2362N/AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 0N/A This file is generated from xml source: DO NOT EDIT 0N/AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 0N/A--><
title>mod_proxy - Apache HTTP Server</
title><
link href="/style/manual.css" type="text/css" rel="stylesheet"/></
head><
body><
blockquote><
div align="center"><
img alt="[APACHE DOCUMENTATION]" src="/images/sub.gif"/><
h3>Apache HTTP Server Version 2.0</
h3></
div><
h1 align="center">Apache Module mod_proxy</
h1><
table cellspacing="1" cellpadding="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td valign="top"><
span class="help">Description:</
span></
td><
td><
description>
HTTP/
1.1 proxy/
gateway server</
description></
td></
tr><
tr><
td><
a href="module-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</
a></
td><
td>proxy_module</
td></
tr></
table></
td></
tr></
table><
h2>Summary</
h2><
summary>
0N/A<
blockquote><
table><
tr><
td bgcolor="#ffe5f5"><
p align="center"><
strong>Warning</
strong></
p>
2362N/AThis document has been updated to take into account changes
0N/Amade in the 2.0 version of the Apache HTTP Server. Some of the
2362N/Ainformation may still be inaccurate, please use it
0N/A</
td></
tr></
table></
blockquote>
0N/Aproxying capability for
0N/A<
code>CONNECT</
code> (for SSL),
0N/AThe module can be configured to connect to other proxy modules for these
2362N/A<
p>This module was experimental in Apache
1.1.x. Improvements and bugfixes
0N/Awere made in Apache
v1.2.x and Apache
v1.3.x, then the module underwent a major
0N/Aoverhaul for Apache v2.0. The protocol support was upgraded to
HTTP/
1.1,
0N/Aand filter support was enabled.</
p>
0N/A<
p>Please note that the <
strong>caching</
strong> function present in
0N/Amod_proxy up to Apache
v1.3.x has been <
strong>removed</
strong> from
0N/Amod_proxy and will be incorporated into a new module, mod_cache.</
p>
0N/A</
summary><
h2>Directives</
h2><
ul><
li><
a href="#allowconnect">AllowCONNECT</
a></
li><
li><
a href="#noproxy">NoProxy</
a></
li><
li><
a href="#proxyblock">ProxyBlock</
a></
li><
li><
a href="#proxydomain">ProxyDomain</
a></
li><
li><
a href="#proxyerroroverride">ProxyErrorOverride</
a></
li><
li><
a href="#proxymaxforwards">ProxyMaxForwards</
a></
li><
li><
a href="#proxypass">ProxyPass</
a></
li><
li><
a href="#proxypassreverse">ProxyPassReverse</
a></
li><
li><
a href="#proxypreservehost">ProxyPreserveHost</
a></
li><
li><
a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</
a></
li><
li><
a href="#proxyremote">ProxyRemote</
a></
li><
li><
a href="#proxyrequests">ProxyRequests</
a></
li><
li><
a href="#proxytimeout">ProxyTimeout</
a></
li><
li><
a href="#proxyvia">ProxyVia</
a></
li></
ul><
h2><
a name="configs">Common configuration topics</
a></
h2>
0N/A<
li><
a href="#forwardreverse">Forward and Reverse Proxies</
a></
li>
0N/A<
li><
a href="#access">Controlling access to your proxy</
a></
li>
0N/A<
li><
a href="#shortname">Using Netscape hostname shortcuts</
a></
li>
0N/A<
li><
a href="#mimetypes">Why doesn't file type <
em>xxx</
em> download via FTP?</
a></
li>
0N/A<
li><
a href="#type">How can I force an FTP ASCII download of File <
em>xxx</
em>?</
a></
li>
0N/A<
li><
a href="#percent2fhack">How can I access FTP files outside of my home directory?</
a></
li>
0N/A<
li><
a href="#ftppass">How can I hide the FTP cleartext password in my browser's URL line?</
a></
li>
0N/A<
li><
a href="#startup">Why does Apache start more slowly when using the
0N/A proxy module?</
a></
li>
0N/A<
li><
a href="#intranet">What other functions are useful for an intranet proxy server?</
a></
li>
0N/A<
h3><
a name="forwardreverse">Forward and Reverse Proxies</
a></
h3>
0N/A<
p>Apache can be configured in both a <
em>forward</
em> and <
em>reverse</
em>
0N/Aproxy configuration.</
p>
0N/A<
p>A <
em>forward proxy</
em> is an intermediate system that enables a browser to connect to a
0N/Aremote network to which it normally does not have access. A forward proxy
0N/Acan also be used to cache data, reducing load on the networks between the
0N/Aforward proxy and the remote webserver.</
p>
0N/A<
p>Apache's mod_proxy can be figured to behave like a forward proxy
