mod_proxy.xml revision fb5e4869b57545ff534add0a4b0ded84cc68212b
842ae4bd224140319ae7feec1872b93dfd491143fielding<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
842ae4bd224140319ae7feec1872b93dfd491143fielding<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
842ae4bd224140319ae7feec1872b93dfd491143fielding<!-- $LastChangedRevision$ -->
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Licensed to the Apache Software Foundation (ASF) under one or more
04891cf70e0bfc38bfb027541dc821f04c754ff7nd contributor license agreements. See the NOTICE file distributed with
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding this work for additional information regarding copyright ownership.
04891cf70e0bfc38bfb027541dc821f04c754ff7nd The ASF licenses this file to You under the Apache License, Version 2.0
04891cf70e0bfc38bfb027541dc821f04c754ff7nd (the "License"); you may not use this file except in compliance with
04891cf70e0bfc38bfb027541dc821f04c754ff7nd the License. You may obtain a copy of the License at
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Unless required by applicable law or agreed to in writing, software
3568de757bac0b47256647504c186d17ca272f85rbb distributed under the License is distributed on an "AS IS" BASIS,
3568de757bac0b47256647504c186d17ca272f85rbb WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3568de757bac0b47256647504c186d17ca272f85rbb See the License for the specific language governing permissions and
3568de757bac0b47256647504c186d17ca272f85rbb limitations under the License.
3568de757bac0b47256647504c186d17ca272f85rbb<description>Multi-protocol proxy/gateway server</description>
3568de757bac0b47256647504c186d17ca272f85rbb <p>Do not enable proxying with <directive module="mod_proxy"
3568de757bac0b47256647504c186d17ca272f85rbb >ProxyRequests</directive> until you have <a href="#access"
3568de757bac0b47256647504c186d17ca272f85rbb >secured your server</a>. Open proxy servers are dangerous both to your
3568de757bac0b47256647504c186d17ca272f85rbb network and to the Internet at large.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p><module>mod_proxy</module> and related modules implement a
3568de757bac0b47256647504c186d17ca272f85rbb proxy/gateway for Apache HTTP Server, supporting a number of popular
3568de757bac0b47256647504c186d17ca272f85rbb protocols as well as several different load balancing algorithms.
3568de757bac0b47256647504c186d17ca272f85rbb Third-party modules can add support for additional protocols and
3568de757bac0b47256647504c186d17ca272f85rbb load balancing algorithms.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>A set of modules must be loaded into the server to provide the
3568de757bac0b47256647504c186d17ca272f85rbb necessary features. These modules can be included statically at
3568de757bac0b47256647504c186d17ca272f85rbb build time or dynamically via the
3568de757bac0b47256647504c186d17ca272f85rbb <directive module="mod_so">LoadModule</directive> directive).
3568de757bac0b47256647504c186d17ca272f85rbb The set must include:</p>
3568de757bac0b47256647504c186d17ca272f85rbb <li><module>mod_proxy</module>, which provides basic proxy
3568de757bac0b47256647504c186d17ca272f85rbb capabilities</li>
3568de757bac0b47256647504c186d17ca272f85rbb balancer modules, if load balancing is required. (See
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <module>mod_proxy_balancer</module> for more information.)</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>one or more proxy scheme, or protocol, modules:
3568de757bac0b47256647504c186d17ca272f85rbb SSL)</td><td><module>mod_proxy_connect</module></td></tr>
98fb535f829e2a95aabd82420931f476661fa8e3jorton <tr><td>FastCGI</td><td><module>mod_proxy_fcgi</module></td></tr>
db12cd62083041bf90945eeb90cc40fbd2340797trawick <tr><td>ftp</td><td><module>mod_proxy_ftp</module></td></tr>
db12cd62083041bf90945eeb90cc40fbd2340797trawick HTTP/1.1</td><td><module>mod_proxy_http</module></td></tr>
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick <tr><td>SCGI</td><td><module>mod_proxy_scgi</module></td></tr>
3568de757bac0b47256647504c186d17ca272f85rbb <p>In addition, extended features are provided by other modules.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz Caching is provided by <module>mod_cache</module> and related
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz modules. The ability to contact remote servers using the SSL/TLS
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz protocol is provided by the <code>SSLProxy*</code> directives of
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <module>mod_ssl</module>. These additional modules will need
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz to be loaded and configured to take advantage of these features.</p>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick<seealso><module>mod_proxy_balancer</module></seealso>
f0e395a55abfcad3d2bd7c63470003b08a93d567nd <section id="forwardreverse"><title>Forward Proxies and Reverse
f0e395a55abfcad3d2bd7c63470003b08a93d567nd <p>Apache HTTP Server can be configured in both a <dfn>forward</dfn> and
98fb535f829e2a95aabd82420931f476661fa8e3jorton <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
7cd5419264796cfeaf8215383cf0f89130a81fectrawick server that sits between the client and the <em>origin
7cd5419264796cfeaf8215383cf0f89130a81fectrawick server</em>. In order to get content from the origin server,
7cd5419264796cfeaf8215383cf0f89130a81fectrawick the client sends a request to the proxy naming the origin server
7cd5419264796cfeaf8215383cf0f89130a81fectrawick as the target and the proxy then requests the content from the
7cd5419264796cfeaf8215383cf0f89130a81fectrawick origin server and returns it to the client. The client must be
7cd5419264796cfeaf8215383cf0f89130a81fectrawick specially configured to use the forward proxy to access other
3568de757bac0b47256647504c186d17ca272f85rbb sites.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>A typical usage of a forward proxy is to provide Internet
3568de757bac0b47256647504c186d17ca272f85rbb access to internal clients that are otherwise restricted by a
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz firewall. The forward proxy can also use caching (as provided
3568de757bac0b47256647504c186d17ca272f85rbb by <module>mod_cache</module>) to reduce network usage.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz module="mod_proxy">ProxyRequests</directive> directive. Because
