📄 mod_proxy.html.en
字号:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>mod_proxy - Apache HTTP Server</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body>
<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.0</p>
<img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_proxy</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a></p>
</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>HTTP/1.1 proxy/gateway server</td></tr>
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module營dentifier:</a></th><td>proxy_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Source燜ile:</a></th><td>mod_proxy.c</td></tr></table>
<h3>Summary</h3>
<div class="warning"><h3>Warning</h3>
<p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous both to your
network and to the Internet at large.</p>
</div>
<p>This module implements a proxy/gateway for Apache. It implements
proxying capability for <code>FTP</code>, <code>CONNECT</code> (for SSL),
<code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and <code>HTTP/1.1</code>.
The module can be configured to connect to other proxy modules for these
and other protocols.</p>
<p>Apache's proxy features are divided into several modules in
addition to <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>:
<code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>, <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
and <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code>. Thus, if you want to use
one or more of the particular proxy functions, load
<code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> <em>and</em> the appropriate module(s)
into the server (either statically at compile-time or dynamically
via the <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code>
directive).</p>
<p>In addition, extended features are provided by other modules.
Caching is provided by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and related
modules. The ability to contact remote servers using the SSL/TLS
protocol is provided by the <code>SSLProxy*</code> directives of
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need
to be loaded and configured to take advantage of these features.</p>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#noproxy">NoProxy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxy"><Proxy></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxybadheader">ProxyBadHeader</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyblock">ProxyBlock</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxydomain">ProxyDomain</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyerroroverride">ProxyErrorOverride</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyiobuffersize">ProxyIOBufferSize</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxymatch"><ProxyMatch></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxymaxforwards">ProxyMaxForwards</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypass">ProxyPass</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypassreverse">ProxyPassReverse</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxypreservehost">ProxyPreserveHost</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremote">ProxyRemote</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyremotematch">ProxyRemoteMatch</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyrequests">ProxyRequests</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li>
</ul>
<h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward and Reverse Proxies</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ftp-proxy">FTP Proxy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
</ul><h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li>
<li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h2>
<p>Apache can be configured in both a <dfn>forward</dfn> and
<dfn>reverse</dfn> proxy mode.</p>
<p>An ordinary <dfn>forward proxy</dfn> is an intermediate
server that sits between the client and the <em>origin
server</em>. In order to get content from the origin server,
the client sends a request to the proxy naming the origin server
as the target and the proxy then requests the content from the
origin server and returns it to the client. The client must be
specially configured to use the forward proxy to access other
sites.</p>
<p>A typical usage of a forward proxy is to provide Internet
access to internal clients that are otherwise restricted by a
firewall. The forward proxy can also use caching (as provided
by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
<p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
forward proxys allow clients to access arbitrary sites through
your server and to hide their true origin, it is essential that
you <a href="#access">secure your server</a> so that only
authorized clients can access the proxy before activating a
forward proxy.</p>
<p>A <dfn>reverse proxy</dfn>, by contrast, appears to the
client just like an ordinary web server. No special
configuration on the client is necessary. The client makes
ordinary requests for content in the name-space of the reverse
proxy. The reverse proxy then decides where to send those
requests, and returns the content as if it was itself the
origin.</p>
<p>A typical usage of a reverse proxy is to provide Internet
users access to a server that is behind a firewall. Reverse
proxies can also be used to balance load among several back-end
servers, or to provide caching for a slower back-end server.
In addition, reverse proxies can be used simply to bring
several servers into the same URL space.</p>
<p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
<code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
<strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
configure a reverse proxy.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="examples" id="examples">Basic Examples</a></h2>
<p>The examples below are only a very basic idea to help you
get started. Please read the documentation on the individual
directives.</p>
<p>In addition, if you wish to have caching enabled, consult
the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
<div class="example"><h3>Forward Proxy</h3><p><code>
ProxyRequests On<br />
ProxyVia On<br />
<br />
<Proxy *><br />
<span class="indent">
Order deny,allow<br />
Deny from all<br />
Allow from internal.example.com<br />
</span>
</Proxy>
</code></p></div>
<div class="example"><h3>Reverse Proxy</h3><p><code>
ProxyRequests Off<br />
<br />
<Proxy *><br />
<span class="indent">
Order deny,allow<br />
Allow from all<br />
</span>
</Proxy><br />
<br />
ProxyPass /foo http://foo.example.com/bar<br />
ProxyPassReverse /foo http://foo.example.com/bar
</code></p></div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
<p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
the following example:</p>
<div class="example"><p><code>
<Proxy *><br />
<span class="indent">
Order Deny,Allow<br />
Deny from all<br />
Allow from 192.168.0<br />
</span>
</Proxy>
</code></p></div>
<p>For more information on access control directives, see
<code class="module"><a href="../mod/mod_access.html">mod_access</a></code>.</p>
<p>Strictly limiting access is essential if you are using a
forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
Otherwise, your server can be used by any client to access
arbitrary hosts while hiding his or her true identity. This is
dangerous both for your network and for the Internet at large.
When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
<code>ProxyRequests Off</code>), access control is less
critical because clients can only contact the hosts that you
have specifically configured.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="ftp-proxy" id="ftp-proxy">FTP Proxy</a></h2>
<h3><a name="mimetypes" id="mimetypes">Why doesn't file type <var>xxx</var>
download via FTP?</a></h3>
<p>You probably don't have that particular file type defined as
<code>application/octet-stream</code> in your proxy's mime.types
configuration file. A useful line can be</p>
<div class="example"><pre>application/octet-stream bin dms lha lzh exe class tgz taz</pre></div>
<h3><a name="type" id="type">How can I force an FTP ASCII download of
File <var>xxx</var>?</a></h3>
<p>In the rare situation where you must download a specific file using the
FTP <code>ASCII</code> transfer method (while the default transfer is in
<code>binary</code> mode), you can override <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>'s
default by suffixing the request with <code>;type=a</code> to force an
ASCII transfer. (FTP Directory listings are always executed in ASCII mode,
however.)</p>
<h3><a name="percent2fhck" id="percent2fhck">How can I access FTP files outside
of my home directory?</a></h3>
<p>An FTP URI is interpreted relative to the home directory of the user
who is logging in. Alas, to reach higher directory levels you cannot
use /../, as the dots are interpreted by the browser and not actually
sent to the FTP server. To address this problem, the so called <dfn>Squid
%2f hack</dfn> was implemented in the Apache FTP proxy; it is a
solution which is also used by other popular proxy servers like the <a href="http://www.squid-cache.org/">Squid Proxy Cache</a>. By
prepending <code>/%2f</code> to the path of your request, you can make
such a proxy change the FTP starting directory to <code>/</code> (instead
of the home directory). For example, to retrieve the file
<code>/etc/motd</code>, you would use the URL:</p>
<div class="example"><p><code>
ftp://<var>user</var>@<var>host</var>/%2f/etc/motd
</code></p></div>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -