You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modproxy-dev@apache.org by Federico Mennite <fe...@lifeware.ch> on 2003/02/10 11:45:03 UTC
ProxyPass dns issues
Hi,
while setting up apache as an ssl proxy to some backend servers I
noticed that a reverse lookup is performed for each new connection to
the internal server.
I wondered if it was possible to prevent this but by looking at the
source code of mod_proxy it doesn't seem so.
As a workaround I've added the internal server's ip addresses to /etc/hosts.
IMHO the reverse lookup should be made avoidable from the configuration
file. (Maybe it should be made avoidable completely, unless I'm missing
a possible reason to revese lookup there...)
Regards.
--
Federico Mennite
Lifeware AG
Re: ProxyPass dns issues (patch)
Posted by Federico Mennite <fe...@lifeware.ch>.
Federico Mennite wrote:
Ok I've written a small patch that allows no reverse lookups with a new
directive called ReverseLookups.
I don't think it's avtually a clean solution, so isn't supposed to a
definitive patch.
I was wondering if adding a boolean parameter to the ProxyPass directive
would make more sense...
Opinions/suggestions?
Re: ProxyPass dns issues (more details)
Posted by Federico Mennite <fe...@lifeware.ch>.
Federico Mennite wrote:
> Hi,
> while setting up apache as an ssl proxy to some backend servers I
> noticed that a reverse lookup is performed for each new connection to
> the internal server.
>
> I wondered if it was possible to prevent this but by looking at the
> source code of mod_proxy it doesn't seem so.
I tested it on apache 1.3.26 on a linux system. It should be the same
for 1.3.27 since, by looking at the cvs, nothing changed in the involved
areas.
Apache 2 behaves in the same way.
Relevant configuration options:
HostnameLookups Off
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
ServerName some.host.com
SSLEngine On
SSLCertificateFile /opt/apache/conf/ssl.crt/my.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/my.key
ProxyPass / http://192.168.2.1:80/
ProxyPassReverse / http://192.168.2.1:80/
</VirtualHost>
> As a workaround I've added the internal server's ip addresses to
> /etc/hosts
> IMHO the reverse lookup should be made avoidable from the configuration
> file. (Maybe it should be made avoidable completely, unless I'm missing
> a possible reason to revese lookup there...)
>
> Regards.
>
> --
> Federico Mennite
> Lifeware AG
>