You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/02/17 14:18:21 UTC
[PATCH] Prevent reverse lookups for outgoing connections in mod_proxy
Hi,
while setting up Apache as an ssl tunnel to some backend servers, I've
noticed that for each new outgoing connection a reverse lookup is performed.
For serveral reasons I had to prevent this from happening (in short I
don't wan't to bother the dns server too much), therefore I've written
the attached patch to solve my problem.
A new boolean configuration directive named 'ReverseLookups' is added.
It defaults to 'On'. This means that as default it behaves as usual.
The proposed solution lacks maybe a bit of flexibility but it seems to work.
Would adding a third optional parameter to the ProxyPass directive make
more sense?
Any idea/suggestion for a better solution?
Both the issue and the solution have been tested on a linux 2.4 system
running apache 1.3.26 and 1.3.27.
Relevant configuration options:
HostnameLookups Off
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
ServerName some.host.com
SSLEngine On
SSLCertificateFile /opt/apache/conf/ssl.crt/my.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/my.key
ProxyPass / http://192.168.2.1:80/
ProxyPassReverse / http://192.168.2.1:80/
</VirtualHost>
Best regards.
--
Federico Mennite
Re: [PATCH] Prevent reverse lookups for outgoing connections in mod_proxy
Posted by Federico Mennite <fe...@lifeware.ch>.
Justin Erenkrantz wrote:
> Why not just have mod_proxy respect HostnameLookups? -- justin
Originally this was my first tought, but given the different context in
which the reverse lookup is done, I tought that having an extra
directive would have been a good ideea.
Thinking on it again, it doesn't seem so anymore :)
So getting the configuration from the core module is the path to go.
I'll rehash my patch.
Regards.
--
Federico Mennite
Re: [PATCH] Prevent reverse lookups for outgoing connections in mod_proxy
Posted by Graham Leggett <mi...@sharp.fm>.
Justin Erenkrantz wrote:
> Why not just have mod_proxy respect HostnameLookups? -- justin
+1.
Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm "There's a moon
over Bourbon Street
tonight..."
Re: [PATCH] Prevent reverse lookups for outgoing connections in
mod_proxy
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On Monday, February 17, 2003 14:18:21 +0100 Federico Mennite
<fe...@lifeware.ch> wrote:
> A new boolean configuration directive named 'ReverseLookups' is added. It
> defaults to 'On'. This means that as default it behaves as usual. The
> proposed solution lacks maybe a bit of flexibility but it seems to work.
> Would adding a third optional parameter to the ProxyPass directive make
> more sense?
Why not just have mod_proxy respect HostnameLookups? -- justin