Apache acts as a reverse proxy server

Apache proxy is divided into forward proxy and reverse proxy

1. Forward Proxy: the client cannot directly access the external web. You must set up a proxy server in the network where the client is located, the client accesses the external web through the proxy server (the proxy server needs to be set in the browser of the client)

Applicable to: ① LAN Proxy Server (generally gateway, equivalent to the common usage of squid)

② Access the proxy server of a restricted network. For example, if CERNET accesses some foreign websites, you need to find a proxy.

2. Reverse Proxy: the client can access the external web, but cannot access the target web. A machine in the network where the target web is located acts as the proxy for the target web, the client directly accesses the Proxy just like accessing the target web (this proxy is transparent to the client, that is, the client does not need to set up any settings, and does not know that the actual access is only a proxy, that is, the access target)

Applicable to: ① A target machine in the idc is only open to the web. If an external client needs to access the machine, another machine is allowed to act as a proxy. direct external access to the proxy is equivalent to accessing the target machine.

② A special web service on the target machine of the idc runs on an abnormal port such as 9000, while the firewall only opens 80. At this time, proxy ing can be performed on 80 to 9000, external access 80 equals 9000

Simple:

In this example
The host 192.168.0.114 is our reverse proxy server.
Apache/2.0.63 runs on its port 80
VM with two domain names on it
Www.a.org
Www. B .org
The effect to be achieved is:
Accessing www.a.org is equivalent to accessing another machine 192.168.0.115.
Accessing www. B .org is equivalent to accessing port 9000 of the local machine.
Apache's proxy function is implemented by its proxy module. There are two ways to load the module: static and dynamic:
Static Loading
Static Loading is compiled into apache during compilation. The compilation parameters are as follows:
"./Configure "\
"-Prefix =/usr/local/apache3 "\
"-- Enable-so "\
"-- Enable-rewrite "\
"-- With-mpm = prefork "\
"-- Enable-proxy" \ (this parameter is enabled by the proxy module)
View the module list after installation.
/Usr/local/apache3/bin/httpd-l
Display
Compiled in modules:
Core. c
Mod_access.c
Mod_auth.c
Mod_include.c
Mod_log_config.c
Mod_env.c
Mod_setenvif.c
Mod_proxy.c
Proxy_connect.c
Proxy_ftp.c
Proxy_http.c
Prefork. c
Http_core.c
.......
Edit the configuration file httpd. conf.
In the VM Section
NameVirtualHost *: 80
<VirtualHost *: 80>
ServerAdmin webmaster@dummy-host.example.com
ServerName www.a.org
ProxyRequests Off
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPass/http: // 192.168.0.115/
ProxyPassReverse/http: // 192.168.0.115/
</VirtualHost>
<VirtualHost *: 80>
ServerAdmin webmaster@dummy-host.example.com
ServerName www. B .org
ProxyRequests Off
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPass/http: // 127.0.0.1: 9000/
ProxyPassReverse/http: // 127.0.0.1: 9000/
</VirtualHost>
2. Dynamic Loading
Dynamic Loading: compiled into an installed apache (compiled into the dso module)
Apache installed in/usr/local/apache2
Go to the Module Directory of apache source code for compilation.
Cd httpd-2.0.63/modules/proxy/
/Usr/local/apache2/bin/apxs-c-I-a mod_proxy.c proxy_connect.c proxy_http.c proxy_util.c
The output shows that mod_proxy.so has been generated under the modules directory of apache and has been activated in httpd. conf.
Cd/usr/local/apache2/conf/
Ls ../modules/See mod_prxoy.so
Edit configuration file
Vi httpd. conf
Modify as follows:
Load Module
LoadModule proxy_module modules/mod_proxy.so (this sentence is generated during compilation and activation)
LoadModule proxy_http_module modules/mod_proxy.so (this sentence must be manually added)
Add
NameVirtualHost *: 80
<VirtualHost *: 80>
ServerAdmin webmaster@dummy-host.example.com
ServerName www.a.org
ProxyRequests Off
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPass/http: // 192.168.0.115/
ProxyPassReverse/http: // 192.168.0.115/
</VirtualHost>
<VirtualHost *: 80>
ServerAdmin webmaster@dummy-host.example.com
ServerName www. B .org
ProxyRequests Off
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPass/http: // 127.0.0.1: 9000/
ProxyPassReverse/http: // 127.0.0.1: 9000/
</VirtualHost>
Restart apache to take effect
Note:
If LoadModule proxy_http_module modules/mod_proxy.so is not added, the browser page cannot be opened.
Forbidden
You don't have permission to access/on this server.
The log acess_log is displayed.
192.168.0.28--[03/Jun/2009: 16: 16: 27 + 0800] "GET /? SessionId = 4293567494722637330 & rand = 1244014624405 & CONTEXT = 0 & page = com. othe
R. AjaxWhoWhatUpdate & xrand = 1244016991554 & wwRandId = 1244014624405 & wwBugId = 2341 & wwType = View HTTP/1.1 "403 315
Or
192.168.0.28--[03/Jun/2009: 17: 10: 32 + 0800] "GET/HTTP/1.1" 403 315
Error 403
Display in error_log
[Wed Jun 03 17:08:46 2009] [warn] proxy: No protocol handler was valid for the URL/. If you are using a DSO version of mod_p
Roxy, make sure the proxy submodules are encoded in the configuration using LoadModule.

Apache-multi-site log analysis

Install Apache that supports SSL in Ubuntu 13.10

Disguise Apache to prevent Web Server intrusion

Compiling and installing the Apache Python module mod_wsgi

Enterprise Shell script analysis and Apache Log cutting practices