mod_proxy.html.en

apache的软件linux版本

    in my browser's URL line?</a></h3>
      <p>To log in to an FTP server by username and password, Apache uses
      different strategies. In absense of a user name and password in the URL
      altogether, Apache sends an anonymous login to the FTP server,
      <em>i.e.</em>,</p>

      <div class="example"><p><code>
        user: anonymous<br />
        password: apache_proxy@
      </code></p></div>

      <p>This works for all popular FTP servers which are configured for
      anonymous access.</p>

      <p>For a personal login with a specific username, you can embed the user
      name into the URL, like in:</p>

      <div class="example"><p><code>
        ftp://<var>username</var>@<var>host</var>/myfile
      </code></p></div>

      <p>If the FTP server asks for a password when given this username (which
      it should), then Apache will reply with a <code>401</code> (Authorization
      required) response, which causes the Browser to pop up the
      username/password dialog. Upon entering the password, the connection
      attempt is retried, and if successful, the requested resource is
      presented. The advantage of this procedure is that your browser does not
      display the password in cleartext (which it would if you had used</p>

      <div class="example"><p><code>
        ftp://<var>username</var>:<var>password</var>@<var>host</var>/myfile
      </code></p></div>

      <p>in the first place).</p>

      <div class="note"><h3>Note</h3>
        <p>The password which is transmitted in such a way is not encrypted on
        its way. It travels between your browser and the Apache proxy server in
        a base64-encoded cleartext string, and between the Apache proxy and the
        FTP server as plaintext. You should therefore think twice before
        accessing your FTP server via HTTP (or before accessing your personal
        files via FTP at all!) When using unsecure channels, an eavesdropper
        might intercept your password on its way.</p>
      </div>
     
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="startup" id="startup">Slow Startup</a></h2>
      <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
      and cached during startup for later match test. This may take a few
      seconds (or more) depending on the speed with which the hostname lookups
      occur.</p>
    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
      <p>An Apache proxy server situated in an intranet needs to forward
      external requests through the company's firewall (for this, configure
      the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
      to forward the respective <var>scheme</var> to the firewall proxy).
      However, when it has to
      access resources within the intranet, it can bypass the firewall when
      accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
      directive is useful for specifying which hosts belong to the intranet and
      should be accessed directly.</p>

      <p>Users within an intranet tend to omit the local domain name from their
      WWW requests, thus requesting "http://somehost/" instead of
      <code>http://somehost.example.com/</code>. Some commercial proxy servers
      let them get away with this and simply serve the request, implying a
      configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
      a redirect response and send the client to the correct, fully qualified,
      server address. This is the preferred method since the user's bookmark
      files will then contain fully qualified hosts.</p>
    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
      <p>For circumstances where you have a application server which doesn't
      implement keepalives or HTTP/1.1 properly, there are 2 environment
      variables which when set send a HTTP/1.0 with no keepalive. These are set
      via the  <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>

      <p>These are the <code>force-proxy-request-1.0</code> and
      <code>proxy-nokeepalive</code> notes.</p>

      <div class="example"><p><code>
        &lt;Location /buggyappserver/&gt;<br />
        <span class="indent">
          ProxyPass http://buggyappserver:7001/foo/<br />
          SetEnv force-proxy-request-1.0 1<br />
          SetEnv proxy-nokeepalive 1<br />
        </span>
        &lt;/Location&gt;
      </code></p></div>
    </div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
proxy</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
    <p>The <code class="directive">AllowCONNECT</code> directive specifies a list
    of port numbers to which the proxy <code>CONNECT</code> method may
    connect.  Today's browsers use this method when a <code>https</code>
    connection is requested and proxy tunneling over HTTP is in effect.</p>

    <p>By default, only the default https port (<code>443</code>) and the
    default snews port (<code>563</code>) are enabled. Use the
    <code class="directive">AllowCONNECT</code> directive to override this default and
    allow connections to the listed ports only.</p>