3568de757bac0b47256647504c186d17ca272f85rbb forward proxies allow clients to access arbitrary sites through
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz your server and to hide their true origin, it is essential that
3568de757bac0b47256647504c186d17ca272f85rbb you <a href="#access">secure your server</a> so that only
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding authorized clients can access the proxy before activating a
41634f717c623556a16b27b25d7d909a66fe20f8wrowe forward proxy.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz contrast, appears to the client just like an ordinary web
3568de757bac0b47256647504c186d17ca272f85rbb server. No special configuration on the client is necessary.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz The client makes ordinary requests for content in the name-space
3568de757bac0b47256647504c186d17ca272f85rbb of the reverse proxy. The reverse proxy then decides where to
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz send those requests, and returns the content as if it was itself
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding the origin.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>A typical usage of a reverse proxy is to provide Internet
3568de757bac0b47256647504c186d17ca272f85rbb users access to a server that is behind a firewall. Reverse
fc1efab92032301e317f07e1b3a00082d9d71f3frbb proxies can also be used to balance load among several back-end
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz servers, or to provide caching for a slower back-end server.
24b534291150023e6b68eca89ddd33e475ccddc0wrowe In addition, reverse proxies can be used simply to bring
3568de757bac0b47256647504c186d17ca272f85rbb several servers into the same URL space.</p>
24b534291150023e6b68eca89ddd33e475ccddc0wrowe module="mod_proxy">ProxyPass</directive> directive or the
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz module="mod_rewrite">RewriteRule</directive> directive. It is
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz module="mod_proxy">ProxyRequests</directive> on in order to
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz configure a reverse proxy.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <section id="examples"><title>Basic Examples</title>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>The examples below are only a very basic idea to help you
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz get started. Please read the documentation on the individual
3568de757bac0b47256647504c186d17ca272f85rbb directives.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>In addition, if you wish to have caching enabled, consult
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzProxyPassReverse /foo http://foo.example.com/bar
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz </highlight>
3568de757bac0b47256647504c186d17ca272f85rbbProxyRequests On
3568de757bac0b47256647504c186d17ca272f85rbbProxyVia On
3568de757bac0b47256647504c186d17ca272f85rbb<Proxy *>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz</Proxy>
3568de757bac0b47256647504c186d17ca272f85rbb </highlight>
3568de757bac0b47256647504c186d17ca272f85rbb </example>
3568de757bac0b47256647504c186d17ca272f85rbb <p>The proxy manages the configuration of origin servers and their
397df70abe0bdd78a84fb6c38c02641bcfeadceasf communication parameters in objects called <dfn>workers</dfn>.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf There are two built-in workers, the default forward proxy worker and the
397df70abe0bdd78a84fb6c38c02641bcfeadceasf default reverse proxy worker. Additional workers can be configured
397df70abe0bdd78a84fb6c38c02641bcfeadceasf explicitly.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>The two default workers have a fixed configuration
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding and will be used if no other worker matches the request.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding They do not use HTTP Keep-Alive or connection pooling.
3568de757bac0b47256647504c186d17ca272f85rbb The TCP connections to the origin server will instead be
239f998fbee5ac5b114b965bb76e217cce0003edstoddard opened and closed for each request.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>Explicitly configured workers are identified by their URL.
6653a33e820463abd4f81915b7a1eba0f602e200brianp They are usually created and configured using
6653a33e820463abd4f81915b7a1eba0f602e200brianp <directive module="mod_proxy">ProxyPass</directive> or
6653a33e820463abd4f81915b7a1eba0f602e200brianp <directive module="mod_proxy">ProxyPassMatch</directive> when used
41634f717c623556a16b27b25d7d909a66fe20f8wrowe for a reverse proxy:</p>
3568de757bac0b47256647504c186d17ca272f85rbb ProxyPass /example http://backend.example.com connectiontimeout=5 timeout=30
6653a33e820463abd4f81915b7a1eba0f602e200brianp </highlight>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>This will create a worker associated with the origin server URL
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <code>http://backend.example.com</code> and using the given timeout
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick values. When used in a forward proxy, workers are usually defined
36c8049de63c446926139936c3d195330a0539cetrawick via the <directive module="mod_proxy">ProxySet</directive> directive:</p>
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin ProxySet http://backend.example.com connectiontimeout=5 timeout=30
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin </highlight>
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin <p>or alternatively using <directive module="mod_proxy">Proxy</directive>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding and <directive module="mod_proxy">ProxySet</directive>:</p>
ca53a74f4012a45cbad48e940eddf27d866981f9dougm ProxySet connectiontimeout=5 timeout=30
ca53a74f4012a45cbad48e940eddf27d866981f9dougm</Proxy>
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin </highlight>
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin <p>Using explicitly configured workers in the forward mode is
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin not very common, because forward proxies usually communicate with many
dd028aa8111afb6534fece555e8c2d408894671etrawick different origin servers. Creating explicit workers for some of the
dd028aa8111afb6534fece555e8c2d408894671etrawick origin servers can still be useful, if they are used very often.