0N/Ausing the <
a href="#proxyremote" class="directive"><
code class="directive">ProxyRemote</
code></
a>
0N/Adirective. In addition, caching of data can be achieved by configuring
0N/AApache <
code><
a href="mod_cache.html">mod_cache</
a></
code>. Other dedicated forward proxy
0N/A<
p>A <
em>reverse proxy</
em> is a webserver system that is capable of serving webpages
0N/Asourced from other webservers - in addition to webpages on disk or generated
0N/Adynamically by CGI - making these pages look like they originated at the
0N/A<
p>When configured with the mod_cache module the reverse
0N/Aproxy can act as a cache for slower backend webservers. The reverse proxy
0N/Acan also enable advanced URL strategies and management techniques, allowing
0N/Awebpages served using different webserver systems or architectures to
0N/Acoexist inside the same URL space. Reverse proxy systems are also ideal for
0N/Aimplementing centralised logging websites with many or diverse website
0N/Abackends. Complex multi-tier webserver systems can be constructed using an
0N/AApache mod_proxy frontend and any number of backend webservers.</
p>
0N/A<
p>The reverse proxy is configured using the
0N/A<
a href="#proxypass" class="directive"><
code class="directive">ProxyPass</
code></
a> and <
a href="#proxypassreverse" class="directive"><
code class="directive">ProxyPassReverse</
code></
a> directives. Caching can be
0N/Aenabled using mod_cache as with the forward proxy.</
p>
0N/A<
h3><
a name="access">Controlling access to your proxy</
a></
h3>
0N/A<
p>You can control who can access your proxy via the normal <
a href="core.html#directory" class="directive"><
code class="directive"><Directory></
code></
a>
0N/Acontrol block using the following example:</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A<Directory proxy:*><
br>
0N/AAllow from 192.168.0<
br>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>A <
a href="core.html#files" class="directive"><
code class="directive"><Files></
code></
a> block
0N/Awill also work, and is the only method known to work for all possible
0N/AURLs in Apache versions earlier than 1.2b10.</
p>
0N/A<
p>When configuring a reverse proxy, access control takes on the
0N/Aattributes of the normal server <
a href="core.html#directory" class="directive"><
code class="directive"><directory></
code></
a> configuration.</
p>
0N/A<
h3><
a name="mimetypes">Why doesn't file type <
em>xxx</
em>
0N/Adownload via FTP?</
a></
h3>
0N/A<
p>You probably don't have that particular file type defined as
0N/Afile. A useful line can be</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
h3><
a name="type">How can I force an FTP ASCII download of
0N/AFile <
em>xxx</
em>?</
a></
h3>
0N/A<
p>In the rare situation where you must download a specific file using the FTP
0N/A<
strong>ASCII</
strong> transfer method (while the default transfer is in
0N/A<
strong>binary</
strong> mode), you can override mod_proxy's default by
0N/Asuffixing the request with <
code>;type=a</
code> to force an ASCII transfer.
0N/A(FTP Directory listings are always executed in ASCII mode, however.)</
p>
0N/A<
h3><
a name="percent2fhck">How can I access FTP files outside
0N/Aof my home directory?</
a></
h3>
0N/AAn FTP URI is interpreted relative to the home directory of the user
0N/Awho is logging in. Alas, to reach higher directory levels you cannot
0N/Ause /../, as the dots are interpreted by the browser and not actually
0N/Asent to the FTP server. To address this problem, the so called "Squid
0N/A%2f hack" was implemented in the Apache FTP proxy; it is is a solution
0N/Aprepending /%2f to the path of your request, you can make such a proxy
0N/Achange the FTP starting directory to / (instead of the home
0N/A<
p><
strong>Example:</
strong> To retrieve the file
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>ftp://<
em>user@host</
em>/%
2f/
etc/
motd</
code></
td></
tr></
table></
blockquote>
0N/A<
h3><
a name="ftppass">How can I hide the FTP cleartext password
0N/Ain my browser's URL line?</
a></
h3>
0N/ATo log in to an FTP server by username and password, Apache
0N/Auses different strategies.
