You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Martin Kraemer <Ma...@mch.sni.de> on 1997/07/15 21:47:26 UTC
[PATCH] Intranet Patch to Apache-1.2.1
Hello,
Here's a patch to Apatche-1.2.1 which adds two directives which are
useful in an intranet environment where Apache runs as a proxy server.
* The "NoProxy" directive is modeled after most browsers' NoProxy
configuration item: it bypasses the configured ProxyRemote server
for all domain / IPAddrs / SubnetAddrs / Hostnames which were given
as arguments to the NoProxy directive. In contrast to the other
mod_proxy directives this directive knows the semantic difference
between host names (even multihomed)m domain names, IP addresses,
and subnet addresses and matches the requests accordingly.
* The "ProxyDomain" directive sends an external redirection response
for all requests that lack a domain name in the request
(e.g., http://somehost/ -> http://somehost.my.dom.ain/).
The latter directive could eventually be superceded by the new
RedirectMatch ([a-zA-Z]://[-a-zApZ0-9_]+)/?(.*) $1.my.dom.ain/$2
directive, if it works for proxy requests as well.
Examples:
ProxyRemote * http://firewall.my.dom.ain:81
NoProxy .my.dom.ain 192.168.123/24 139.25.113.10
ProxyDomain .my.dom.ain
This patch was developed at home, you are free to use it under the
Apache License, either integrate it, add it as contrib/, or throw it
away. I have been using the patched version in our company's intranet
with success. It could be improved DNS-lookup-wise (only look up a given
host once), but could prove valuable for those who are stuck in the same
(intranet) situation as I was.
Cheers, and a 1000 thanks for a great tool,
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
Re: [PATCH] Intranet Patch to Apache-1.2.1
Posted by Martin Kraemer <Ma...@mch.sni.de>.
On Wed, Jul 16, 1997 at 11:05:18PM -0700, Dean Gaudet wrote:
> Is the SINIX_D_RESOLVER_BUG part of this patch a bugfix? What's the bug
> you're working around? (Curious if we need to do it elsewhere.)
Oh, sorry, I left that in accidentally. It primarily fixes a bug in the
resolver library which cannot cope correctly with multi homed hosts. The
server_hp.h_addr_list[] array on this special SINIX version (ancient
[1992]; all current versions do it right) only contains one pointer (to
the first IP address of the several addresses), but the list itself con-
tains all IP addresses.
Correct Memory Layout:
...
+-----------+ +-----------+ +-------------+
|h_addr_list| -> | [0]| -> |207.68.156.52|
+-----------+ +-----------+ +-------------+
... | [1]| -> |207.68.137.53|
+-----------+ +-------------+
| [2]| -> |207.68.156.16|
+-----------+ +-------------+
| [3]| -> |207.68.156.73|
+-----------+ +-------------+
| NULL | | 0.0.0.0 |
+-----------+ +-------------+
Bug in ancient SINIX-D:
...
+-----------+ +-----------+ +-------------+
|h_addr_list| -> | [0]| -> |207.68.156.52|
+-----------+ +-----------+ +-------------+
... | NULL | |207.68.137.53|
+-----------+ +-------------+
|207.68.156.16|
+-------------+
|207.68.156.73|
+-------------+
| 0.0.0.0 |
+-------------+
I wonder if other (Lachman) TCP implementations have (had) the same
problem. It seldom shows, the server just uses the first address.
Martin
--
| S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
| ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
| N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
Re: [PATCH] Intranet Patch to Apache-1.2.1
Posted by Dean Gaudet <dg...@arctic.org>.
Is the SINIX_D_RESOLVER_BUG part of this patch a bugfix? What's the bug
you're working around? (Curious if we need to do it elsewhere.)
Otherwise this looks fine to me. But I don't use the proxy so ...
Dean
On Tue, 15 Jul 1997, Martin Kraemer wrote:
> Hello,
>
> Here's a patch to Apatche-1.2.1 which adds two directives which are
> useful in an intranet environment where Apache runs as a proxy server.
>
> * The "NoProxy" directive is modeled after most browsers' NoProxy
> configuration item: it bypasses the configured ProxyRemote server
> for all domain / IPAddrs / SubnetAddrs / Hostnames which were given
> as arguments to the NoProxy directive. In contrast to the other
> mod_proxy directives this directive knows the semantic difference
> between host names (even multihomed)m domain names, IP addresses,
> and subnet addresses and matches the requests accordingly.
> * The "ProxyDomain" directive sends an external redirection response
> for all requests that lack a domain name in the request
> (e.g., http://somehost/ -> http://somehost.my.dom.ain/).
> The latter directive could eventually be superceded by the new
> RedirectMatch ([a-zA-Z]://[-a-zApZ0-9_]+)/?(.*) $1.my.dom.ain/$2
> directive, if it works for proxy requests as well.
>
> Examples:
> ProxyRemote * http://firewall.my.dom.ain:81
> NoProxy .my.dom.ain 192.168.123/24 139.25.113.10
> ProxyDomain .my.dom.ain
>
> This patch was developed at home, you are free to use it under the
> Apache License, either integrate it, add it as contrib/, or throw it
> away. I have been using the patched version in our company's intranet
> with success. It could be improved DNS-lookup-wise (only look up a given
> host once), but could prove valuable for those who are stuck in the same
> (intranet) situation as I was.
>
> Cheers, and a 1000 thanks for a great tool,
> Martin
> --
> | S I E M E N S | <Ma...@mch.sni.de> | Siemens Nixdorf
> | ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
> | N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
> ~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
>