6653a33e820463abd4f81915b7a1eba0f602e200brianp Explicitly configured workers have no concept of forward or reverse
6653a33e820463abd4f81915b7a1eba0f602e200brianp proxying by themselves. They encapsulate a common concept of
6653a33e820463abd4f81915b7a1eba0f602e200brianp communication with origin servers. A worker created by
6653a33e820463abd4f81915b7a1eba0f602e200brianp <directive module="mod_proxy">ProxyPass</directive> for use in a
6653a33e820463abd4f81915b7a1eba0f602e200brianp reverse proxy will be also used for forward proxy requests whenever
6653a33e820463abd4f81915b7a1eba0f602e200brianp the URL to the origin server matches the worker URL and vice versa.</p>
6653a33e820463abd4f81915b7a1eba0f602e200brianp <p>The URL identifying a direct worker is the URL of its
6653a33e820463abd4f81915b7a1eba0f602e200brianp origin server including any path components given:</p>
6653a33e820463abd4f81915b7a1eba0f602e200brianpProxyPass /examples http://backend.example.com/examples
6653a33e820463abd4f81915b7a1eba0f602e200brianp </highlight>
6653a33e820463abd4f81915b7a1eba0f602e200brianp <p>This example defines two different workers, each using a separate
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick connection pool and configuration.</p>
239f998fbee5ac5b114b965bb76e217cce0003edstoddard <p>Worker sharing happens if the worker URLs overlap, which occurs when
3568de757bac0b47256647504c186d17ca272f85rbb the URL of some worker is a leading substring of the URL of another
3568de757bac0b47256647504c186d17ca272f85rbb worker defined later in the configuration file. In the following example</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardProxyPass /apps http://backend.example.com/ timeout=60
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardProxyPass /examples http://backend.example.com/examples timeout=10
3568de757bac0b47256647504c186d17ca272f85rbb </highlight>
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb <p>the second worker isn't actually created. Instead the first
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding worker is used. The benefit is, that there is only one connection pool,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard so connections are more often reused. Note that all configuration attributes
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding given explicitly for the later worker will be ignored. This will be logged
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton as a warning. In the above example the resulting timeout value
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding for the URL <code>/examples</code> will be <code>60</code> instead
3568de757bac0b47256647504c186d17ca272f85rbb <p>If you want to avoid worker sharing, sort your worker definitions
3568de757bac0b47256647504c186d17ca272f85rbb by URL length, starting with the longest worker URLs. If you want to maximize
3568de757bac0b47256647504c186d17ca272f85rbb worker sharing use the reverse sort order. See also the related warning about
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ordering <directive module="mod_proxy">ProxyPass</directive> directives.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <p>Explicitly configured workers come in two flavors:
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem <dfn>direct workers</dfn> and <dfn>(load) balancer workers</dfn>.
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem They support many important configuration attributes which are
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem described below in the <directive module="mod_proxy">ProxyPass</directive>
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem directive. The same attributes can also be set using
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem <directive module="mod_proxy">ProxySet</directive>.</p>
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem <p>The set of options available for a direct worker
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem depends on the protocol, which is specified in the origin server URL.