0N/AIn absense of a user name and password in the URL altogether,
0N/AApache sends an anomymous login to the FTP server,
i.e.,</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/Apassword: apache_proxy@
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>This works for all popular FTP servers which are configured for
0N/Aanonymous access.</
p>
0N/A<
p>For a personal login with a specific username, you can embed
0N/Athe user name into the URL, like in:
0N/A<
code>ftp://<
em>username@host</
em>/myfile</
code>. If the FTP server
0N/Aasks for a password when given this username (which it should),
0N/Athen Apache will reply with a [401 Authorization required] response,
0N/AUpon entering the password, the connection attempt is retried,
0N/Aand if successful, the requested resource is presented.
0N/AThe advantage of this procedure is that your browser does not
0N/Adisplay the password in cleartext (which it would if you had used
0N/A<
code>ftp://<
em>username:password@host</
em>/myfile</
code> in
0N/Athe first place).</
p>
0N/A<
blockquote><
table><
tr><
td bgcolor="#e0e5f5"><
p align="center"><
strong>Note</
strong></
p>
0N/AThe password which is transmitted in such a way
0N/Ais not encrypted on its way. It travels between your browser and
0N/Athe Apache proxy server in a base64-encoded cleartext string, and
0N/Abetween the Apache proxy and the FTP server as plaintext. You should
0N/Atherefore think twice before accessing your FTP server via HTTP
0N/A(or before accessing your personal files via FTP at all!) When
0N/Ausing unsecure channels, an eavesdropper might intercept your
0N/A</
td></
tr></
table></
blockquote>
0N/A<
h3><
a name="startup">Why does Apache start more slowly when
0N/Ausing the proxy module?</
a></
h3>
0N/A<
p>If you're using the <
a href="#proxyblock" class="directive"><
code class="directive">ProxyBlock</
code></
a>
0N/Adirective, hostnames' IP addresses are looked up and cached during
0N/Astartup for later match test. This may take a few seconds (or more)
0N/Adepending on the speed with which the hostname lookups occur.</
p>
0N/A<
h3><
a name="intranet">What other functions are useful for an
0N/Aintranet proxy server?</
a></
h3>
0N/A<
p>An Apache proxy server situated in an intranet needs to forward
0N/Aexternal requests through the company's firewall. However, when it has
0N/Ato access resources within the intranet, it can bypass the firewall
0N/Awhen accessing hosts. The <
a href="#noproxy" class="directive"><
code class="directive">NoProxy</
code></
a> directive is useful for
0N/Aspecifying which hosts belong to the intranet and should be accessed
0N/A<
p>Users within an intranet tend to omit the local domain name from their
0N/Aaway with this and simply serve the request, implying a configured
0N/Alocal domain. When the <
a href="#proxydomain" class="directive"><
code class="directive">ProxyDomain</
code></
a> directive
0N/Ais used and the server is <
a href="#proxyrequests">configured for
0N/Aproxy service</
a>, Apache can return a redirect response and send the client
0N/Ato the correct, fully qualified, server address. This is the preferred method
0N/Asince the user's bookmark files will then contain fully qualified hosts.</
p>
0N/A<
hr/><
h2><
a name="AllowCONNECT">AllowCONNECT</
a> <
a name="allowconnect">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>AllowCONNECT <
em>port</
em> [<
em>port</
em>] ...</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>AllowCONNECT 443 563</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>The <
code class="directive">AllowCONNECT</
code> directive specifies a list
0N/Aof port numbers to which the proxy <
code>CONNECT</
code> method may
0N/Aconnect. Today's browsers use this method when a <
em>https</
em>
0N/Aconnection is requested and proxy tunneling over <
em>http</
em> is in
0N/Aeffect.<
br> By default, only the default https port (443) and the
0N/Adefault snews port (563) are enabled. Use the
0N/A<
code class="directive">AllowCONNECT</
code> directive to overrride this default and
0N/Aallow connections to the listed ports only.</
p>
0N/A</
usage><
hr/><
h2><
a name="NoProxy">NoProxy</
a> <
a name="noproxy">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>NoProxy
0N/A <
em>Hostname</
em>] ...</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive is only useful for Apache proxy servers within
0N/Aintranets. The <
code class="directive">NoProxy</
code> directive specifies a
0N/Alist of subnets, IP addresses, hosts
and/
or domains, separated by
0N/Aspaces. A request to a host which matches one or more of these is
0N/Aalways served directly, without forwarding to the configured
0N/A<
a href="#proxyremote" class="directive"><
code class="directive">ProxyRemote</
code></
a> proxy server(s).</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
p align="center"><
strong>Example</
strong></
p><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>The arguments to the NoProxy directive are one of the following type list:</
p>
0N/A <
dt><
a name="domain">
0N/A <
em>Domain</
em></
a></
dt>
0N/A <
dd>A <
em>Domain</
em> is a partially qualified DNS domain name, preceded
0N/A It represents a list of hosts which logically belong to the same DNS
0N/A domain or zone (<
em>
i.e.</
em>, the suffixes of the hostnames are all ending in
0N/A <
em>Domain</
em>).<
br>
0N/A To distinguish <
em>Domain</
em>s from <
a href="#hostname"><
em>Hostname</
em></
a>s (both
0N/A syntactically and semantically; a DNS domain can have a DNS A record,
0N/A too!), <
em>Domain</
em>s are always written
0N/A with a leading period.<
br>
0N/A Note: Domain name comparisons are done without regard to the case,
0N/A and <
em>Domain</
em>s are always assumed to be anchored in the root
0N/A considered equal. Since a domain comparison does not involve a DNS
0N/A lookup, it is much more efficient than subnet comparison.</
dd>
0N/A <
dt><
a name="subnet">
0N/A <
em>SubNet</
em></
a></
dt>
0N/A <
dd>A <
em>SubNet</
em> is a partially qualified internet address in
0N/A numeric (dotted quad) form, optionally followed by a slash and the
0N/A netmask, specified as the number of significant bits in the
0N/A <
em>SubNet</
em>. It is used to represent a subnet of hosts which can
0N/A be reached over a common network interface. In the absence of the
0N/A explicit net mask it is assumed that omitted (or zero valued)
0N/A trailing digits specify the mask. (In this case, the netmask can
0N/A only be multiples of 8 bits wide.)<
br>
0N/A <
dt><
code>192.168</
code> or <
code>192.168.0.0</
code></
dt>
0N/A <
dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
0N/A (sometimes used in the netmask form <
code>255.255.0.0</
code>)</
dd>
0N/A valid bits (also used in the form 255.255.248.0)</
dd>
0N/A As a degenerate case, a <
em>SubNet</
em> with 32 valid bits is the
0N/A equivalent to an <
em>IPAddr</
em>, while a <
em>SubNet</
em> with zero
0N/A valid bits (<
em>
e.g.</
em>, 0.0.0.0/0) is the same as the constant
0N/A <
em>_Default_</
em>, matching any IP address. </
dd>
0N/A <
dt><
a name="ipaddr">
0N/A <
em>IPAddr</
em></
a></
dt>
0N/A <
dd>A <
em>IPAddr</
em> represents a fully qualified internet address in
0N/A numeric (dotted quad) form. Usually, this address represents a
0N/A host, but there need not necessarily be a DNS domain name
0N/A connected with the address.<
br>
0N/A Example: 192.168.123.7<
br>
0N/A Note: An <
em>IPAddr</
em> does not need to be resolved by the DNS
0N/A system, so it can result in more effective apache performance.</
dd>
0N/A <
dt><
a name="hostname">
0N/A <
em>Hostname</
em></
a></
dt>
0N/A <
dd>A <
em>Hostname</
em> is a fully qualified DNS domain name which can
0N/A be resolved to one or more <
a href="#ipaddr"><
em>IPAddrs</
em></
a> via the DNS domain name service.
