You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dziugas Baltrunas <dz...@baltrunas.lt> on 2007/04/04 11:08:15 UTC
Re: [PATCH] ProxyAddXHeaders for mod_proxy
Hi,
any commens/objections on this patch?
On 2/28/07, Dziugas Baltrunas <dz...@gmail.com> wrote:
> Hi, list,
>
> attaching same patch with small correction to the one submitted
> previously (was unnecessary double check for PROXYREQ_REVERSE).
>
> Patch is for httpd-2.2.x branch.
>
> On 2/28/07, Dziugas Baltrunas <dz...@gmail.com> wrote:
> > Hi list,
> >
> > for those of us who are using Apache HTTPD as a "internet" proxy (a
> > combination of forward and reverse proxy modes) it's important that
> > requests going to the remote servers (which are not "known" backends
> > but anonymous boxes in this case) would look the same independently
> > whether the original request came in reverse or forward fashion.
> >
> > Currently mod_proxy_http adds X-Forwarded-* headers unconditionally
> > when we have a reverse proxy request and never for forward proxy
> > requests.
> >
> > Attached patch adds a new ProxyAddXHeaders directive with a possible
> > options of On|Off|ReverseOnly, later option leaving the default in
> > order not to break compatibility with current configurations. With
> > this option it is possible to always add X-Forwarded-For,
> > X-Forwarded-Host and X-Forwarded-Server headers for both reverse and
> > forward proxy modes, for reverse proxy only or not to add them at all.
> >
> > Comments and suggestions are welcome.
> >
> > --
> > Dziugas Baltrunas
> >
> >
>
>
> --
> Dziugas Baltrunas
>
>
--
Dziugas Baltrunas
http://dziugas.baltrunas.lt/
Re: [PATCH] ProxyAddXHeaders for mod_proxy
Posted by Dziugas Baltrunas <dz...@baltrunas.lt>.
Hi, Nick,
if you recall my initial paragraph, I'm here to address the
configuration of httpd acting as a generic HTTP proxy which is able to
handle both a standard (forward proxy mode) and transparent (reverse
proxy mode) proxy requests. This is the same what other proxy servers
(like Squid) do.
For this to achieve I use 'ProxyRequests On' together with couple of
mod_rewrite rules with [P] flag (but not ProxyPass rules since every
remote host needs to be proxied).
The problem is that with current mod_proxy_http outgoing http request
is dependant on how the original request was made to httpd. If
original request was in "forward" fashion, no X-Forwarded-* headers
are added to the outgoing request. Otherwise, for reverse proxy
requests "Privacy Note" comes into play and additional X-Forwarded-*
headers become visible (i.e. added by httpd) for remote hosts.
The intention was not to distinguish the way on how the original
request was made and stay consistent (that is, always add some headers
or never) when forwarding the request to a remote host.
I hope now the problem should be more clear.
On 4/4/07, Nick Kew <ni...@webthing.com> wrote:
> On Wed, 4 Apr 2007 12:08:15 +0300
> "Dziugas Baltrunas" <dz...@baltrunas.lt> wrote:
>
> > Hi,
> >
> > any commens/objections on this patch?
>
> Hmmm ... not sure I understand the problem you're fixing.
>
> > > > Currently mod_proxy_http adds X-Forwarded-* headers
> > > > unconditionally when we have a reverse proxy request and never
> > > > for forward proxy requests.
>
> I'm guessing this is the crux of your point.
> In the source code is a comment headed "Privacy Note", comprising
> three paragraphs explaining this behaviour. Perhaps it would be
> useful if you could address that comment directly.
>
> Also useful would be if you could explain what information
> you want is actually being lost in a forward proxy (if indeed
> that is your underlying problem)?
>
> --
> Nick Kew
>
> Application Development with Apache - the Apache Modules Book
> http://www.apachetutor.org/
>
--
Dziugas Baltrunas
http://dziugas.baltrunas.lt/
Re: [PATCH] ProxyAddXHeaders for mod_proxy
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 4 Apr 2007 12:08:15 +0300
"Dziugas Baltrunas" <dz...@baltrunas.lt> wrote:
> Hi,
>
> any commens/objections on this patch?
Hmmm ... not sure I understand the problem you're fixing.
> > > Currently mod_proxy_http adds X-Forwarded-* headers
> > > unconditionally when we have a reverse proxy request and never
> > > for forward proxy requests.
I'm guessing this is the crux of your point.
In the source code is a comment headed "Privacy Note", comprising
three paragraphs explaining this behaviour. Perhaps it would be
useful if you could address that comment directly.
Also useful would be if you could explain what information
you want is actually being lost in a forward proxy (if indeed
that is your underlying problem)?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/