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem Available protocols include <code>ajp</code>, <code>fcgi</code>,
83a5021aef5ebb67395b93f75df4fd0f0b4fc8c8fuankg <code>ftp</code>, <code>http</code> and <code>scgi</code>.</p>
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem <p>Balancer workers are virtual workers that use direct workers known
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard as their members to actually handle the requests. Each balancer can
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard have multiple members. When it handles a request, it chooses a member
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard based on the configured load balancing algorithm.</p>
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton <p>A balancer worker is created if its worker URL uses
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard The balancer URL uniquely identifies the balancer worker.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard Members are added to a balancer using
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <directive module="mod_proxy">BalancerMember</directive>.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <section id="access"><title>Controlling access to your proxy</title>
3568de757bac0b47256647504c186d17ca272f85rbb <p>You can control who can access your proxy via the <directive
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick module="mod_proxy" type="section">Proxy</directive> control block as in
7cd5419264796cfeaf8215383cf0f89130a81fectrawick the following example:</p>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick<Proxy *>
e8f95a682820a599fe41b22977010636be5c2717jim Require ip 192.168.0
98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick</Proxy>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick </highlight>
3568de757bac0b47256647504c186d17ca272f85rbb <p>For more information on access control directives, see
397df70abe0bdd78a84fb6c38c02641bcfeadceasf <p>Strictly limiting access is essential if you are using a
397df70abe0bdd78a84fb6c38c02641bcfeadceasf forward proxy (using the <directive
397df70abe0bdd78a84fb6c38c02641bcfeadceasf Otherwise, your server can be used by any client to access
397df70abe0bdd78a84fb6c38c02641bcfeadceasf arbitrary hosts while hiding his or her true identity. This is
397df70abe0bdd78a84fb6c38c02641bcfeadceasf dangerous both for your network and for the Internet at large.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz When using a reverse proxy (using the <directive
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm module="mod_proxy">ProxyPass</directive> directive with
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <code>ProxyRequests Off</code>), access control is less
3cbd177a6c885562f9ad0cf11695f044489c881dgregames critical because clients can only contact the hosts that you
dd028aa8111afb6534fece555e8c2d408894671etrawick have specifically configured.</p>
3cbd177a6c885562f9ad0cf11695f044489c881dgregames <p><strong>See Also</strong> the <a href="mod_proxy_http.html#env"
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <section id="startup"><title>Slow Startup</title>
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames <p>If you're using the <directive module="mod_proxy"
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames >ProxyBlock</directive> directive, hostnames' IP addresses are looked up
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames and cached during startup for later match test. This may take a few
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard seconds (or more) depending on the speed with which the hostname lookups
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <section id="intranet"><title>Intranet Proxy</title>
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard <p>An Apache httpd proxy server situated in an intranet needs to forward
7cd5419264796cfeaf8215383cf0f89130a81fectrawick external requests through the company's firewall (for this, configure
7cd5419264796cfeaf8215383cf0f89130a81fectrawick the <directive module="mod_proxy">ProxyRemote</directive> directive
7cd5419264796cfeaf8215383cf0f89130a81fectrawick to forward the respective <var>scheme</var> to the firewall proxy).
7cd5419264796cfeaf8215383cf0f89130a81fectrawick However, when it has to
7cd5419264796cfeaf8215383cf0f89130a81fectrawick access resources within the intranet, it can bypass the firewall when
7cd5419264796cfeaf8215383cf0f89130a81fectrawick accessing hosts. The <directive module="mod_proxy">NoProxy</directive>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick directive is useful for specifying which hosts belong to the intranet and
7cd5419264796cfeaf8215383cf0f89130a81fectrawick should be accessed directly.</p>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick <p>Users within an intranet tend to omit the local domain name from their
7cd5419264796cfeaf8215383cf0f89130a81fectrawick WWW requests, thus requesting "http://somehost/" instead of
7cd5419264796cfeaf8215383cf0f89130a81fectrawick <code>http://somehost.example.com/</code>. Some commercial proxy servers
7cd5419264796cfeaf8215383cf0f89130a81fectrawick let them get away with this and simply serve the request, implying a
7cd5419264796cfeaf8215383cf0f89130a81fectrawick configured local domain. When the <directive module="mod_proxy"
7cd5419264796cfeaf8215383cf0f89130a81fectrawick >ProxyDomain</directive> directive is used and the server is <a
7cd5419264796cfeaf8215383cf0f89130a81fectrawick href="#proxyrequests">configured for proxy service</a>, Apache httpd can return
7cd5419264796cfeaf8215383cf0f89130a81fectrawick a redirect response and send the client to the correct, fully qualified,
7cd5419264796cfeaf8215383cf0f89130a81fectrawick server address. This is the preferred method since the user's bookmark
7cd5419264796cfeaf8215383cf0f89130a81fectrawick files will then contain fully qualified hosts.</p>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick <section id="envsettings"><title>Protocol Adjustments</title>
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard <p>For circumstances where <module>mod_proxy</module> is sending
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz requests to an origin server that doesn't properly implement
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard href="/env.html">environment variables</a> that can force the
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz request to use HTTP/1.0 with no keepalive. These are set via the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <directive module="mod_env">SetEnv</directive> directive.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <p>These are the <code>force-proxy-request-1.0</code> and
3568de757bac0b47256647504c186d17ca272f85rbb<Location /buggyappserver/>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick SetEnv force-proxy-request-1.0 1
7cd5419264796cfeaf8215383cf0f89130a81fectrawick SetEnv proxy-nokeepalive 1
7cd5419264796cfeaf8215383cf0f89130a81fectrawick</Location>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick </highlight>
3568de757bac0b47256647504c186d17ca272f85rbb <section id="request-bodies"><title>Request Bodies</title>
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp <p>Some request methods such as POST include a request body.
