⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 mod_proxy.html.en

📁 Apache官方在今天放出产品系列2.2的最新版本2.2.11的源码包 最流行的HTTP服务器软件之一
💻 EN
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
      <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up      and cached during startup for later match test. This may take a few      seconds (or more) depending on the speed with which the hostname lookups      occur.</p>    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>      <p>An Apache proxy server situated in an intranet needs to forward      external requests through the company's firewall (for this, configure      the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive      to forward the respective <var>scheme</var> to the firewall proxy).      However, when it has to      access resources within the intranet, it can bypass the firewall when      accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>      directive is useful for specifying which hosts belong to the intranet and      should be accessed directly.</p>      <p>Users within an intranet tend to omit the local domain name from their      WWW requests, thus requesting "http://somehost/" instead of      <code>http://somehost.example.com/</code>. Some commercial proxy servers      let them get away with this and simply serve the request, implying a      configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return      a redirect response and send the client to the correct, fully qualified,      server address. This is the preferred method since the user's bookmark      files will then contain fully qualified hosts.</p>    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>      <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending      requests to an origin server that doesn't properly implement      keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the      request to use HTTP/1.0 with no keepalive. These are set via the      <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>      <p>These are the <code>force-proxy-request-1.0</code> and      <code>proxy-nokeepalive</code> notes.</p>      <div class="example"><p><code>        &lt;Location /buggyappserver/&gt;<br />        <span class="indent">          ProxyPass http://buggyappserver:7001/foo/<br />          SetEnv force-proxy-request-1.0 1<br />          SetEnv proxy-nokeepalive 1<br />        </span>        &lt;/Location&gt;      </code></p></div>    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>    <p>Some request methods such as POST include a request body.    The HTTP protocol requires that requests which include a body    either use chunked transfer encoding or send a    <code>Content-Length</code> request header.  When passing these    requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>    will always attempt to send the <code>Content-Length</code>.  But    if the body is large and the original request used chunked    encoding, then chunked encoding may also be used in the upstream    request.  You can control this selection using <a href="../env.html">environment variables</a>.  Setting    <code>proxy-sendcl</code> ensures maximum compatibility with    upstream servers by always sending the    <code>Content-Length</code>, while setting    <code>proxy-sendchunked</code> minimizes resource usage by using    chunked encoding.</p>    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>    <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),    <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in    order to pass information to the origin server. These headers    are:</p>    <dl>      <dt><code>X-Forwarded-For</code></dt>      <dd>The IP address of the client.</dd>      <dt><code>X-Forwarded-Host</code></dt>      <dd>The original host requested by the client in the <code>Host</code>        HTTP request header.</dd>      <dt><code>X-Forwarded-Server</code></dt>      <dd>The hostname of the proxy server.</dd>    </dl>    <p>Be careful when using these headers on the origin server, since    they will contain more than one (comma-separated) value if the    original request already contained one of these headers. For    example, you can use <code>%{X-Forwarded-For}i</code> in the log    format string of the origin server to log the original clients IP    address, but you may get more than one address if the request    passes through several proxies.</p>    <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control    other request headers.</p>   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through theproxy</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr><tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr></table>    <p>The <code class="directive">AllowCONNECT</code> directive specifies a list    of port numbers to which the proxy <code>CONNECT</code> method may    connect.  Today's browsers use this method when a <code>https</code>    connection is requested and proxy tunneling over HTTP is in effect.</p>    <p>By default, only the default https port (<code>443</code>) and the    default snews port (<code>563</code>) are enabled. Use the    <code class="directive">AllowCONNECT</code> directive to override this default and    allow connections to the listed ports only.</p>    <p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present    in the server in order to get the support for the <code>CONNECT</code> at    all.</p></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="BalancerMember" id="BalancerMember">BalancerMember</a> <a name="balancermember" id="balancermember">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add a member to a load balancing group</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BalancerMember <var>url</var> [<var>key=value [key=value ...]]</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr><tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerMember is only available in Apache 2.2        and later.</td></tr></table>    <p>This directive adds a member to a load balancing group. It must be used    within a <code>&lt;Proxy <var>balancer://</var>...&gt;</code> container    directive, and can take any of the parameters available to    <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected todirectly</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr><tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr></table>    <p>This directive is only useful for Apache proxy servers within    intranets.  The <code class="directive">NoProxy</code> directive specifies a    list of subnets, IP addresses, hosts and/or domains, separated by    spaces. A request to a host which matches one or more of these is    always served directly, without forwarding to the configured    <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>    <div class="example"><h3>Example</h3><p><code>      ProxyRemote  *  http://firewall.example.com:81<br />      NoProxy         .example.com 192.168.112.0/21    </code></p></div>    <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>    directive are one of the following type list:</p>    <dl>        <dt><var><a name="domain" id="domain">Domain</a></var></dt>    <dd>    <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded    by a period. It represents a list of hosts which logically belong to the    same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are    all ending in <var>Domain</var>).</p>    <div class="example"><h3>Examples</h3><p><code>      .com .apache.org.    </code></p></div>    <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can    have a DNS A record, too!), <var>Domain</var>s are always written with a    leading period.</p>        <div class="note"><h3>Note</h3>      <p>Domain name comparisons are done without regard to the case, and      <var>Domain</var>s are always assumed to be anchored in the root of the      DNS tree, therefore two domains <code>.ExAmple.com</code> and      <code>.example.com.</code> (note the trailing period) are considered      equal. Since a domain comparison does not involve a DNS lookup, it is much      more efficient than subnet comparison.</p>    </div></dd>        <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>    <dd>    <p>A <dfn>SubNet</dfn> is a partially qualified internet address in    numeric (dotted quad) form, optionally followed by a slash and the netmask,    specified as the number of significant bits in the <var>SubNet</var>. It is    used to represent a subnet of hosts which can be reached over a common    network interface. In the absence of the explicit net mask it is assumed    that omitted (or zero valued) trailing digits specify the mask. (In this    case, the netmask can only be multiples of 8 bits wide.) Examples:</p>    <dl>    <dt><code>192.168</code> or <code>192.168.0.0</code></dt>    <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits    (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>    <dt><code>192.168.112.0/21</code></dt>    <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21    valid bits (also used in the form <code>255.255.248.0</code>)</dd>    </dl>    <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the    equivalent to an <var><a href="#ipadr">IPAddr</a></var>, while a <var>SubNet</var> with zero    valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant    <var>_Default_</var>, matching any IP address.</p></dd>        <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>    <dd>    <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in    numeric (dotted quad) form. Usually, this address represents a host, but    there need not necessarily be a DNS domain name connected with the    address.</p>    <div class="example"><h3>Example</h3><p><code>      192.168.123.7    </code></p></div>        <div class="note"><h3>Note</h3>
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -