trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1212186 - /trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
Date Thu, 08 Dec 2011 23:45:43 GMT
Author: igalic
Date: Thu Dec  8 23:45:43 2011
New Revision: 1212186

First draft of a forward proxy document


Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/forward-proxy/index.en.mdtext
Thu Dec  8 23:45:43 2011
@@ -16,3 +16,63 @@ Notice:    Licensed to the Apache Softwa
            specific language governing permissions and limitations
            under the License.
 Navigation: [*](*)
+The Apache Traffic Server is a general purpose *proxy*. As such it can
+also be used as forward proxy.
+A forward proxy is can be used as a central tool in your infrastructure
+to access the web. In combination with a cache that means overall reduced
+bandwidth usage.
+If your forward proxy is not also configured as [transparent proxy](../transparent-proxy)
+your clients will have to be configured to actually use it.
+The main difference between a forward and a transparent proxy is that
+User Agents *know* that they are accessing a proxy, thus forming their
+requests like so:
+    GET HTTP/1.1
+This request, then is translated by the proxy to
+    GET /index?id=1337 HTTP/1.1
+    Host:
+Apache Traffic Server offers two ways to User Agents: They can either
+be pointed directly to the default `8080` port. Alternatively, they can
+be pointed to the more dynamic [`proxy.config.url_remap.default_to_server_pac`](../configuration-files/records.config#proxy.config.url_remap.default_to_server_pac)
+This port will then serve a JavaScript like configuration that User Agents
+can use to determine where to send their requests to.
+# Configuration # {#configuration}
+In order to configure Apache Traffic Server as forward proxy you will have to
+edit [`records.config`](../configuration-files/records.config) and set
+* `CONFIG` [`proxy.config.url_remap.remap_required`](../configuration-files/records.config#proxy.config.url_remap.remap_required)
+If your proxy is serving as *pure* forward proxy, you will also want to set
+* `CONFIG` [`proxy.config.reverse_proxy.enabled`](../configuration-files/records.config#proxy.config.reverse_proxy.enabled)
+Other configuration variables to consider:
+* `CONFIG` [`proxy.config.http.no_dns_just_forward_to_parent`](../configuration-files/records.config#proxy.config.http.no_dns_just_forward_to_parent)
+* `CONFIG` [`proxy.config.http.forward.proxy_auth_to_parent`](../configuration-files/records.config#proxy.config.http.forward.proxy_auth_to_parent)
+* `CONFIG` [`proxy.config.http.insert_squid_x_forwarded_for`](../configuration-files/records.config#proxy.config.http.insert_squid_x_forwarded_for)
+# Security Consideratoins # {#security}
+It's important to note that once your Apache Traffic Server is configured as
+forward proxy it will indiscriminately accept proxy requests from anyone.
+That means, if it's reachable on the internet, you have configured an
+*Open Proxy*. Most of the time, this is *not* what you want, so you'll have
+to make sure it's either only reachable within your NAT or is secured by
+firewall rules that permit only those clients to access it which you
+want to it to access.

View raw message