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp The HTTP protocol requires that requests which include a body
3568de757bac0b47256647504c186d17ca272f85rbb either use chunked transfer encoding or send a
3568de757bac0b47256647504c186d17ca272f85rbb <code>Content-Length</code> request header. When passing these
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard requests on to the origin server, <module>mod_proxy_http</module>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard will always attempt to send the <code>Content-Length</code>. But
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if the body is large and the original request used chunked
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard encoding, then chunked encoding may also be used in the upstream
b5ffe4f30780fb159db08bd9f628980d2a092711sf request. You can control this selection using <a
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <code>proxy-sendcl</code> ensures maximum compatibility with
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick upstream servers by always sending the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <code>proxy-sendchunked</code> minimizes resource usage by using
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard chunked encoding.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>Under some circumstances, the server must spool request bodies
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard to disk to satisfy the requested handling of request bodies. For
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz example, this spooling will occur if the original body was sent with
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz chunked encoding (and is large), but the administrator has
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz asked for backend requests to be sent with Content-Length or as HTTP/1.0.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard This spooling can also occur if the request body already has a
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz Content-Length header, but the server is configured to filter incoming
dd028aa8111afb6534fece555e8c2d408894671etrawick request bodies.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <p><directive module="core">LimitRequestBody</directive> only applies to
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard request bodies that the server will spool to disk</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <section id="x-headers"><title>Reverse Proxy Request Headers</title>
f714f1a7002928d785e53e70349700a7f595fee3trawick <p>When acting in a reverse-proxy mode (using the <directive
f714f1a7002928d785e53e70349700a7f595fee3trawick module="mod_proxy">ProxyPass</directive> directive, for example),
3568de757bac0b47256647504c186d17ca272f85rbb <module>mod_proxy_http</module> adds several request headers in
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard order to pass information to the origin server. These headers
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <dd>The original host requested by the client in the <code>Host</code>
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim HTTP request header.</dd>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <p>Be careful when using these headers on the origin server, since
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim they will contain more than one (comma-separated) value if the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard original request already contained one of these headers. For
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard example, you can use <code>%{X-Forwarded-For}i</code> in the log
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard format string of the origin server to log the original clients IP
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard address, but you may get more than one address if the request
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz passes through several proxies.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard module="mod_proxy">ProxyPreserveHost</directive> and <directive
3568de757bac0b47256647504c186d17ca272f85rbb module="mod_proxy">ProxyVia</directive> directives, which control
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard other request headers.</p>
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh<description>Container for directives applied to proxied resources</description>
3568de757bac0b47256647504c186d17ca272f85rbb<syntax><Proxy <var>wildcard-url</var>> ...</Proxy></syntax>
3568de757bac0b47256647504c186d17ca272f85rbb<contextlist><context>server config</context><context>virtual host</context>
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim</contextlist>
3568de757bac0b47256647504c186d17ca272f85rbb <p>Directives placed in <directive type="section">Proxy</directive>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz sections apply only to matching proxied content. Shell-style wildcards are
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard allowed.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <p>For example, the following will allow only hosts in
3568de757bac0b47256647504c186d17ca272f85rbb <code>yournetwork.example.com</code> to access content via your proxy
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard server:</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard<Proxy *>
3568de757bac0b47256647504c186d17ca272f85rbb</Proxy>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard </highlight>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>The following example will process all files in the <code>foo</code>
3568de757bac0b47256647504c186d17ca272f85rbb directory of <code>example.com</code> through the <code>INCLUDES</code>
3568de757bac0b47256647504c186d17ca272f85rbb filter when they are sent through the proxy server:</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard SetOutputFilter INCLUDES
3568de757bac0b47256647504c186d17ca272f85rbb</Proxy>
3568de757bac0b47256647504c186d17ca272f85rbb </highlight>
3568de757bac0b47256647504c186d17ca272f85rbb<seealso><directive type="section" module="mod_proxy">ProxyMatch</directive></seealso>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard</directivesynopsis>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick<directivesynopsis>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick<description>Determines how to handle bad header lines in a
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardresponse</description>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz<syntax>ProxyBadHeader IsError|Ignore|StartBody</syntax>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard<contextlist><context>server config</context><context>virtual host</context>
beb70d51e435dc36c56a72b6cd83556c04db9283wrowe</contextlist>
3568de757bac0b47256647504c186d17ca272f85rbb <p>The <directive>ProxyBadHeader</directive> directive determines the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard behaviour of <module>mod_proxy</module> if it receives syntactically invalid
3568de757bac0b47256647504c186d17ca272f85rbb response header lines (<em>i.e.</em> containing no colon) from the origin
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard server. The following arguments are possible:</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard the default behaviour.</dd>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard <dd>Treat bad header lines as if they weren't sent.</dd>
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe <dd>When receiving the first bad header line, finish reading the headers and
397df70abe0bdd78a84fb6c38c02641bcfeadceasf treat the remainder as body. This helps to work around buggy backend servers
397df70abe0bdd78a84fb6c38c02641bcfeadceasf which forget to insert an empty line between the headers and the body.</dd>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard</directivesynopsis>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard<description>Container for directives applied to regular-expression-matched
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawickproxied resources</description>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick<syntax><ProxyMatch <var>regex</var>> ...</ProxyMatch></syntax>
3568de757bac0b47256647504c186d17ca272f85rbb<contextlist><context>server config</context><context>virtual host</context>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard</contextlist>
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick <p>The <directive type="section">ProxyMatch</directive> directive is
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard type="section">Proxy</directive> directive, except it matches URLs
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard using <glossary ref="regex">regular expressions</glossary>.</p>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard<seealso><directive type="section" module="mod_proxy">Proxy</directive></seealso>
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard</directivesynopsis>
3568de757bac0b47256647504c186d17ca272f85rbb<directivesynopsis>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz<description>Use incoming Host HTTP request header for proxy
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardrequest</description>
3568de757bac0b47256647504c186d17ca272f85rbb<contextlist><context>server config</context><context>virtual host</context>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</contextlist>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<compatibility>Usable in directory
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickcontext in 2.3.3 and later.</compatibility>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>When enabled, this option will pass the Host: line from the incoming
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick request to the proxied host, instead of the hostname specified in the
f886987cd0bd4220c14043c4d9be77ec22902e73trawick <p>This option should normally be turned <code>Off</code>. It is mostly
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick useful in special configurations like proxied mass name-based virtual
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick hosting, where the original Host header needs to be evaluated by the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick backend server.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz</directivesynopsis>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz<directivesynopsis>
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick<description>Enables forward (standard) proxy requests</description>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm<contextlist><context>server config</context><context>virtual host</context>
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick</contextlist>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>This allows or prevents Apache httpd from functioning as a forward proxy
3568de757bac0b47256647504c186d17ca272f85rbb server. (Setting ProxyRequests to <code>Off</code> does not disable use of
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm the <directive module="mod_proxy">ProxyPass</directive> directive.)</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>In a typical reverse proxy or gateway configuration, this
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz option should be set to
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>In order to get the functionality of proxying HTTP or FTP sites, you
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz need also <module>mod_proxy_http</module> or <module>mod_proxy_ftp</module>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz (or both) present in the server.</p>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>In order to get the functionality of (forward) proxying HTTPS sites, you
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm need <module>mod_proxy_connect</module> enabled in the server.</p>
36c8049de63c446926139936c3d195330a0539cetrawick module="mod_proxy">ProxyRequests</directive> until you have <a
36c8049de63c446926139936c3d195330a0539cetrawick href="#access">secured your server</a>. Open proxy servers are dangerous
36c8049de63c446926139936c3d195330a0539cetrawick both to your network and to the Internet at large.</p>
36c8049de63c446926139936c3d195330a0539cetrawick<seealso><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></seealso>
36c8049de63c446926139936c3d195330a0539cetrawick</directivesynopsis>
e8f95a682820a599fe41b22977010636be5c2717jim<directivesynopsis>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm<description>Remote proxy used to handle certain requests</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<syntax>ProxyRemote <var>match</var> <var>remote-server</var></syntax>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<contextlist><context>server config</context><context>virtual host</context>
36c8049de63c446926139936c3d195330a0539cetrawick</contextlist>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This defines remote proxies to this proxy. <var>match</var> is either the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick name of a URL-scheme that the remote server supports, or a partial URL
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe for which the remote server should be used, or <code>*</code> to indicate
36c8049de63c446926139936c3d195330a0539cetrawick the server should be contacted for all requests. <var>remote-server</var> is
36c8049de63c446926139936c3d195330a0539cetrawick a partial URL for the remote server. Syntax:</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <var>scheme</var>://<var>hostname</var>[:<var>port</var>]
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p><var>scheme</var> is effectively the protocol that should be used to
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick communicate with the remote server; only <code>http</code> and <code>https</code>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick are supported by this module. When using <code>https</code>, the requests
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick are forwarded through the remote proxy using the HTTP CONNECT method.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick </highlight>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>In the last example, the proxy will forward FTP requests, encapsulated
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick as yet another HTTP proxy request, to another proxy which can handle
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This option also supports reverse proxy configuration - a backend
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick webserver can be embedded within a virtualhost URL space even if that
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick server is hidden by another forward proxy.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<description>Remote proxy used to handle requests matched by regular
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickexpressions</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<syntax>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></syntax>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<contextlist><context>server config</context><context>virtual host</context>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</contextlist>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>The <directive>ProxyRemoteMatch</directive> is identical to the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <directive module="mod_proxy">ProxyRemote</directive> directive, except the
e8f95a682820a599fe41b22977010636be5c2717jim first argument is a <glossary ref="regex">regular expression</glossary>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick match against the requested URL.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm<description>Number of additional Balancers that can be added Post-configuration</description>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <contextlist><context>server config</context><context>virtual host</context></contextlist>
3568de757bac0b47256647504c186d17ca272f85rbb<compatibility>BalancerGrowth is only available in Apache HTTP Server 2.3.13
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp and later.</compatibility>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This directive allows for growth potential in the number of
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick Balancers available for a virtualhost in addition to the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick number pre-configured. It only takes effect if there is at
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick least 1 pre-configured Balancer.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <description>Attempt to persist changes made by the Balancer Manager across restarts.</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <contextlist><context>server config</context><context>virtual host</context></contextlist>
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton <compatibility>BalancerPersist is only available in Apache HTTP Server 2.5.0
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton and later.</compatibility>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>This directive will cause the shared memory storage associated
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick with the balancers and balancer members to be persisted across
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick restarts. This allows these local changes to not be lost during the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
f886987cd0bd4220c14043c4d9be77ec22902e73trawick <description>Inherit ProxyPass directives defined from the main server</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <contextlist><context>server config</context><context>virtual host</context></contextlist>
36c8049de63c446926139936c3d195330a0539cetrawick <compatibility>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later.
