttpTransact::check_request_validity only checks the request URL for the host and does not check the HOST field. This works for explicit proxy requests but most current web tools use the HOST field so without client configuration, ATS rejects the request with "400: Host Required In Request". I think this should be modified to do the check only in the transparent case as the explicit case should require the host in the URL.

Issue 2

It was mentioned to me that ATS had transparent forward proxy code at one point but it was (mostly) removed. In some cases there seems to be a remnant in the use of
    State::http_config_param::transparency_enabled
which I presume is a flag used to enable transparent operation, although perhaps it is used for reverse proxying and therefore it is unclear whether it should be used for forward proxying.
(see HttpTransact::initialize_state_variables_from_request for an example)


> Enable transparent forward proxying
> -----------------------------------
>
>                 Key: TS-291
>                 URL: https://issues.apache.org/jira/browse/TS-291
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Network
>         Environment: Linux
>            Reporter: Alan M. Carroll
>            Priority: Minor
>
> Currently ATS provides only explicit forward proxying. It should support this transparently as well.
> Transparent means
> * No configuration on clients.
> * Origin server sees the client IP address as the source address of the cache fill request.
> This should be an option set via configuration variables because transparent proxying is not always the correct mode of operation. In addition, it requires a Linux kernel with TPROXY support and so will not run in all environments.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (TS-291) Enable transparent forward proxying

Posted by "George Paul (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TS-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12855466#action_12855466 ] 

George Paul commented on TS-291:
--------------------------------

For Issue 1, see section '14.23 Host' in the  HTTP/1.1 RFC specification  (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html) for handling of "Host" field header. 

For Issue 2 you can safely assume that 'transparency_enabled' variable was used for indicating 'transparent forward proxy' mode AFAIR.

-George

> Enable transparent forward proxying
> -----------------------------------
>
>                 Key: TS-291
>                 URL: https://issues.apache.org/jira/browse/TS-291
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Network
>         Environment: Linux
>            Reporter: Alan M. Carroll
>            Priority: Minor
>
> Currently ATS provides only explicit forward proxying. It should support this transparently as well.
> Transparent means
> * No configuration on clients.
> * Origin server sees the client IP address as the source address of the cache fill request.
> This should be an option set via configuration variables because transparent proxying is not always the correct mode of operation. In addition, it requires a Linux kernel with TPROXY support and so will not run in all environments.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.