Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
cannot use cache in forward proxy configuration
lbcbash at gmail
Jan 24, 2023, 7:28 AM
Post #1 of 11 (759 views)
Permalink
Hi all,
i'm trying to use apache httpd as a forward proxy (named "httpd-proxy"
below ) with cache content

user (me) => httpd-proxy => target_proxy:9999

i test this with:
chromium --proxy-server=httpd-proxy:80
*it work, i can browse the web,* *but there is no cache at all*, httpd is
in debug mode, there is no reference to any cache ( it's very verbose about
the proxy part so i know the debug + the forward proxy actually work

Apache/2.4.54 (Unix)
debian 11
in my acces log:

86.164.123.129 - - - [24/Jan/2023:16:24:30 +0100] "CONNECT
fonts.gstatic.com:443 HTTP/1.1" 200
86.164.123.129 - - - [24/Jan/2023:16:24:33 +0100] "CONNECT
i.stack.imgur.com:443 HTTP/1.1" 200
86.164.123.129 - - - [24/Jan/2023:16:24:33 +0100] "CONNECT
i.stack.imgur.com:443 HTTP/1.1" 200

syslog:
Jan 24 16:25:43 httpd-proxy httpd[10589]: [proxy:debug] [pid 10589]
mod_proxy.c(1503): [client 86.164.123.129:29806] AH01143: Running scheme
cdn.cookielaw.org handler (attempt 0)
Jan 24 16:25:43 httpd-proxy httpd[10589]: [proxy_http:debug] [pid 10589]
mod_proxy_http.c(1870): [client 86.164.123.129:29806] AH01113: HTTP:
declining URL cdn.cookielaw.org:443
Jan 24 16:25:43 httpd-proxy httpd[10589]: [proxy_connect:debug] [pid 10589]
mod_proxy_connect.c(196): [client 86.164.123.129:29806] AH01019: connecting
cdn.cookielaw.org:443 to cdn.cookielaw.org:443
Jan 24 16:25:44 httpd-proxy httpd[10581]: [core:debug] [pid 10581]
vhost.c(1188): [client 86.164.123.129:28313] AH02417: Replacing host header
'cdn.cookielaw.org:443' with host 'cdn.cookielaw.org:443' given in the
request uri
Jan 24 16:25:44 httpd-proxy httpd[10581]: [authz_core:debug] [pid 10581]
mod_authz_core.c(843): [client 86.164.123.129:28313] AH01628: authorization
result: granted (no directives)
Jan 24 16:25:44 httpd-proxy httpd[10581]: [proxy:debug] [pid 10581]
mod_proxy.c(1503): [client 86.164.123.129:28313] AH01143: Running scheme
cdn.cookielaw.org handler (attempt 0)
Jan 24 16:25:44 httpd-proxy httpd[10581]: [proxy_http:debug] [pid 10581]
mod_proxy_http.c(1870): [client 86.164.123.129:28313] AH01113: HTTP:
declining URL cdn.cookielaw.org:443
Jan 24 16:25:44 httpd-proxy httpd[10581]: [proxy_connect:debug] [pid 10581]
mod_proxy_connect.c(196): [client 86.164.123.129:28313] AH01019: connecting
cdn.cookielaw.org:443 to cdn.cookielaw.org:443

mkdir -p /var/cache/apache2/mod_cache_disk/
mkdir -p /var/cache/apache2/mod_cache_lock/
chown -R web: /var/cache/apache2/mod_cache_* #apache is running under
"web" user

here is the config for "httpd-proxy"

LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule ssl_module modules/mod_ssl.so

CacheEnable disk /

#tried this suggestion from serverfault.com, any input on this ?
#CacheEnable disk http://

CacheRoot /var/cache/apache2/mod_cache_disk/
CacheQuickHandler off
CacheLock on
CacheLockPath /var/cache/apache2/mod_cache_lock/
CacheLockMaxAge 5
CacheHeader On
CacheDetailHeader On
CacheStoreExpired On
CacheStoreNoStore On
CacheIgnoreNoLastMod On
CacheIgnoreCacheControl On

LogLevel debug
LogFormat "%h %{cache-status}e %l %u %t \"%r\" %>s " common
CustomLog "|/usr/bin/logger -p local1.info -t access_log" common
ErrorLog syslog

Header unset Expires
Header unset Cache-Control
Header unset Pragma

ExpiresActive On
ExpiresByType text/html "access plus 1 years"
ExpiresByType image/png "access plus 1 years"
ExpiresByType application/javascript "access plus 1 years"

