📄 mod_proxy.html.en
字号:
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This file is generated from xml source: DO NOT EDIT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --><title>mod_proxy - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_proxy</h1><div class="toplang"><p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a></p></div><table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>HTTP/1.1 proxy/gateway server</td></tr><tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module營dentifier:</a></th><td>proxy_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source燜ile:</a></th><td>mod_proxy.c</td></tr></table><h3>Summary</h3> <div class="warning"><h3>Warning</h3> <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous both to your network and to the Internet at large.</p> </div> <p>This module implements a proxy/gateway for Apache. It implements proxying capability for <code>FTP</code>, <code>CONNECT</code> (for SSL), <code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and <code>HTTP/1.1</code>. The module can be configured to connect to other proxy modules for these and other protocols.</p> <p>Apache's proxy features are divided into several modules in addition to <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>: <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>, <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code> and <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code>. Thus, if you want to use one or more of the particular proxy functions, load <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> <em>and</em> the appropriate module(s) into the server (either statically at compile-time or dynamically via the <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> directive).</p> <p>In addition, extended features are provided by other modules. Caching is provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and related modules. The ability to contact remote servers using the SSL/TLS protocol is provided by the <code>SSLProxy*</code> directives of <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need to be loaded and configured to take advantage of these features.</p></div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li><li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxy"><Proxy></a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxydomain">ProxyDomain</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyerroroverride">ProxyErrorOverride</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyftpdircharset">ProxyFtpDirCharset</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyiobuffersize">ProxyIOBufferSize</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxymatch"><ProxyMatch></a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxymaxforwards">ProxyMaxForwards</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxypass">ProxyPass</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxypassreverse">ProxyPassReverse</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxypreservehost">ProxyPreserveHost</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyremote">ProxyRemote</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyremotematch">ProxyRemoteMatch</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyrequests">ProxyRequests</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li><li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li></ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward and Reverse Proxies</a></li><li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li><li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li><li><img alt="" src="../images/down.gif" /> <a href="#ftp-proxy">FTP Proxy</a></li><li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li><li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li><li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li><li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li><li><code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code></li><li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li><li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h2> <p>Apache can be configured in both a <dfn>forward</dfn> and <dfn>reverse</dfn> proxy mode.</p> <p>An ordinary <dfn>forward proxy</dfn> is an intermediate server that sits between the client and the <em>origin server</em>. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.</p> <p>A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall. The forward proxy can also use caching (as provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p> <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because forward proxys allow clients to access arbitrary sites through your server and to hide their true origin, it is essential that you <a href="#access">secure your server</a> so that only authorized clients can access the proxy before activating a forward proxy.</p> <p>A <dfn>reverse proxy</dfn>, by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin.</p> <p>A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers, or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.</p> <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to configure a reverse proxy.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="examples" id="examples">Basic Examples</a></h2> <p>The examples below are only a very basic idea to help you get started. Please read the documentation on the individual directives.</p> <p>In addition, if you wish to have caching enabled, consult the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p> <div class="example"><h3>Forward Proxy</h3><p><code> ProxyRequests On<br /> ProxyVia On<br /> <br /> <Proxy *><br /> <span class="indent"> Order deny,allow<br /> Deny from all<br /> Allow from internal.example.com<br /> </span> </Proxy> </code></p></div> <div class="example"><h3>Reverse Proxy</h3><p><code> ProxyRequests Off<br /> <br /> <Proxy *><br /> <span class="indent"> Order deny,allow<br /> Allow from all<br /> </span> </Proxy><br /> <br /> ProxyPass /foo http://foo.example.com/bar<br /> ProxyPassReverse /foo http://foo.example.com/bar </code></p></div> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="access" id="access">Controlling access to your proxy</a></h2> <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in the following example:</p> <div class="example"><p><code> <Proxy *><br /> <span class="indent"> Order Deny,Allow<br /> Deny from all<br /> Allow from 192.168.0<br /> </span> </Proxy> </code></p></div> <p>For more information on access control directives, see <code class="module"><a href="../mod/mod_access.html">mod_access</a></code>.</p> <p>Strictly limiting access is essential if you are using a forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive). Otherwise, your server can be used by any client to access arbitrary hosts while hiding his or her true identity. This is dangerous both for your network and for the Internet at large. When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with <code>ProxyRequests Off</code>), access control is less critical because clients can only contact the hosts that you have specifically configured.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="ftp-proxy" id="ftp-proxy">FTP Proxy</a></h2> <h3><a name="mimetypes" id="mimetypes">Why doesn't file type <var>xxx</var> download via FTP?</a></h3> <p>You probably don't have that particular file type defined as <code>application/octet-stream</code> in your proxy's mime.types configuration file. A useful line can be</p> <div class="example"><pre>application/octet-stream bin dms lha lzh exe class tgz taz</pre></div> <h3><a name="type" id="type">How can I force an FTP ASCII download of File <var>xxx</var>?</a></h3> <p>In the rare situation where you must download a specific file using the FTP <code>ASCII</code> transfer method (while the default transfer is in <code>binary</code> mode), you can override <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>'s default by suffixing the request with <code>;type=a</code> to force an ASCII transfer. (FTP Directory listings are always executed in ASCII mode, however.)</p> <h3><a name="percent2fhck" id="percent2fhck">How can I access FTP files outside of my home directory?</a></h3> <p>An FTP URI is interpreted relative to the home directory of the user who is logging in. Alas, to reach higher directory levels you cannot use /../, as the dots are interpreted by the browser and not actually sent to the FTP server. To address this problem, the so called <dfn>Squid %2f hack</dfn> was implemented in the Apache FTP proxy; it is a solution which is also used by other popular proxy servers like the <a href="http://www.squid-cache.org/">Squid Proxy Cache</a>. By prepending <code>/%2f</code> to the path of your request, you can make such a proxy change the FTP starting directory to <code>/</code> (instead of the home directory). For example, to retrieve the file <code>/etc/motd</code>, you would use the URL:</p> <div class="example"><p><code> ftp://<var>user</var>@<var>host</var>/%2f/etc/motd </code></p></div> <h3><a name="ftppass" id="ftppass">How can I hide the FTP cleartext password⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -