Suggestions for mod_proxy

Suggestions for mod_proxy

am 06.08.2003 17:01:28 von Timothy Stone

Greetings mod_proxy developers:

Normally, I would not bother a developer list, but certain requirements
in a recent project sparked my desire to post a suggestion for mod_proxy.

The directive: ProxyBlock has very broad or very narrow application.

For example:

ProxyBlock *

Effectively disables Apache as a proxy.

Opposite is:

ProxyBlock .playboy.com .hustler.com .wired.com

which is a very grandular approach.

There is not an "in-between". Specifically, I was handed requirements to
set up a "kiosk-like" box that served local content, but could go to
Mapquest if desired. So my initial idea was to set Apache up as a proxy
that would block traffic to all websites /except/ Mapquest.

Now, I know that other, probably more efficent IP layer methods exist,
but the client does not wish to, or want to, play with their routers.

So I tried, after a number of creative suggestions on the Apache User
list, to get this to work (block all traffic to websites other than
Mapquest). All to no avail.

mod_proxy does not appear, by design it seems, to allow negated domains,
or for example:

ProxyBlock * !.mapquest.com

I'm currently working on some rather creative solutions to fix this (it
appears that no workaround in mod_proxy exists). One such workaround is
to write domains to a text file and periodically restart Apache to
"source" in a new ProxyBlock list (otherwise the sheer amount of upfront
work of entering by hand the global list of domain names is daungting
indeed).

If the developers are open to suggestions, this seems to me to be a near
perfect one.

I thank each of you for your time and for the most excellent HTTPD on
the Internet (I refuse to use anything else!) :)

Tim

Re: Suggestions for mod_proxy

am 06.08.2003 22:09:51 von Mike Collins

Tim,

I joined this list a few weeks ago. I am not a mod developer but I was =
inquiring on something in the same ballpark.

I was looking for a proxy command to filter out resource files like =
images and style sheets.

So the following works great. But performance suffers with images. =20


ServerName apacheapp1:8080
DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/app1"
ProxyPass / http://localhost:8500/
ProxyPassReverse / http://localhost:8500/


What I would like to do is=20


ProxyPass http://localhost:8000/
ProxyPassReverse http://localhost:8000/


so all requests for files in the images directory would not get proxied =
and get served from the web server doc root.

If you find a solution let us know.

Thanks,
Mike




----- Original Message -----=20
From: "Timothy Stone"
To:
Sent: Wednesday, August 06, 2003 11:01 AM
Subject: Suggestions for mod_proxy


Greetings mod_proxy developers:

Normally, I would not bother a developer list, but certain requirements=20
in a recent project sparked my desire to post a suggestion for =
mod_proxy.

The directive: ProxyBlock has very broad or very narrow application.

For example:

ProxyBlock *

Effectively disables Apache as a proxy.

Opposite is:

ProxyBlock .playboy.com .hustler.com .wired.com

which is a very grandular approach.

There is not an "in-between". Specifically, I was handed requirements to =

set up a "kiosk-like" box that served local content, but could go to=20
Mapquest if desired. So my initial idea was to set Apache up as a proxy=20
that would block traffic to all websites /except/ Mapquest.

Now, I know that other, probably more efficent IP layer methods exist,=20
but the client does not wish to, or want to, play with their routers.

So I tried, after a number of creative suggestions on the Apache User=20
list, to get this to work (block all traffic to websites other than=20
Mapquest). All to no avail.

mod_proxy does not appear, by design it seems, to allow negated domains, =

or for example:

ProxyBlock * !.mapquest.com

I'm currently working on some rather creative solutions to fix this (it=20
appears that no workaround in mod_proxy exists). One such workaround is=20
to write domains to a text file and periodically restart Apache to=20
"source" in a new ProxyBlock list (otherwise the sheer amount of upfront =

work of entering by hand the global list of domain names is daungting=20
indeed).

If the developers are open to suggestions, this seems to me to be a near =

perfect one.

I thank each of you for your time and for the most excellent HTTPD on=20
the Internet (I refuse to use anything else!) :)

Tim

Re: Suggestions for mod_proxy

am 07.08.2003 10:11:54 von Daniel Lopez

Hi

With Apache 2.0 you can do

ProxyPass /images !

to indicate you do not want to reverse proxy that location.
With Apache 1.3 you can use mod_rewrite to simulate the same


On Wed, Aug 06, 2003 at 04:09:51PM -0400, Mike Collins wrote:
> Tim,
>
> I joined this list a few weeks ago. I am not a mod developer but I was inquiring on something in the same ballpark.
>
> I was looking for a proxy command to filter out resource files like images and style sheets.
>
> So the following works great. But performance suffers with images.
>
>
> ServerName apacheapp1:8080
> DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/app1"
> ProxyPass / http://localhost:8500/
> ProxyPassReverse / http://localhost:8500/
>

>
> What I would like to do is
>
>
> ProxyPass http://localhost:8000/
> ProxyPassReverse http://localhost:8000/
>

>
> so all requests for files in the images directory would not get proxied and get served from the web server doc root.
>
> If you find a solution let us know.
>
> Thanks,
> Mike
>
>
>
>
> ----- Original Message -----
> From: "Timothy Stone"
> To:
> Sent: Wednesday, August 06, 2003 11:01 AM
> Subject: Suggestions for mod_proxy
>
>
> Greetings mod_proxy developers:
>
> Normally, I would not bother a developer list, but certain requirements
> in a recent project sparked my desire to post a suggestion for mod_proxy.
>
> The directive: ProxyBlock has very broad or very narrow application.
>
> For example:
>
> ProxyBlock *
>
> Effectively disables Apache as a proxy.
>
> Opposite is:
>
> ProxyBlock .playboy.com .hustler.com .wired.com
>
> which is a very grandular approach.
>
> There is not an "in-between". Specifically, I was handed requirements to
> set up a "kiosk-like" box that served local content, but could go to
> Mapquest if desired. So my initial idea was to set Apache up as a proxy
> that would block traffic to all websites /except/ Mapquest.
>
> Now, I know that other, probably more efficent IP layer methods exist,
> but the client does not wish to, or want to, play with their routers.
>
> So I tried, after a number of creative suggestions on the Apache User
> list, to get this to work (block all traffic to websites other than
> Mapquest). All to no avail.
>
> mod_proxy does not appear, by design it seems, to allow negated domains,
> or for example:
>
> ProxyBlock * !.mapquest.com
>
> I'm currently working on some rather creative solutions to fix this (it
> appears that no workaround in mod_proxy exists). One such workaround is
> to write domains to a text file and periodically restart Apache to
> "source" in a new ProxyBlock list (otherwise the sheer amount of upfront
> work of entering by hand the global list of domain names is daungting
> indeed).
>
> If the developers are open to suggestions, this seems to me to be a near
> perfect one.
>
> I thank each of you for your time and for the most excellent HTTPD on
> the Internet (I refuse to use anything else!) :)
>
> Tim
>

--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

Re: Suggestions for mod_proxy

am 07.08.2003 14:26:49 von Timothy Stone

Timothy Stone wrote:

> Greetings mod_proxy developers:
>
> Normally, I would not bother a developer list, but certain requirements
> in a recent project sparked my desire to post a suggestion for mod_proxy.
>
> The directive: ProxyBlock has very broad or very narrow application.
>
> For example:
>
> ProxyBlock *
>
> Effectively disables Apache as a proxy.
>
> Opposite is:
>
> ProxyBlock .playboy.com .hustler.com .wired.com
>
> which is a very grandular approach.
>
> There is not an "in-between". Specifically, I was handed requirements to
> set up a "kiosk-like" box that served local content, but could go to
> Mapquest if desired. So my initial idea was to set Apache up as a proxy
> that would block traffic to all websites /except/ Mapquest.
>

I knew that I must have been missing a piece of the puzzle. Thanks to
Andrew Braund for pointing me to the configuration guidelines for a
"URL-Restricted Proxy" available in the Apache 1.3 URL Rewriting Guide
(http://httpd.apache.org/docs/misc/rewriteguide.html).

Warmest Regards,
Tim