0N/A It represents a logical host (in contrast to
0N/A <
a href="#domain"><
em>Domain</
em></
a>s, see
0N/A above) and must be resolvable to at least one <
a href="#ipaddr"><
em>IPAddr</
em></
a> (or often to a list of hosts
0N/A with different <
a href="#ipaddr"><
em>IPAddr</
em></
a>'s).<
br>
0N/A Note: In many situations, it is more effective to specify an
0N/A <
a href="#ipaddr"><
em>IPAddr</
em></
a> in place of a
0N/A <
em>Hostname</
em> since a DNS lookup
0N/A can be avoided. Name resolution in Apache can take a remarkable deal
0N/A of time when the connection to the name server uses a slow PPP
0N/A Note: <
em>Hostname</
em> comparisons are done without regard to the case,
0N/A and <
em>Hostname</
em>s are always assumed to be anchored in the root
0N/A considered equal.</
dd>
0N/A</
usage><
p><
strong>See also </
strong></
p><
ul><
li><
a href="/dns-caveats.html">DNS Issues</
a></
li></
ul><
hr/><
h2><
a name="ProxyBlock">ProxyBlock</
a> <
a name="proxyblock">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyBlock *|<
em>word|host|domain</
em>
0N/A[<
em>word|host|domain</
em>] ...</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>The <
code class="directive">ProxyBlock</
code> directive specifies a list of
0N/Awords, hosts
and/
or domains, separated by spaces. HTTP, HTTPS, and
0N/AFTP document requests to sites whose names contain matched words,
0N/Ahosts or domains are <
em>blocked</
em> by the proxy server. The proxy
0N/Amodule will also attempt to determine IP addresses of list items which
0N/Amay be hostnames during startup, and cache them for match test as
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>Note that 'wotsamattau' would also be sufficient to match
0N/A<
p>Note also that</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>blocks connections to all sites.</
p>
0N/A</
usage><
hr/><
h2><
a name="ProxyDomain">ProxyDomain</
a> <
a name="proxydomain">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyDomain <
em>Domain</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive is only useful for Apache proxy servers within
0N/Aintranets. The <
code class="directive">ProxyDomain</
code> directive specifies
0N/Athe default domain which the apache proxy server will belong to. If a
0N/Arequest to a host without a domain name is encountered, a redirection
0N/Aresponse to the same host with the configured <
em>Domain</
em> appended
0N/Awill be generated.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
p align="center"><
strong>Example</
strong></
p><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A</
usage><
hr/><
h2><
a name="ProxyErrorOverride">ProxyErrorOverride</
a> <
a name="proxyerroroverride">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyErrorOverride On|Off</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyErrorOverride Off</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr><
tr><
td align="left" valign="top"><
a href="directive-dict.html#Compatibility" class="help">Compatibility:</
a></
td><
td>Available in version 2.0 and later</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive is useful for reverse-proxy setups, where you want to
0N/Ahave a common look and feel on the error pages seen by the end user.
