I've never used Apache as a transparent proxy I've always used squid.
On Thu, Feb 12, 2009 at 7:50 PM, Pranav Desai <pranavade...@gmail.com> wrote: > Hello All, > > I am trying to setup Apache 2.2.9 as a transparent proxy. So that the > users don't have to configure their browsers. Now the URLs coming in > are relative for transparent proxy, so normally apache tries to look > it up on the filesystem and it obviously fails. So I added a > RewriteRule to convert the relative to absolute URLs. > > RewriteEngine On > RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P] > RewriteLog "logs/rewrite_log" > RewriteLogLevel 5 > > Now, it works perfectly for all traffic expect the one that is > destined for the server itself. E.g. > http://<apache_proxy_ip>:<port>/ > > Whenever I access the above link, the rewrite engine loops and the > server reaches the MaxClient. I have included the log below. > > So, I added some conditions to not apply the RewriteRule for HOST > destined to the server. > RewriteCond %{HTTP_HOST} !10.1.0.206.* > RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P] > > I wanted to confirm if this is the right way to do transparent proxy > or is there a better way to make it more solid ? > > Just to mention, I want it to act primarily like a proxy server, so > losing/blocking all webserver functionality is also fine, as long as I > get the /server-status page. But I dont want a single url to fail the > server. So I will be fine if there is a better way to get the > transparency working while affecting the webserver. > > Thanks for your time. > > -- Pranav > > > ============== lots of these message in the rewrite_log =============== > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite > engine with requested uri / > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern > '^/(.*)' to uri '/' > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond: > input='/' pattern='!^/server. > *' => matched > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -> > 'http://10.1.0.206:2901/' > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing > proxy-throughput with http://10.1. > 0.206:2901/ > 10.1.0.156 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with > proxy request proxy:http://1 > 0.1.0.206:2901/ [OK] > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) init rewrite > engine with requested uri / > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (3) applying pattern > '^/(.*)' to uri '/' > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (4) RewriteCond: > input='/' pattern='!^/server. > *' => matched > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) rewrite '/' -> > 'http://10.1.0.206:2901/' > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (2) forcing > proxy-throughput with http://10.1. > 0.206:2901/ > 10.1.0.206 - - [12/Feb/2009:17:51:09 --0800] > [10.1.0.206/sid#1a5bdab8][rid#1a6d66b8/initial] (1) go-ahead with > proxy request proxy:http://1 > 0.1.0.206:2901/ [OK] >
