trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r799975 - /websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
Date Thu, 08 Dec 2011 23:46:02 GMT
Author: buildbot
Date: Thu Dec  8 23:46:01 2011
New Revision: 799975

Staging update by buildbot


Modified: websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
--- websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
+++ websites/staging/trafficserver/trunk/content/docs/trunk/admin/forward-proxy/index.en.html
Thu Dec  8 23:46:01 2011
@@ -57,7 +57,55 @@
     <div class="row content">
       <div class="eightcol">
         <div id="content">
+          <p>The Apache Traffic Server is a general purpose <em>proxy</em>.
As such it can
+also be used as forward proxy.</p>
+<p>A forward proxy is can be used as a central tool in your infrastructure
+to access the web. In combination with a cache that means overall reduced
+bandwidth usage.</p>
+<p>If your forward proxy is not also configured as <a href="../transparent-proxy">transparent
+your clients will have to be configured to actually use it.</p>
+<p>The main difference between a forward and a transparent proxy is that
+User Agents <em>know</em> that they are accessing a proxy, thus forming their
+requests like so:</p>
+<div class="codehilite"><pre><span class="n">GET</span> <span
class="n">http:</span><span class="sr">//</span><span class="n">example</span><span
class="o">.</span><span class="n">com</span><span class="sr">/index.php?id=1337
HTTP/</span><span class="mf">1.1</span>
+<p>This request, then is translated by the proxy to</p>
+<div class="codehilite"><pre><span class="n">GET</span> <span
class="sr">/index?id=1337 HTTP/</span><span class="mf">1.1</span>
+<span class="n">Host:</span> <span class="n">example</span><span
class="o">.</span><span class="n">com</span>
+<p>Apache Traffic Server offers two ways to User Agents: They can either
+be pointed directly to the default <code>8080</code> port. Alternatively, they
+be pointed to the more dynamic <a href="../configuration-files/records.config#proxy.config.url_remap.default_to_server_pac"><code>proxy.config.url_remap.default_to_server_pac</code></a></p>
+<p>This port will then serve a JavaScript like configuration that User Agents
+can use to determine where to send their requests to.</p>
+<h1 id="configuration">Configuration</h1>
+<p>In order to configure Apache Traffic Server as forward proxy you will have to
+edit <a href="../configuration-files/records.config"><code>records.config</code></a>
and set</p>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.url_remap.remap_required"><code>proxy.config.url_remap.remap_required</code></a>
+<p>If your proxy is serving as <em>pure</em> forward proxy, you will also
want to set</p>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.reverse_proxy.enabled"><code>proxy.config.reverse_proxy.enabled</code></a>
+<p>Other configuration variables to consider:</p>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.no_dns_just_forward_to_parent"><code>proxy.config.http.no_dns_just_forward_to_parent</code></a></li>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.forward.proxy_auth_to_parent"><code>proxy.config.http.forward.proxy_auth_to_parent</code></a></li>
+<li><code>CONFIG</code> <a href="../configuration-files/records.config#proxy.config.http.insert_squid_x_forwarded_for"><code>proxy.config.http.insert_squid_x_forwarded_for</code></a></li>
+<h1 id="security">Security Consideratoins</h1>
+<p>It's important to note that once your Apache Traffic Server is configured as
+forward proxy it will indiscriminately accept proxy requests from anyone.
+That means, if it's reachable on the internet, you have configured an
+<em>Open Proxy</em>. Most of the time, this is <em>not</em> what
you want, so you'll have
+to make sure it's either only reachable within your NAT or is secured by
+firewall rules that permit only those clients to access it which you
+want to it to access.</p>
       <div class="fourcol last">

View raw message