ProxyRequests On

SSLProxyEngine On
SSLProxyVerify none
SSLVerifyClient none
SSLProxyProtocol TLSv1.2
SSLProxyCheckPeerName off
SSLProxyCACertificateFile /usr/local/share/ca-certificates/ca.crt
SSLVerifyDepth 10
ProxyPass / http://target_proxy:9999/
ProxyPassReverse / http://target_proxy:9999/


thanks for any help
Re: cannot use cache in forward proxy configuration [ In reply to ]
covener at gmail
Jan 24, 2023, 7:31 AM
Post #2 of 11 (759 views)
Permalink
> CacheEnable disk /

https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable

I think you need a non-/ argument here for forward proxy

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot use cache in forward proxy configuration [ In reply to ]
lbcbash at gmail
Jan 24, 2023, 8:34 AM
Post #3 of 11 (759 views)
Permalink
thanks for your help
AH00526: Syntax error on line 8 of /home/conf/proxy.conf:
CacheEnable provider (disk) is missing an URL.

the line 8:
CacheEnable disk


Le mar. 24 janv. 2023 à 16:32, Eric Covener <covener@gmail.com> a écrit :

> > CacheEnable disk /
>
> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
>
> I think you need a non-/ argument here for forward proxy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: cannot use cache in forward proxy configuration [ In reply to ]
covener at gmail
Jan 24, 2023, 8:38 AM
Post #4 of 11 (759 views)
Permalink
The manual has examples of what the 2nd arg should be.

On Tue, Jan 24, 2023 at 11:35 AM bc BC <lbcbash@gmail.com> wrote:
>
> thanks for your help
> AH00526: Syntax error on line 8 of /home/conf/proxy.conf:
> CacheEnable provider (disk) is missing an URL.
>
> the line 8:
> CacheEnable disk
>
>
> Le mar. 24 janv. 2023 à 16:32, Eric Covener <covener@gmail.com> a écrit :
>>
>> > CacheEnable disk /
>>
>> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
>>
>> I think you need a non-/ argument here for forward proxy
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>


--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot use cache in forward proxy configuration [ In reply to ]
lbcbash at gmail
Jan 24, 2023, 8:47 AM
Post #5 of 11 (759 views)
Permalink
i tried in a location

<Location "/">
CacheEnable disk</Location>

this too:
CacheEnable disk "https://*"

CacheEnable disk "http://*"

CacheEnable disk "http://The_PROXY_IP"

apache is running, proxy is working but my cache is remains empty

any suggestion appreciated

thank you




Le mar. 24 janv. 2023 à 17:39, Eric Covener <covener@gmail.com> a écrit :

> The manual has examples of what the 2nd arg should be.
>
> On Tue, Jan 24, 2023 at 11:35 AM bc BC <lbcbash@gmail.com> wrote:
> >
> > thanks for your help
> > AH00526: Syntax error on line 8 of /home/conf/proxy.conf:
> > CacheEnable provider (disk) is missing an URL.
> >
> > the line 8:
> > CacheEnable disk
> >
> >
> > Le mar. 24 janv. 2023 à 16:32, Eric Covener <covener@gmail.com> a écrit
> :
> >>
> >> > CacheEnable disk /
> >>
> >> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
> >>
> >> I think you need a non-/ argument here for forward proxy
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
>
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: cannot use cache in forward proxy configuration [ In reply to ]
lbcbash at gmail
Feb 9, 2023, 3:17 AM
Post #6 of 11 (746 views)
Permalink
hello
still stucked on this

i tried to compile the last version of apache just to be sure
Server version: Apache/2.4.55 (Unix)
Server built: Feb 7 2023 17:13:57
Server's Module Magic Number: 20120211:126
Server loaded: APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.36 2020-12-04
Compiled using: APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.36 2020-12-04
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_PROC_PTHREAD_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/home/bin/httpd24"
-D SUEXEC_BIN="/home/bin/httpd24/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

is there any suggestion on this ?

thanks


Le mar. 24 janv. 2023 à 17:47, bc BC <lbcbash@gmail.com> a écrit :

> i tried in a location
>
> <Location "/">
> CacheEnable disk</Location>
>
> this too:
> CacheEnable disk "https://*"
>
> CacheEnable disk "http://*"
>
> CacheEnable disk "http://The_PROXY_IP"
>
> apache is running, proxy is working but my cache is remains empty
>
> any suggestion appreciated
>
> thank you
>
>
>
>
> Le mar. 24 janv. 2023 à 17:39, Eric Covener <covener@gmail.com> a écrit :
>
>> The manual has examples of what the 2nd arg should be.
>>
>> On Tue, Jan 24, 2023 at 11:35 AM bc BC <lbcbash@gmail.com> wrote:
>> >
>> > thanks for your help
>> > AH00526: Syntax error on line 8 of /home/conf/proxy.conf:
>> > CacheEnable provider (disk) is missing an URL.
>> >
>> > the line 8:
>> > CacheEnable disk
>> >
>> >
>> > Le mar. 24 janv. 2023 à 16:32, Eric Covener <covener@gmail.com> a
>> écrit :
>> >>
>> >> > CacheEnable disk /
>> >>
>> >> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
>> >>
>> >> I think you need a non-/ argument here for forward proxy
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>>
>>
>> --
>> Eric Covener
>> covener@gmail.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
Re: cannot use cache in forward proxy configuration [ In reply to ]
Antony.Stone at apache
Feb 9, 2023, 3:24 AM
Post #7 of 11 (746 views)
Permalink
On Tuesday 24 January 2023 at 16:47:17, bc BC wrote:

> i tried in a location
>
> <Location "/">
> CacheEnable disk</Location>
>
> this too:
> CacheEnable disk "https://*"
>
> CacheEnable disk "http://*"
>
> CacheEnable disk "http://The_PROXY_IP"
>
> apache is running, proxy is working but my cache is remains empty
>
> any suggestion appreciated

1. Did you try http:// without the asterisk?

2. Did you try http://some.web.site and then visit that website?


Antony.

