1

I need to find a way to proxy some traffic on port 80 to tinyproxy running on a separate port. We have a client working behind a very strict firewall with only port 80 open (and cannot get to sites like meebo.com, etc). I was hoping I could create a CNAME to our domain and a virtual host on apache, catch the request for that new CNAME and forward the traffic right to tinyproxy running on the same box.

I know tinyproxy is setup and working correctly, however, when I try to pass in my traffic through Apache, I don't even see any traffic.

Does anyone have a proposed solution? Here is my VirtualHost entry:

<VirtualHost *:80>
    ServerName sub.domain.com
    ProxyPass / http://127.0.0.1:50001/
    ProxyPassReverse / http://127.0.0.1:50001/
</VirtualHost>

where Tinyproxy is running on port 50001.

4

2 回答 2

0

I don't think it's going to be possible.

ProxyPass is for opaque proxying of web-servers - not redirecting to a proxy. But it might have worked except that AFAIK VirtualHost can only be identified by the Host: header in the http request - so only works for the real request.

In other words - the clients will set a Host: header for the site they want to reach, so your virtualHost is never used.

于 2009-01-23T18:31:50.090 回答
0

澄清一下,您的域的主机名是http://sub.domain.com/ ...,并且您已验证 Tinyproxy 在通过 tinyproxyhost:50001 请求时为您的站点提供服务?

我会考虑在您的网关上使用 iptables 来选择性地 NAT 请求以端口 80 上的 sub.domain.com 到端口 50001 上的 tinyproxyhost。假设 sub.domain.com 位于地址 12.34.56.78,并且该 tinyproxy 在 10.11.12.13 上运行:

iptables -t nat -A PREROUTING -p tcp -d 12.34.56.78 --dport 80 -j DNAT \
    --到 10.11.12.13:50001

如果你真的想继续使用 Apache,你确定你已经完全启用了 mod_proxy 吗?确保您的配置中也包含以下内容:

代理请求关闭


订单拒绝,允许
允许所有人

当您尝试在此配置中访问http://sub.domain.com时会发生什么?您在 Apache 中得到什么access_log输出error_log

于 2009-05-02T17:51:17.720 回答