trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iga...@apache.org
Subject svn commit: r1212186 - /trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
Date Thu, 08 Dec 2011 23:45:43 GMT
Author: igalic
Date: Thu Dec  8 23:45:43 2011
New Revision: 1212186

URL: http://svn.apache.org/viewvc?rev=1212186&view=rev
Log:
First draft of a forward proxy document

Modified:
    trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext

Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext?rev=1212186&r1=1212185&r2=1212186&view=diff
==============================================================================
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
(original)
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
Thu Dec  8 23:45:43 2011
@@ -16,3 +16,63 @@ Notice:    Licensed to the Apache Softwa
            specific language governing permissions and limitations
            under the License.
 Navigation: [*](*)
+
+The Apache Traffic Server is a general purpose *proxy*. As such it can
+also be used as forward proxy.
+
+A forward proxy is can be used as a central tool in your infrastructure
+to access the web. In combination with a cache that means overall reduced
+bandwidth usage.
+
+If your forward proxy is not also configured as [transparent proxy](../transparent-proxy)
+your clients will have to be configured to actually use it.
+
+The main difference between a forward and a transparent proxy is that
+User Agents *know* that they are accessing a proxy, thus forming their
+requests like so:
+
+    GET http://example.com/index.php?id=1337 HTTP/1.1
+
+This request, then is translated by the proxy to
+
+    GET /index?id=1337 HTTP/1.1
+    Host: example.com
+
+Apache Traffic Server offers two ways to User Agents: They can either
+be pointed directly to the default `8080` port. Alternatively, they can
+be pointed to the more dynamic [`proxy.config.url_remap.default_to_server_pac`](../configuration-files/records.config#proxy.config.url_remap.default_to_server_pac)
+
+This port will then serve a JavaScript like configuration that User Agents
+can use to determine where to send their requests to.
+
+
+# Configuration # {#configuration}
+
+In order to configure Apache Traffic Server as forward proxy you will have to
+edit [`records.config`](../configuration-files/records.config) and set
+
+* `CONFIG` [`proxy.config.url_remap.remap_required`](../configuration-files/records.config#proxy.config.url_remap.remap_required)
 `0`
+
+If your proxy is serving as *pure* forward proxy, you will also want to set
+
+* `CONFIG` [`proxy.config.reverse_proxy.enabled`](../configuration-files/records.config#proxy.config.reverse_proxy.enabled)
`0`
+
+Other configuration variables to consider:
+
+* `CONFIG` [`proxy.config.http.no_dns_just_forward_to_parent`](../configuration-files/records.config#proxy.config.http.no_dns_just_forward_to_parent)
+* `CONFIG` [`proxy.config.http.forward.proxy_auth_to_parent`](../configuration-files/records.config#proxy.config.http.forward.proxy_auth_to_parent)
+* `CONFIG` [`proxy.config.http.insert_squid_x_forwarded_for`](../configuration-files/records.config#proxy.config.http.insert_squid_x_forwarded_for)
+
+
+# Security Consideratoins # {#security}
+
+It's important to note that once your Apache Traffic Server is configured as
+forward proxy it will indiscriminately accept proxy requests from anyone.
+That means, if it's reachable on the internet, you have configured an
+*Open Proxy*. Most of the time, this is *not* what you want, so you'll have
+to make sure it's either only reachable within your NAT or is secured by
+firewall rules that permit only those clients to access it which you
+want to it to access.
+
+
+



Mime
View raw message