0N/AThis also allows for included files (via mod_include's SSI) to get
0N/Athe error code and act accordingly (default behavior would display
0N/Athe error page of the proxied server, turning this on shows the SSI
0N/A</
usage><
hr/><
h2><
a name="ProxyMaxForwards">ProxyMaxForwards</
a> <
a name="proxymaxforwards">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyMaxForwards <
em>number</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyMaxForwards 10</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr><
tr><
td align="left" valign="top"><
a href="directive-dict.html#Compatibility" class="help">Compatibility:</
a></
td><
td>Available in Apache 2.0 and later</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>The <
code class="directive">ProxyMaxForwards</
code> directive specifies the
0N/Amaximum number of proxies through which a request may pass. This is
0N/Aset to prevent infinite proxy loops, or a DoS attack.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
p align="center"><
strong>Example</
strong></
p><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A</
usage><
hr/><
h2><
a name="ProxyPass">ProxyPass</
a> <
a name="proxypass">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyPass [<
em>path</
em>] !|<
em>url</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive allows remote servers to be mapped into the space of
0N/Athe local server; the local server does not act as a proxy in the
0N/Aconventional sense, but appears to be a mirror of the remote
0N/Aserver. <
em>path</
em> is the name of a local virtual path;
0N/A<
em>url</
em> is a partial URL for the remote server.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>will cause a local request for the
0N/Ainternally converted into a proxy request to
0N/AThe ! directive is useful in situations where you don't want to reverse-proxy
0N/Aa subdirectory. eg.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
blockquote><
table><
tr><
td bgcolor="#e0e5f5">NB: order is important. you need to put the exclusions BEFORE the general proxypass directive</
td></
tr></
table></
blockquote>
0N/A</
usage><
hr/><
h2><
a name="ProxyPassReverse">ProxyPassReverse</
a> <
a name="proxypassreverse">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyPassReverse [<
em>path</
em>] <
em>url</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive lets Apache adjust the URL in the <
code>Location</
code>,
0N/A<
code>Content-Location</
code> and <
code>URI</
code> headers on
0N/AHTTP redirect responses. This is essential when Apache is used as
0N/Aa reverse proxy to avoid by-passing the reverse proxy because of HTTP
0N/Aredirects on the backend servers which stay behind the reverse proxy.</
p>
0N/A<
p><
em>path</
em> is the name of a local virtual path.<
br>
0N/A<
em>url</
em> is a partial URL for the remote server - the same way they are
0N/Aused for the <
a href="#proxypass" class="directive"><
code class="directive">ProxyPass</
code></
a> directive.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>will not only cause a local request for the
0N/Afunctionality <
code>ProxyPass</
code> provides here). It also takes care of
0N/Aredirect response to the client. </
p>
0N/ANote that this <
code class="directive">ProxyPassReverse</
code> directive can
0N/Aalso be used in conjunction with the proxy pass-through feature
0N/A("<
code>RewriteRule ... [P]</
code>") from
0N/Acorresponding <
a href="#proxypass" class="directive"><
code class="directive">ProxyPass</
code></
a>
0N/A</
usage><
hr/><
h2><
a name="ProxyPreserveHost">ProxyPreserveHost</
a> <
a name="proxypreservehost">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyPreserveHost on|off</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyPreserveHost Off</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr><
tr><
td align="left" valign="top"><
a href="directive-dict.html#Compatibility" class="help">Compatibility:</
a></
td><
td>Available in
0N/AApache 2.0.31 and later.</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>When enabled, this option will pass the Host: line from the
0N/Aincoming request to the proxied host, instead of the hostname
0N/Aspecified in the proxypass line.
0N/A<
p>This option should normally be turned 'off'.</
p>
0N/A</
usage><
hr/><
h2><
a name="ProxyReceiveBufferSize">ProxyReceiveBufferSize</
a> <
a name="proxyreceivebuffersize">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyReceiveBufferSize <
em>bytes</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>The <
code class="directive">ProxyReceiveBufferSize</
code> directive
0N/Aspecifies an explicit network buffer size for outgoing HTTP and FTP
0N/Aconnections, for increased throughput. It has to be greater than 512
0N/Aor set to 0 to indicate that the system's default buffer size should
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
p align="center"><