    <p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present
    in the server in order to get the support for the <code>CONNECT</code> at
    all.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
directly</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
    <p>This directive is only useful for Apache proxy servers within
    intranets.  The <code class="directive">NoProxy</code> directive specifies a
    list of subnets, IP addresses, hosts and/or domains, separated by
    spaces. A request to a host which matches one or more of these is
    always served directly, without forwarding to the configured
    <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>

    <div class="example"><h3>Example</h3><p><code>
      ProxyRemote  *  http://firewall.mycompany.com:81<br />
      NoProxy         .mycompany.com 192.168.112.0/21
    </code></p></div>

    <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
    directive are one of the following type list:</p>

    <dl>
    
    <dt><var><a name="domain" id="domain">Domain</a></var></dt>
    <dd>
    <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
    by a period. It represents a list of hosts which logically belong to the
    same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
    all ending in <var>Domain</var>).</p>

    <div class="example"><h3>Examples</h3><p><code>
      .com .apache.org.
    </code></p></div>

    <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
    have a DNS A record, too!), <var>Domain</var>s are always written with a
    leading period.</p>
    
    <div class="note"><h3>Note</h3>
      <p>Domain name comparisons are done without regard to the case, and
      <var>Domain</var>s are always assumed to be anchored in the root of the
      DNS tree, therefore two domains <code>.MyDomain.com</code> and
      <code>.mydomain.com.</code> (note the trailing period) are considered
      equal. Since a domain comparison does not involve a DNS lookup, it is much
      more efficient than subnet comparison.</p>
    </div></dd>

    
    <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
    <dd>
    <p>A <dfn>SubNet</dfn> is a partially qualified internet address in
    numeric (dotted quad) form, optionally followed by a slash and the netmask,
    specified as the number of significant bits in the <var>SubNet</var>. It is
    used to represent a subnet of hosts which can be reached over a common
    network interface. In the absence of the explicit net mask it is assumed
    that omitted (or zero valued) trailing digits specify the mask. (In this
    case, the netmask can only be multiples of 8 bits wide.) Examples:</p>

    <dl>
    <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
    <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
    (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
    <dt><code>192.168.112.0/21</code></dt>
    <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
    valid bits (also used in the form 255.255.248.0)</dd>
    </dl>

    <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
    equivalent to an <var><a href="#ipadr">IPAddr</a></var>, while a <var>SubNet</var> with zero
    valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
    <var>_Default_</var>, matching any IP address.</p></dd>

    
    <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
    <dd>
    <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
    numeric (dotted quad) form. Usually, this address represents a host, but
    there need not necessarily be a DNS domain name connected with the
    address.</p>
    <div class="example"><h3>Example</h3><p><code>
      192.168.123.7
    </code></p></div>
    
    <div class="note"><h3>Note</h3>
      <p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
      it can result in more effective apache performance.</p>
    </div></dd>

    
    <dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
    <dd>
    <p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
    be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
    DNS domain name service. It represents a logical host (in contrast to
	<var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
    to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
    of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>

    <div class="example"><h3>Examples</h3><p><code>
      prep.ai.mit.edu<br />
      www.apache.org
    </code></p></div>

    <div class="note"><h3>Note</h3>
      <p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
      DNS lookup can be avoided. Name resolution in Apache can take a remarkable
      deal of time when the connection to the name server uses a slow PPP
      link.</p>
      <p><var>Hostname</var> comparisons are done without regard to the case,
      and <var>Hostname</var>s are always assumed to be anchored in the root
      of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
      and <code>www.mydomain.com.</code> (note the trailing period) are
      considered equal.</p>
     </div></dd>
    </dl>

<h3>See also</h3>
<ul>
<li><a href="../dns-caveats.html">DNS Issues</a></li>
</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Proxy" id="Proxy">&lt;Proxy&gt;</a> <a name="proxy" id="proxy">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;Proxy <var>wildcard-url</var>&gt; ...&lt;/Proxy&gt;</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>