36c8049de63c446926139936c3d195330a0539cetrawick and later.</compatibility>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This directive will cause the current server/vhost to "inherit"
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm directives defined in the main server. This can cause issues and
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick inconsistent behavior if using the Balancer Manager for dynamic changes
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick and so should be disabled if using that feature.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>The setting in the global server defines the default for all vhosts.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>Disabling ProxyPassInherit also disables <directive module="mod_proxy">BalancerInherit</directive>.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <description>Inherit proxy Balancers/Workers defined from the main server</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <contextlist><context>server config</context><context>virtual host</context></contextlist>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <compatibility>BalancerInherit is only available in Apache HTTP Server 2.4.4 and later.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick and later.</compatibility>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This directive will cause the current server/vhost to "inherit"
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick Balancers and Workers defined in the main server. This can cause issues and
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick inconsistent behavior if using the Balancer Manager for dynamic changes
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick and so should be disabled if using that feature.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>The setting in the global server defines the default for all vhosts.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>Disabling <directive module="mod_proxy">ProxyPassInherit</directive> also disables BalancerInherit.</p>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick</directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <description>Add a member to a load balancing group</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <syntax>BalancerMember [<var>balancerurl</var>] <var>url</var> [<var
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick </contextlist>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <p>This directive adds a member to a load balancing group. It could be used
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick within a <code><Proxy <var>balancer://</var>...></code> container
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick directive, and can take any of the key value pair parameters available to
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <directive module="mod_proxy">ProxyPass</directive> directives.</p>
e8f95a682820a599fe41b22977010636be5c2717jim <p>One additional parameter is available only to <directive
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick module="mod_proxy">BalancerMember</directive> directives:
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <var>loadfactor</var>. This is the member load factor - a number between 1
f886987cd0bd4220c14043c4d9be77ec22902e73trawick (default) and 100, which defines the weighted load to be applied to the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick member in question.</p>
f886987cd0bd4220c14043c4d9be77ec22902e73trawick <p>The balancerurl is only needed when not in <code><Proxy <var>balancer://</var>...></code>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick container directive. It corresponds to the url of a balancer defined in
f886987cd0bd4220c14043c4d9be77ec22902e73trawick <directive module="mod_proxy">ProxyPass</directive> directive.</p>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>The path component of the balancer URL in any
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <code><Proxy <var>balancer://</var>...></code> container directive
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm is ignored.</p>
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm <p>Trailing slashes should typically be removed from the URL of a
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp</directivesynopsis>
e8f95a682820a599fe41b22977010636be5c2717jim<directivesynopsis>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<description>Set various Proxy balancer or member parameters</description>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick<syntax>ProxySet <var>url</var> <var>key=value [key=value ...]</var></syntax>
44d2e75323651320b480d8bc2f098448a08de4fcwrowe</contextlist>
44d2e75323651320b480d8bc2f098448a08de4fcwrowe <p>This directive is used as an alternate method of setting any of the
44d2e75323651320b480d8bc2f098448a08de4fcwrowe parameters available to Proxy balancers and workers normally done via the
44d2e75323651320b480d8bc2f098448a08de4fcwrowe <directive module="mod_proxy">ProxyPass</directive> directive. If used
44d2e75323651320b480d8bc2f098448a08de4fcwrowe within a <code><Proxy <var>balancer url|worker url</var>></code>
44d2e75323651320b480d8bc2f098448a08de4fcwrowe container directive, the <var>url</var> argument is not required. As a side
44d2e75323651320b480d8bc2f098448a08de4fcwrowe effect the respective balancer or worker gets created. This can be useful
44d2e75323651320b480d8bc2f098448a08de4fcwrowe when doing reverse proxying via a
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick <directive module="mod_rewrite">RewriteRule</directive> instead of a
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick <directive module="mod_proxy">ProxyPass</directive> directive.</p>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz<Proxy balancer://hotcluster>
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe BalancerMember http://www2.example.com:8080 loadfactor=1
3568de757bac0b47256647504c186d17ca272f85rbb BalancerMember http://www3.example.com:8080 loadfactor=2
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe ProxySet lbmethod=bytraffic