strong>Example</
strong></
p><
code>
0N/A ProxyReceiveBufferSize 2048
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A</
usage><
hr/><
h2><
a name="ProxyRemote">ProxyRemote</
a> <
a name="proxyremote">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyRemote <
em>match remote-server</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This defines remote proxies to this proxy. <
em>match</
em> is either the
0N/Aname of a URL-scheme that the remote server supports, or a partial URL
0N/Afor which the remote server should be used, or '*' to indicate the
0N/Aserver should be contacted for all requests. <
em>remote-server</
em> is a
0N/Apartial URL for the remote server. Syntax:</
p>
0N/A remote-server = protocol://hostname[:port]
0N/A<
p><
em>protocol</
em> is the protocol that should be used to communicate
0N/Awith the remote server; only "http" is supported by this module.</
p>
0N/A<
blockquote><
table cellpadding="10"><
tr><
td bgcolor="#eeeeee"><
code>
0N/A</
code></
td></
tr></
table></
blockquote>
0N/A<
p>In the last example, the proxy will forward FTP requests, encapsulated
0N/Aas yet another HTTP proxy request, to another proxy which can handle
0N/A<
p>This option also supports reverse proxy configuration - a backend
0N/Awebserver can be embedded within a virtualhost URL space even if that
0N/Aserver is hidden by another forward proxy.</
p>
0N/A</
usage><
hr/><
h2><
a name="ProxyRequests">ProxyRequests</
a> <
a name="proxyrequests">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyRequests on|off</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyRequests Off</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This allows or prevents Apache from functioning as a forward proxy
0N/Aserver. (Setting ProxyRequests to 'off' does not disable use of the
0N/A<
a href="#proxypass" class="directive"><
code class="directive">ProxyPass</
code></
a> directive.)</
p>
0N/A<
p>In a typical reverse proxy configuration, this option should be set to
0N/A</
usage><
hr/><
h2><
a name="ProxyTimeout">ProxyTimeout</
a> <
a name="proxytimeout">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyTimeout <
em>seconds</
em></
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyTimeout 300</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr><
tr><
td align="left" valign="top"><
a href="directive-dict.html#Compatibility" class="help">Compatibility:</
a></
td><
td>Available in
0N/AApache 2.0.31 and later</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive allows a user to specifiy a timeout on proxy requests.
0N/AThis is usefull when you have a
slow/
buggy appserver which hangs,
0N/Aand you would rather just return a timeout and fail gracefully instead
0N/Aof waiting however long it takes the server to return
0N/A</
usage><
hr/><
h2><
a name="ProxyVia">ProxyVia</
a> <
a name="proxyvia">Directive</
a></
h2><
table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><
tr><
td><
table bgcolor="#ffffff"><
tr><
td><
strong>Description: </
strong></
td><
td/></
tr><
tr><
td><
a href="directive-dict.html#Syntax" class="help">Syntax:</
a></
td><
td><
syntax>ProxyVia on|off|full|block</
syntax></
td></
tr><
tr><
td><
a href="directive-dict.html#Default" class="help">Default:</
a></
td><
td><
code>ProxyVia off</
code></
td></
tr><
tr><
td><
a href="directive-dict.html#Context" class="help">Context:</
a></
td><
td>server config, virtual host</
td></
tr><
tr><
td><
a href="directive-dict.html#Status" class="help">Status:</
a></
td><
td>Extension</
td></
tr><
tr><
td><
a href="directive-dict.html#Module" class="help">Module:</
a></
td><
td>mod_proxy</
td></
tr></
table></
td></
tr></
table><
usage>
0N/A<
p>This directive controls the use of the <
code>Via:</
code> HTTP
0N/Aheader by the proxy. Its intended use is to control the flow of of
0N/Aproxy requests along a chain of proxy servers. See RFC2068 (
HTTP/
1.1)
0N/Afor an explanation of <
code>Via:</
code> header lines.</
p>
0N/Ato <
em>off</
em>, which is the default, no special processing is
0N/Aperformed. If a request or reply contains a <
code>Via:</
code> header,
0N/Ait is passed through unchanged.</
li>
0N/A<
li>If set to <
em>on</
em>, each
0N/Arequest and reply will get a <
code>Via:</
code> header line added for
0N/Athe current host.</
li>
0N/A<
li>If set to <
em>full</
em>, each generated <
code>Via:</
code> header
0N/Aline will additionally have the Apache server version shown as a
0N/A<
code>Via:</
code> comment field.</
li>
0N/A<
li>If set to <
em>block</
em>, every
0N/Aproxy request will have all its <
code>Via:</
code> header lines
0N/Aremoved. No new <
code>Via:</
code> header will be generated.</
li>
0N/A</
usage><
hr/><
h3 align="center">Apache HTTP Server Version 2.0</
h3><
a href="./"><
img alt="Index" src="/images/index.gif"/></
a><
a href="../"><
img alt="Home" src="/images/home.gif"/></
a></
blockquote></
body></
html>
