You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bu...@apache.org on 2011/12/09 00:46:02 UTC
svn commit: r799975 -
/websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
Author: buildbot
Date: Thu Dec 8 23:46:01 2011
New Revision: 799975
Log:
Staging update by buildbot
Modified:
websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
Modified: websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
==============================================================================
--- websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html (original)
+++ websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html Thu Dec 8 23:46:01 2011
@@ -57,7 +57,55 @@
<div class="row content">
<div class="eightcol">
<div id="content">
-
+ <p>The Apache Traffic Server is a general purpose <em>proxy</em>. As such it can
+also be used as forward proxy.</p>
+<p>A forward proxy is can be used as a central tool in your infrastructure
+to access the web. In combination with a cache that means overall reduced
+bandwidth usage.</p>
+<p>If your forward proxy is not also configured as <a href="../transparent-proxy">transparent proxy</a>
+your clients will have to be configured to actually use it.</p>
+<p>The main difference between a forward and a transparent proxy is that
+User Agents <em>know</em> that they are accessing a proxy, thus forming their
+requests like so:</p>
+<div class="codehilite"><pre><span class="n">GET</span> <span class="n">http:</span><span class="sr">//</span><span class="n">example</span><span class="o">.</span><span class="n">com</span><span class="sr">/index.php?id=1337 HTTP/</span><span class="mf">1.1</span>
+</pre></div>
+
+
+<p>This request, then is translated by the proxy to</p>
+<div class="codehilite"><pre><span class="n">GET</span> <span class="sr">/index?id=1337 HTTP/</span><span class="mf">1.1</span>
+<span class="n">Host:</span> <span class="n">example</span><span class="o">.</span><span class="n">com</span>
+</pre></div>
+
+
+<p>Apache Traffic Server offers two ways to User Agents: They can either
+be pointed directly to the default <code>8080</code> port. Alternatively, they can
+be pointed to the more dynamic <a href="../configuration-files/records.config#proxy.config.url_remap.default_to_server_pac"><code>proxy.config.url_remap.default_to_server_pac</code></a></p>
+<p>This port will then serve a JavaScript like configuration that User Agents
+can use to determine where to send their requests to.</p>
+<h1 id="configuration">Configuration</h1>
+<p>In order to configure Apache Traffic Server as forward proxy you will have to
+edit <a href="../configuration-files/records.config"><code>records.config</code></a> and set</p>
+<ul>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.url_remap.remap_required"><code>proxy.config.url_remap.remap_required</code></a> <code>0</code></li>
+</ul>
+<p>If your proxy is serving as <em>pure</em> forward proxy, you will also want to set</p>
+<ul>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.reverse_proxy.enabled"><code>proxy.config.reverse_proxy.enabled</code></a> <code>0</code></li>
+</ul>
+<p>Other configuration variables to consider:</p>
+<ul>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.no_dns_just_forward_to_parent"><code>proxy.config.http.no_dns_just_forward_to_parent</code></a></li>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.forward.proxy_auth_to_parent"><code>proxy.config.http.forward.proxy_auth_to_parent</code></a></li>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.insert_squid_x_forwarded_for"><code>proxy.config.http.insert_squid_x_forwarded_for</code></a></li>
+</ul>
+<h1 id="security">Security Consideratoins</h1>
+<p>It's important to note that once your Apache Traffic Server is configured as
+forward proxy it will indiscriminately accept proxy requests from anyone.
+That means, if it's reachable on the internet, you have configured an
+<em>Open Proxy</em>. Most of the time, this is <em>not</em> what you want, so you'll have
+to make sure it's either only reachable within your NAT or is secured by
+firewall rules that permit only those clients to access it which you
+want to it to access.</p>
</div>
</div>
<div class="fourcol last">