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe</Proxy>
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe </highlight>
f886987cd0bd4220c14043c4d9be77ec22902e73trawick ProxySet keepalive=On
f886987cd0bd4220c14043c4d9be77ec22902e73trawick</Proxy>
f886987cd0bd4220c14043c4d9be77ec22902e73trawick </highlight>
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe ProxySet balancer://foo lbmethod=bytraffic timeout=15
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe </highlight>
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ProxySet ajp://backend:7001 timeout=15
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz </highlight>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>Keep in mind that the same parameter key can have a different meaning
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz depending whether it is applied to a balancer or a worker as shown by the two
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz examples above regarding timeout.</p>
98fb535f829e2a95aabd82420931f476661fa8e3jorton</directivesynopsis>
e8f95a682820a599fe41b22977010636be5c2717jim<directivesynopsis>
98fb535f829e2a95aabd82420931f476661fa8e3jorton<description>Maps remote servers into the local server URL-space</description>
98fb535f829e2a95aabd82420931f476661fa8e3jorton<syntax>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var>
e8f95a682820a599fe41b22977010636be5c2717jim <var>[key=value</var> ...]] [nocanon] [interpolate] [noquery]</syntax>
98fb535f829e2a95aabd82420931f476661fa8e3jorton<contextlist><context>server config</context><context>virtual host</context>
98fb535f829e2a95aabd82420931f476661fa8e3jorton</contextlist>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>This directive allows remote servers to be mapped into the
3568de757bac0b47256647504c186d17ca272f85rbb space of the local server; the local server does not act as a
3568de757bac0b47256647504c186d17ca272f85rbb proxy in the conventional sense, but appears to be a mirror of the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding remote server. The local server is often called a <dfn>reverse
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding proxy</dfn> or <dfn>gateway</dfn>. The <var>path</var> is the name of
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding a local virtual path; <var>url</var> is a partial URL for the
85c5af648e9f414bd4f157490766d2fd5515a9f5rpluem remote server and cannot include a query string.</p>
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe module="mod_proxy">ProxyRequests</directive> directive should
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe <p>Suppose the local server has address <code>http://example.com/</code>;
3568de757bac0b47256647504c186d17ca272f85rbb</Location>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz </highlight>
3568de757bac0b47256647504c186d17ca272f85rbb <p>will cause a local request for
3568de757bac0b47256647504c186d17ca272f85rbb <code>http://example.com/mirror/foo/bar</code> to be internally converted
3568de757bac0b47256647504c186d17ca272f85rbb into a proxy request to <code>http://backend.example.com/bar</code>.</p>
3568de757bac0b47256647504c186d17ca272f85rbb <p>The following alternative syntax is possible, however it can carry a
3568de757bac0b47256647504c186d17ca272f85rbb performance penalty when present in very large numbers. The advantage of
ec020ca384efb30d501a5af796ddc3bb237d7b8fgregames the below syntax is that it allows for dynamic control via the
3568de757bac0b47256647504c186d17ca272f85rbb <a href="mod_proxy_balancer.html#balancer_manager">Balancer Manager</a> interface:</p>
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick </highlight>
397df70abe0bdd78a84fb6c38c02641bcfeadceasf <p>If the first argument ends with a trailing <strong>/</strong>, the second
397df70abe0bdd78a84fb6c38c02641bcfeadceasf argument should also end with a trailing <strong>/</strong> and vice
397df70abe0bdd78a84fb6c38c02641bcfeadceasf versa. Otherwise the resulting requests to the backend may miss some
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh needed slashes and do not deliver the expected results.
7cd5419264796cfeaf8215383cf0f89130a81fectrawick <p>The <code>!</code> directive is useful in situations where you don't want
73e8b26287de5c06fa470d36162e103dbac9c7e5wrowe</Location>
b980ad7fdc218b4855cde9f75a747527f50c554dwrowe ProxyPass !
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe</Location>
3568de757bac0b47256647504c186d17ca272f85rbb </highlight>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding </highlight>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>will proxy all requests to <code>/mirror/foo</code> to
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj <code>backend.example.com</code> <em>except</em> requests made to
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <note type="warning"><title>Ordering ProxyPass Directives</title>
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz <p>The configured <directive module="mod_proxy">ProxyPass</directive>
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe and <directive module="mod_proxy">ProxyPassMatch</directive>
3568de757bac0b47256647504c186d17ca272f85rbb rules are checked in the order of configuration. The first rule that
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding matches wins. So usually you should sort conflicting
3568de757bac0b47256647504c186d17ca272f85rbb <directive module="mod_proxy">ProxyPass</directive> rules starting with the
ProxyPass /example http://backend.example.com max=20 ttl=120 retry=300
ProxyPass /special-area http://special.example.com smax=5 max=10
<description>Maps remote servers into the local server URL-space using regular expressions</description>
ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com$1
ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com:8000$1
ProxyPassMatch ^/(.*\.gif)$ http://backend.example.com:8000/$1
<syntax>ProxyBlock *|<var>hostname</var>|<var>partial-hostname</var> [<var>hostname</var>|<var>partial-hostname</var>]...</syntax>
ProxyRemote * http://firewall.example.com:81
.com .example.org.
ProxyDomain .example.com