You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ig...@apache.org on 2013/04/18 11:56:59 UTC
[15/25] git commit: add fwd proxy
add fwd proxy
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/bd361e38
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/bd361e38
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/bd361e38
Branch: refs/heads/sphinx-docs
Commit: bd361e388c9ce7452468c8c5b5cfd1d993344934
Parents: 8eb9127
Author: Igor Galić <i....@brainsware.org>
Authored: Thu Mar 14 23:07:55 2013 +0100
Committer: Igor Galić <i....@brainsware.org>
Committed: Thu Mar 14 23:07:55 2013 +0100
----------------------------------------------------------------------
doc/source/admin/forward-proxy.en.rst | 89 ++++++++++++++++++++++++++++
1 files changed, 89 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/bd361e38/doc/source/admin/forward-proxy.en.rst
----------------------------------------------------------------------
diff --git a/doc/source/admin/forward-proxy.en.rst b/doc/source/admin/forward-proxy.en.rst
new file mode 100644
index 0000000..1b6c35f
--- /dev/null
+++ b/doc/source/admin/forward-proxy.en.rst
@@ -0,0 +1,89 @@
+:title: Forward Proxy
+
+.. Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+The Apache Traffic Server is a general purpose *proxy*. As such it can
+also be used as forward proxy.
+
+A forward proxy is can be used as a central tool in your infrastructure
+to access the web. In combination with a cache that means overall
+reduced bandwidth usage.
+
+If your forward proxy is not also configured as `transparent
+proxy <../transparent-proxy>`_ your clients will have to be configured
+to actually use it.
+
+The main difference between a forward and a transparent proxy is that
+User Agents *know* that they are accessing a proxy, thus forming their
+requests like so:
+
+::
+ GET http://example.com/index.php?id=1337 HTTP/1.1
+
+This request, then is translated by the proxy to
+
+::
+ GET /index?id=1337 HTTP/1.1
+ Host: example.com
+
+Apache Traffic Server offers two ways to User Agents: They can either be
+pointed directly to the default ``8080`` port. Alternatively, they can
+be pointed to the more dynamic
+```proxy.config.url_remap.default_to_server_pac`` <../configuration-files/records.config#proxy.config.url_remap.default_to_server_pac>`_
+
+This port will then serve a JavaScript like configuration that User
+Agents can use to determine where to send their requests to.
+
+Configuration # {#configuration}
+================================
+
+In order to configure Apache Traffic Server as forward proxy you will
+have to edit
+```records.config`` <../configuration-files/records.config>`_ and set
+
+- ``CONFIG``
+ ```proxy.config.url_remap.remap_required`` <../configuration-files/records.config#proxy.config.url_remap.remap_required>`_
+ ``0``
+
+If your proxy is serving as *pure* forward proxy, you will also want to
+set
+
+- ``CONFIG``
+ ```proxy.config.reverse_proxy.enabled`` <../configuration-files/records.config#proxy.config.reverse_proxy.enabled>`_
+ ``0``
+
+Other configuration variables to consider:
+
+- ``CONFIG``
+ ```proxy.config.http.no_dns_just_forward_to_parent`` <../configuration-files/records.config#proxy.config.http.no_dns_just_forward_to_parent>`_
+- ``CONFIG``
+ ```proxy.config.http.forward.proxy_auth_to_parent`` <../configuration-files/records.config#proxy.config.http.forward.proxy_auth_to_parent>`_
+- ``CONFIG``
+ ```proxy.config.http.insert_squid_x_forwarded_for`` <../configuration-files/records.config#proxy.config.http.insert_squid_x_forwarded_for>`_
+
+Security Considerations
+=======================
+
+It's important to note that once your Apache Traffic Server is
+configured as forward proxy it will indiscriminately accept proxy
+requests from anyone. That means, if it's reachable on the internet, you
+have configured an *Open Proxy*. Most of the time, this is *not* what
+you want, so you'll have to make sure it's either only reachable within
+your NAT or is secured by firewall rules that permit only those clients
+to access it which you want to it to access.
+