You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modproxy-dev@apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/02/10 11:45:03 UTC

ProxyPass dns issues

Hi,
while setting up apache as an ssl proxy to some backend servers I 
noticed that a reverse lookup is performed for each new connection to 
the internal server.

I wondered if it was possible to prevent this but by looking at the 
source code of mod_proxy it doesn't seem so.

As a workaround I've added the internal server's ip addresses to /etc/hosts.
IMHO the reverse lookup should be made avoidable from the configuration 
file. (Maybe it should be made avoidable completely, unless I'm missing 
a possible reason to revese lookup there...)

Regards.

--
Federico Mennite
Lifeware AG

Re: ProxyPass dns issues (patch)

Posted by Federico Mennite <fe...@lifeware.ch>.

Federico Mennite wrote:

Ok I've written a small patch that allows no reverse lookups with a new 
directive called ReverseLookups.
I don't think it's avtually a clean solution, so isn't supposed to a 
definitive patch.
I was wondering if adding a boolean parameter to the ProxyPass directive 
would make more sense...

Opinions/suggestions?

Re: ProxyPass dns issues (more details)

Posted by Federico Mennite <fe...@lifeware.ch>.

Federico Mennite wrote:
> Hi,
> while setting up apache as an ssl proxy to some backend servers I 
> noticed that a reverse lookup is performed for each new connection to 
> the internal server.
> 
> I wondered if it was possible to prevent this but by looking at the 
> source code of mod_proxy it doesn't seem so.
I tested it on apache 1.3.26 on a linux system. It should be the same 
for 1.3.27 since, by looking at the cvs, nothing changed in the involved 
areas.
Apache 2 behaves in the same way.


Relevant configuration options:

HostnameLookups Off
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
   ServerName some.host.com
   SSLEngine On
   SSLCertificateFile    /opt/apache/conf/ssl.crt/my.crt
   SSLCertificateKeyFile /opt/apache/conf/ssl.key/my.key
   ProxyPass        / http://192.168.2.1:80/
   ProxyPassReverse / http://192.168.2.1:80/
</VirtualHost>



> As a workaround I've added the internal server's ip addresses to 
> /etc/hosts

> IMHO the reverse lookup should be made avoidable from the configuration 
> file. (Maybe it should be made avoidable completely, unless I'm missing 
> a possible reason to revese lookup there...)
> 
> Regards.
> 
> -- 
> Federico Mennite
> Lifeware AG
>