hello Daniel thanks your interest. ----- Original Message ----- From: "Daniel Ruggeri" <drugg...@primary.net> To: <dev@httpd.apache.org> Sent: Wednesday, August 04, 2010 9:11 AM Subject: Re: [PATCH] tproxy2 patch to the apache 2.2.15
> On 8/3/2010 9:57 AM, JeHo Park wrote: >> hello ~ >> it's my first mail to apache dev .. and i am beginner of the apache. :-) >> Anyway ... recently, i wrote transparent proxy [tproxy2] patch to the >> httpd-2.2.15 >> because i needed web proxy and needed to know the source address of >> any client who try to connect to my web server >> and after all, i tested the performance of my patched tproxy with >> AVALANCHE 2900. if anyone ask me the performance result, i will send >> it to him [the size of the test result pdf is big size] >> *- here is the platform infomation this patch applied ---* >> 1. OS >> CentOS release 5.2 (Final) >> 2. KERNEL >> Linux version 2.6.18-194.el5-tproxy2 (r...@localhost.localdomain >> <mailto:r...@localhost.localdomain>) >> (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) >> #10 SMP Wed May 26 17:35:19 KST 2010 >> 3. iptables >> iptables-1.3.8 + tproxy2 supporting patch >> *-- here is the usage of tproxy2 patched httpd configuration ---* >> httpd.conf >> <VirtualHost 192.168.200.1:80> >> ProxyTproxy On # On/Off flag >> ProxyTPifaddr 192.168.200.1 # IP address of bridge interface br0. >> example) br0 = eth0 + eth1 .... >> </VirtualHost> >> i attach the kernel tproxy2 patch to the kernel >> above[2.6.18-194.el5-tproxy2 ], httpd-2.2.15 tproxy2 patch and kernel >> configuration for tproxy2 >> above all, i want to know my patch is available or not .. and want >> feedback from anyone :-) > > JeHo; > Hi, can you help me understand what the usage case is for this patch? as far as i know, there is another modules for IP transparency for example tproxy4 and X-Forwarded-For ...etc. but tproxy4 is only available from kernel version 2.6.24 and above X-Forwarded-For make the L3, L4 security box unavailable, because the main function of the x-Forwarded-for is to make the web server know client IP address, we can't sure whether there are some another security box [L3, L4 ..firewall ] between the proxy and web server, in this point, X-Forwarded-For make the security box unavailable. > What service or capability does it provide that is not currently available? i just tested the patch in my local network. it worked right and i did performance test with the avalanche. but i didn't test it in field .. and various network environment. so i hope so many people use, test this patch > -- > Daniel Ruggeri >
