You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tomasz Chmielewski <ma...@interia.pl> on 2004/07/01 09:21:12 UTC
[users@httpd] mod_proxy - apache as a transparent forward proxy (for LAN users)
Hello,
I sent this message to this list, but to date got no answer.
So my big problem is:
Currently I'm using Squid as a proxy server, but eventually I'd like to
switch to Apache 2, working as a forward proxy.
This is because there is a mod_clamav available for Apache 2, and there
isn't anything like it for Squid.
I made some promising tests with Apache 2, however, I'm not sure if
Apache 2 is capable of working as a transparent proxy in its forward
proxy mode?
Any hint on how to do it would be really appreciated (besides port
redirecting to Apache with iptables, of course :))
Reagrds,
Tomasz Chmielewski
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Tomasz Chmielewski <ma...@interia.pl>.
Nick Kew wrote:
> On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
>
>
>>It works as below:
>>
>>Client requests google.com:80
>>-> request redirected with iptables to proxy:3128 (so no need for the
>>end user to change proxy settings)
>
>
> Whatever happened to what you asked yesterday:
>
>
>>Any hint on how to do it would be really appreciated (besides port
>>redirecting to Apache with iptables, of course :))
huh?
-- T.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Nick Kew <ni...@webthing.com>.
On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
> It works as below:
>
> Client requests google.com:80
> -> request redirected with iptables to proxy:3128 (so no need for the
> end user to change proxy settings)
Whatever happened to what you asked yesterday:
> Any hint on how to do it would be really appreciated (besides port
> redirecting to Apache with iptables, of course :))
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Tomasz Chmielewski <ma...@interia.pl>.
Tomasz Chmielewski wrote:
> Nick Kew wrote:
>
>> On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
>>
>>
>>> yes, that's why I changed the topic and the message a bit, hoping
>>> someone has already solved such problem (how to make apache work as a
>>> transparent proxy (in forward proxy mode) - so that LAN users wouldn't
>>> have to alter their browsers' settings in order to use proxy).
>>
>>
>>
>> That doesn't make sense. If your users don't configure their browsers
>> to use a proxy, then the proxy will never see their traffic. Forcing
>> traffic to route through your proxy is a networking issue, nothing to
>> do with Apache or Squid.
If I just redirect all port 80 requests (google.com:80) to proxy:3128
(or make it proxy:80), the client would normally see our server's webpages.
To this point it's networking issue.
But after that it's proxy issue:
That's why proxy need to know, if requests will be "transparent" (and
hence these directives in Squid I mentioned in a previous post).
And finally my question: is Apache able to operate in "transparent" mode?
-- T.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Tomasz Chmielewski <ma...@interia.pl>.
Nick Kew wrote:
> On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
>
>
>>yes, that's why I changed the topic and the message a bit, hoping
>>someone has already solved such problem (how to make apache work as a
>>transparent proxy (in forward proxy mode) - so that LAN users wouldn't
>>have to alter their browsers' settings in order to use proxy).
>
>
> That doesn't make sense. If your users don't configure their browsers
> to use a proxy, then the proxy will never see their traffic. Forcing
> traffic to route through your proxy is a networking issue, nothing to
> do with Apache or Squid.
Of course it does make sense and it has a lot to do with Apache or Squid.
Read about transparent proxying before such comments.
Generally certain proxies (for example, Squid) are able to proxy
"transparently" for the end user.
It works as below:
Client requests google.com:80
-> request redirected with iptables to proxy:3128 (so no need for the
end user to change proxy settings)
-> proxy reads (from kernel I assume) real address (google.com in our
case) and serves the page to the client.
This way the client is served by the web proxy, without even knowing it.
In Squid it's very easy: you just add a set of directives, so it knows
that requests can be "transparent":
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
check here for details:
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
And all I would like to know, if it's possible with Apache.
-- T.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Nick Kew <ni...@webthing.com>.
On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
> yes, that's why I changed the topic and the message a bit, hoping
> someone has already solved such problem (how to make apache work as a
> transparent proxy (in forward proxy mode) - so that LAN users wouldn't
> have to alter their browsers' settings in order to use proxy).
That doesn't make sense. If your users don't configure their browsers
to use a proxy, then the proxy will never see their traffic. Forcing
traffic to route through your proxy is a networking issue, nothing to
do with Apache or Squid.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Tomasz Chmielewski <ma...@interia.pl>.
Nick Kew wrote:
> On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
>
>
>>I sent this message to this list, but to date got no answer.
>
>
> Perhaps that's because people don't understand the question. What do
> you want Apache to do that it doesn't currently do?
yes, that's why I changed the topic and the message a bit, hoping
someone has already solved such problem (how to make apache work as a
transparent proxy (in forward proxy mode) - so that LAN users wouldn't
have to alter their browsers' settings in order to use proxy).
-- T.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy - apache as a transparent forward proxy
(for LAN users)
Posted by Nick Kew <ni...@webthing.com>.
On Thu, 1 Jul 2004, Tomasz Chmielewski wrote:
> I sent this message to this list, but to date got no answer.
Perhaps that's because people don't understand the question. What do
you want Apache to do that it doesn't currently do?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org