Apache 2.0 Reverse Proxy for v6 access to v4 servers
Jeroen Massar
jeroen@unfix.org
Mon, 22 Apr 2002 20:00:17 +0200
Phil Benchoff wrote:
> Jeroen Massar <jeroen@unfix.org> wrote:
> > http://www.ipng.nl runs IPv6 & IPv4 in one Apache 1.3
> > http://games.concepts.nl runs IPv6 & IPv4 in one Apache 2.0.32 and
it's
> > 'abused' for a nice caching trick to allow IPv4-only webservers,
like
> > the current available IIS :(, to be accessed over IPv6:
> >
> > <VirtualHost *>
> > ServerAdmin webmaster@example.org
> > ServerName www.example.org
> > ServerAlias www.ipv6.example.org
> > ProxyRequests On
> > ProxyPass / http://www.ipv4.example.org/
> > ProxyPassReverse / http://www.ipv4.example.org/
> > </VirtualHost>
>
>
> I have been playing with this same thing through various betas of
Apache 2.0
> and the released 2.0.35. The cool thing about this is that
authentication
> is passed through the reverse proxy, i.e. password-protected pages are
> still password protected. You have to be careful about things
protected
> by IP address or domain name since the v-4 server sees the access from
> the reverse proxy. (Note: I do not have "Proxy Requests On"
> in my config.)
One will always see the request coming from the proxy's address ofcourse
;)
You could forge that in some weird ways but that would require setting
up stuff
on the remote side and that's exactly what I didn't want to do in this
case.
> Since I started playing with this, I have had problems with partial
data
> being returned. It has improved with the various releases, but I
still
> see it in 2.0.35. A typical example looks like this:
>
> [Mon Apr 22 08:53:10 2002] [error] [client <v6 address> ]
> proxy: Error reading from remote server returned by
> /img/misc/vt-logo.gif, referer:
http://<whtever>.ip6.vt.edu/public/toc.html
>
> It appears that the Apache 2.0 server tries to fetch
> htdocs/error/HTTP_BAD_GATEWAY.html.var after this happens. I haven't
looked
> at it enough to figure out exactly what is going on yet. I've only
tested
> under Linux, and may try a FreeBSD or Tru64 version to see if that
makes
> a difference.
>
> Anybody else see this problem?
Yeps..... but it went away when I started using the local IPv4 proxy
cache ;)
Simply add "ProxyRemote * proxy.example.org".
Which was the easier way out as I didn't want to add www.ipv4.<realhost>
to every proxied host.
This usually also fixes the bypassing of the IP's as the local proxy is
known to be non-trusted anyways.
Untill one decaffed admin comes along ofcourse. The box
(http://games.concepts.nl) has an Archive of
all kinds of game-patches which go up to 150mb per file sometimes, and
they all get served up cleanly.
To make it a bit more related, Quakeworld and Quake2 IPv6 are mirrored
and running there too ;)
Greets,
Jeroen