From: Joshua Slive Date: Tue, 18 Oct 2005 15:54:54 +0000 (+0000) Subject: Proxy docs changes: X-Git-Tag: 2.3.0~2860 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49c38a56c304b5d6e25931aba7972f04749fd3ca;p=thirdparty%2Fapache%2Fhttpd.git Proxy docs changes: - Move ftp-related questions to mod_proxy_ftp. - Document the proxy-sendcl and proxy-sendchunked env variables. - Improve the docs on the other proxy env variables. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@326130 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/env.xml b/docs/manual/env.xml index 54ff341213a..c92dc929411 100644 --- a/docs/manual/env.xml +++ b/docs/manual/env.xml @@ -366,6 +366,13 @@ +
force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked, proxy-sendcl + +

These directives alter the protocol behavior of + mod_proxy. See the mod_proxy + documentation for more details.

+
+
@@ -374,8 +381,10 @@
Changing protocol behavior with misbehaving clients -

We recommend that the following lines be included in - httpd.conf to deal with known client problems.

+

Earlier versions recommended that the following lines be included in + httpd.conf to deal with known client problems. Since the affected clients + are no longer seen in the wild, this configuration is likely no-longer + necessary.

 #
 # The following directives modify normal HTTP response behavior.
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 08631693f22..ea49e730119 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -188,105 +188,6 @@
-
FTP Proxy - - -
Why doesn't file type <var>xxx</var> - download via FTP? -

You probably don't have that particular file type defined as - application/octet-stream in your proxy's mime.types - configuration file. A useful line can be

- - -
application/octet-stream   bin dms lha lzh exe class tgz taz
- -

Alternatively you may prefer to default everything to binary:

- -
DefaultType application/octet-stream
- -
- -
How can I force an FTP ASCII download of - File <var>xxx</var>? -

In the rare situation where you must download a specific file using the - FTP ASCII transfer method (while the default transfer is in - binary mode), you can override mod_proxy's - default by suffixing the request with ;type=a to force an - ASCII transfer. (FTP Directory listings are always executed in ASCII mode, - however.)

-
- -
How can I do FTP upload? -

Currently, only GET is supported for FTP in mod_proxy. You can - of course use HTTP upload (POST or PUT) through an Apache proxy.

-
- -
How can I access FTP files outside - of my home directory? -

An FTP URI is interpreted relative to the home directory of the user - who is logging in. Alas, to reach higher directory levels you cannot - use /../, as the dots are interpreted by the browser and not actually - sent to the FTP server. To address this problem, the so called Squid - %2f hack was implemented in the Apache FTP proxy; it is a - solution which is also used by other popular proxy servers like the Squid Proxy Cache. By - prepending /%2f to the path of your request, you can make - such a proxy change the FTP starting directory to / (instead - of the home directory). For example, to retrieve the file - /etc/motd, you would use the URL:

- - - ftp://user@host/%2f/etc/motd - -
- -
How can I hide the FTP cleartext password - in my browser's URL line? -

To log in to an FTP server by username and password, Apache uses - different strategies. In absense of a user name and password in the URL - altogether, Apache sends an anonymous login to the FTP server, - i.e.,

- - - user: anonymous
- password: apache_proxy@ - - -

This works for all popular FTP servers which are configured for - anonymous access.

- -

For a personal login with a specific username, you can embed the user - name into the URL, like in:

- - - ftp://username@host/myfile - - -

If the FTP server asks for a password when given this username (which - it should), then Apache will reply with a 401 (Authorization - required) response, which causes the Browser to pop up the - username/password dialog. Upon entering the password, the connection - attempt is retried, and if successful, the requested resource is - presented. The advantage of this procedure is that your browser does not - display the password in cleartext (which it would if you had used

- - - ftp://username:password@host/myfile - - -

in the first place).

- - Note -

The password which is transmitted in such a way is not encrypted on - its way. It travels between your browser and the Apache proxy server in - a base64-encoded cleartext string, and between the Apache proxy and the - FTP server as plaintext. You should therefore think twice before - accessing your FTP server via HTTP (or before accessing your personal - files via FTP at all!) When using unsecure channels, an eavesdropper - might intercept your password on its way.

