Controlling


You can control who can access your proxy via the normal <Directory> control block using the following example:
<Directory proxy:*>
order deny,allow
deny from \[machines you'd like *not* to allow by IP address or name\]
allow from \[machines you'd like to allow by IP address or name\]
</Directory>

A <Files> block will also work, and is the only method known to work for all possible URLs in Apache versions earlier than 1.2b10.

Using Netscape hostname shortcuts

There is an optional patch to the proxy module to allow Netscape-like hostname shortcuts to be used. It's available from the contrib/patches/1.2 directory on the Apache Web site.

Why doesn't file type xxx download via FTP?

You probably don't have that particular file type defined as application/octet-stream in your proxy's mime.types configuration file. A useful line can be
application/octet-stream        bin dms lha lzh exe class tgz taz

How can I force an FTP ASCII download of File xxx?

In the rare situation where you must download a specific file using the FTP ASCII transfer method (while the default transfer is in binary mode), you can override mod_proxy's default by suffixing the request with ;type=a to force an ASCII transfer.

Why does Apache start more slowly when using the proxy module?

If you're using the ProxyBlock or NoCache directives, hostnames' IP addresses are looked up and cached during startup for later match test. This may take a few seconds (or more) depending on the speed with which the hostname lookups occur.

Can I use the Apache proxy module with my SOCKS proxy?

Yes. Just build Apache with the rule SOCKS4=yes in your Configuration file, and follow the instructions there. SOCKS5 capability can be added in a similar way (there's no SOCKS5 rule yet), so use the EXTRA_LDFLAGS definition, or build Apache normally and run it with the runsocks wrapper provided with SOCKS5, if your OS supports dynamically linked libraries.

Some users have reported problems when using SOCKS version 4.2 on Solaris. The problem was solved by upgrading to SOCKS 4.3.

Remember that you'll also have to grant access to your Apache proxy machine by permitting connections on the appropriate ports in your SOCKS daemon's configuration.

What other functions are useful for an intranet proxy server?

An Apache proxy server situated in an intranet needs to forward external requests through the company's firewall. However, when it has to access resources within the intranet, it can bypass the firewall when accessing hosts. The NoProxy directive is useful for specifying which hosts belong to the intranet and should be accessed directly.

Users within an intranet tend to omit the local domain name from their WWW requests, thus requesting "http://somehost/" instead of "http://somehost.my.dom.ain/". Some commercial proxy servers let them get away with this and simply serve the request, implying a configured local domain. When the ProxyDomain directive is used and the server is configured for proxy service, Apache can return a redirect response and send the client to the correct, fully qualified, server address. This is the preferred method since the user's bookmark files will then contain fully qualified hosts.