You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/02/17 14:18:21 UTC

[PATCH] Prevent reverse lookups for outgoing connections in mod_proxy

Hi,

while setting up Apache as an ssl tunnel to some backend servers, I've 
noticed that for each new outgoing connection a reverse lookup is performed.
For serveral reasons I had to prevent this from happening (in short I 
don't wan't to bother the dns server too much), therefore I've written 
the attached patch to solve my problem.

A new boolean configuration directive named 'ReverseLookups' is added. 
It defaults to 'On'. This means that as default it behaves as usual.
The proposed solution lacks maybe a bit of flexibility but it seems to work.
Would adding a third optional parameter to the ProxyPass directive make 
more sense?

Any idea/suggestion for a better solution?

Both the issue and the solution have been tested on a linux 2.4 system 
running apache 1.3.26 and 1.3.27.

Relevant configuration options:

HostnameLookups Off
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
   ServerName some.host.com
   SSLEngine On
   SSLCertificateFile    /opt/apache/conf/ssl.crt/my.crt
   SSLCertificateKeyFile /opt/apache/conf/ssl.key/my.key
   ProxyPass        / http://192.168.2.1:80/
   ProxyPassReverse / http://192.168.2.1:80/
</VirtualHost>


Best regards.

--
Federico Mennite

Re: [PATCH] Prevent reverse lookups for outgoing connections in mod_proxy

Posted by Federico Mennite <fe...@lifeware.ch>.

Justin Erenkrantz wrote:

> Why not just have mod_proxy respect HostnameLookups?  -- justin

Originally this was my first tought, but given the different context in 
which the reverse lookup is done, I tought that having an extra 
directive would have been a good ideea.
Thinking on it again, it doesn't seem so anymore :)

So getting the configuration from the core module is the path to go. 
I'll rehash my patch.

Regards.

--
Federico Mennite

Re: [PATCH] Prevent reverse lookups for outgoing connections in mod_proxy

Posted by Graham Leggett <mi...@sharp.fm>.

Justin Erenkrantz wrote:

> Why not just have mod_proxy respect HostnameLookups?  -- justin

+1.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

Re: [PATCH] Prevent reverse lookups for outgoing connections in mod_proxy

Posted by Justin Erenkrantz <ju...@erenkrantz.com>.

--On Monday, February 17, 2003 14:18:21 +0100 Federico Mennite 
<fe...@lifeware.ch> wrote:

> A new boolean configuration directive named 'ReverseLookups' is added. It
> defaults to 'On'. This means that as default it behaves as usual. The
> proposed solution lacks maybe a bit of flexibility but it seems to work.
> Would adding a third optional parameter to the ProxyPass directive make
> more sense?

Why not just have mod_proxy respect HostnameLookups?  -- justin