- -
-
Slow Startup

If you're using the ProxyBlock directive, hostnames' IP addresses are looked up @@ -319,10 +220,12 @@

Protocol Adjustments -

For circumstances where you have a application server which doesn't - implement keepalives or HTTP/1.1 properly, there are 2 environment - variables which when set send a HTTP/1.0 with no keepalive. These are set - via the SetEnv directive.

+

For circumstances where mod_proxy is sending + requests to an origin server that doesn't properly implement + keepalives or HTTP/1.1, there are two environment variables that can force the + request to use HTTP/1.0 with no keepalive. These are set via the + SetEnv directive.

These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

@@ -336,8 +239,29 @@ </Location> +
+
Request Bodys + +

Some request methods such as POST include a request body. + The HTTP protocol requires that requests which include a body + either use chunked transfer encoding or send a + Content-Length request header. When passing these + requests on to the origin server, mod_proxy_http + will always attempt to send the Content-Length. But + if the body is large and the original request used chunked + encoding, then chunked encoding may also be used in the upstream + request. You can control this selection using environment variables. Setting + proxy-sendcl ensures maximum compatibility with + upstream servers by always sending the + Content-Length, while setting + proxy-sendchunked minimizes resource usage by using + chunked encoding.

+ +
+ Proxy Container for directives applied to proxied resources diff --git a/docs/manual/mod/mod_proxy_ftp.xml b/docs/manual/mod/mod_proxy_ftp.xml index db6e09ebec3..c3ccac7617b 100644 --- a/docs/manual/mod/mod_proxy_ftp.xml +++ b/docs/manual/mod/mod_proxy_ftp.xml @@ -48,4 +48,101 @@ mod_proxy +
Why doesn't file type <var>xxx</var> + download via FTP? +

You probably don't have that particular file type defined as + application/octet-stream in your proxy's mime.types + configuration file. A useful line can be

+ + +
application/octet-stream   bin dms lha lzh exe class tgz taz
+ +

Alternatively you may prefer to default everything to binary:

+ +
DefaultType application/octet-stream
+ +
+ +
How can I force an FTP ASCII download of + File <var>xxx</var>? +

In the rare situation where you must download a specific file using the + FTP ASCII transfer method (while the default transfer is in + binary mode), you can override mod_proxy's + default by suffixing the request with ;type=a to force an + ASCII transfer. (FTP Directory listings are always executed in ASCII mode, + however.)

+
+ +
How can I do FTP upload? +

Currently, only GET is supported for FTP in mod_proxy. You can + of course use HTTP upload (POST or PUT) through an Apache proxy.

+
+ +
How can I access FTP files outside + of my home directory? +

An FTP URI is interpreted relative to the home directory of the user + who is logging in. Alas, to reach higher directory levels you cannot + use /../, as the dots are interpreted by the browser and not actually + sent to the FTP server. To address this problem, the so called Squid + %2f hack was implemented in the Apache FTP proxy; it is a + solution which is also used by other popular proxy servers like the Squid Proxy Cache. By + prepending /%2f to the path of your request, you can make + such a proxy change the FTP starting directory to / (instead + of the home directory). For example, to retrieve the file + /etc/motd, you would use the URL:

+ + + ftp://user@host/%2f/etc/motd + +
+ +
How can I hide the FTP cleartext password + in my browser's URL line? +

To log in to an FTP server by username and password, Apache uses + different strategies. In absense of a user name and password in the URL + altogether, Apache sends an anonymous login to the FTP server, + i.e.,

+ + + user: anonymous
+ password: apache_proxy@ + + +

This works for all popular FTP servers which are configured for + anonymous access.

+ +

For a personal login with a specific username, you can embed the user + name into the URL, like in:

+ + + ftp://username@host/myfile + + +

If the FTP server asks for a password when given this username (which + it should), then Apache will reply with a 401 (Authorization + required) response, which causes the Browser to pop up the + username/password dialog. Upon entering the password, the connection + attempt is retried, and if successful, the requested resource is + presented. The advantage of this procedure is that your browser does not + display the password in cleartext (which it would if you had used

+ + + ftp://username:password@host/myfile + + +

in the first place).

+ + Note +

The password which is transmitted in such a way is not encrypted on + its way. It travels between your browser and the Apache proxy server in + a base64-encoded cleartext string, and between the Apache proxy and the + FTP server as plaintext. You should therefore think twice before + accessing your FTP server via HTTP (or before accessing your personal + files via FTP at all!) When using unsecure channels, an eavesdropper + might intercept your password on its way.

+ +
+ +