--
"Hi, I've found a fault with the English language and I need an entomologist."
"I think you mean an etymologist."
"No. It's a bug, not a feature."

Please reply to the list;
please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot use cache in forward proxy configuration [ In reply to ]
lbcbash at gmail
Feb 9, 2023, 4:24 AM
Post #8 of 11 (746 views)
Permalink
Thanks for your suggestion

1) yes, but same issue

2) i just tried now, and cache remains empty, and no log about caching on
debug mode

4.0 KiB [##########] /mod_cache_lock
4.0 KiB [##########] /mod_cache_disk

here is the cache config for httpd:

https://pastebin.com/Vk7F352p



Le jeu. 9 févr. 2023 à 12:26, Antony Stone <
Antony.Stone@apache.open.source.it> a écrit :

> On Tuesday 24 January 2023 at 16:47:17, bc BC wrote:
>
> > i tried in a location
> >
> > <Location "/">
> > CacheEnable disk</Location>
> >
> > this too:
> > CacheEnable disk "https://*"
> >
> > CacheEnable disk "http://*"
> >
> > CacheEnable disk "http://The_PROXY_IP"
> >
> > apache is running, proxy is working but my cache is remains empty
> >
> > any suggestion appreciated
>
> 1. Did you try http:// without the asterisk?
>
> 2. Did you try http://some.web.site and then visit that website?
>
>
> Antony.
>
> --
> "Hi, I've found a fault with the English language and I need an
> entomologist."
> "I think you mean an etymologist."
> "No. It's a bug, not a feature."
>
> Please reply to the
> list;
> please *don't* CC
> me.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: cannot use cache in forward proxy configuration [ In reply to ]
Antony.Stone at apache
Feb 9, 2023, 4:30 AM
Post #9 of 11 (746 views)
Permalink
On Thursday 09 February 2023 at 12:24:44, bc BC wrote:

> Thanks for your suggestion
>
> 1) yes, but same issue
>
> 2) i just tried now, and cache remains empty, and no log about caching on
> debug mode

I would recommend testing with http:// only to start with - don't complicate
things by using https:// until the unencrypted version work.

Can you confirm that the website address you put in the configuration file is one
for which your machine is acting as a forward proxy?


Antony.

--
Neurotics build castles in the sky;
Psychotics live in them;
Psychiatrists collect the rent.


Please reply to the list;
please *don't* CC me.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot use cache in forward proxy configuration [ In reply to ]
covener at gmail
Feb 9, 2023, 4:45 AM
Post #10 of 11 (746 views)
Permalink
On Thu, Feb 9, 2023 at 7:31 AM Antony Stone
<Antony.Stone@apache.open.source.it> wrote:
>
> On Thursday 09 February 2023 at 12:24:44, bc BC wrote:
>
> > Thanks for your suggestion
> >
> > 1) yes, but same issue
> >
> > 2) i just tried now, and cache remains empty, and no log about caching on
> > debug mode
>
> I would recommend testing with http:// only to start with - don't complicate
> things by using https:// until the unencrypted version work.
>
> Can you confirm that the website address you put in the configuration file is one
> for which your machine is acting as a forward proxy?

Forward-proxy for HTTPS usually uses the CONNECT protocol to tunnel
through the proxy.
Apache never sees requests and responses. Not cacheable.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: cannot use cache in forward proxy configuration [ In reply to ]
lbcbash at gmail
Feb 9, 2023, 4:58 AM
Post #11 of 11 (746 views)
Permalink
With your help, now i've got something, i found a *http only* website with
images: http://www.zoomify.com/
in my conf, i have:
CacheEnable disk http://

and now i can see logs about caching, with hit and miss =)

about the Eric answer
"Forward-proxy for HTTPS usually uses the CONNECT protocol to tunnel
through the proxy.
Apache never sees requests and responses. Not cacheable."

is there any workaround for this?

i'm using a home ca-certificates, apache is acting as a MITM, and there is
no security considerations with this project
SSLProxyCACertificateFile /usr/local/share/ca-certificates/ca.crt

thanks again,




Le jeu. 9 févr. 2023 à 13:31, Antony Stone <
Antony.Stone@apache.open.source.it> a écrit :

> On Thursday 09 February 2023 at 12:24:44, bc BC wrote:
>
> > Thanks for your suggestion
> >
> > 1) yes, but same issue
> >
> > 2) i just tried now, and cache remains empty, and no log about caching on
> > debug mode
>
> I would recommend testing with http:// only to start with - don't
> complicate
> things by using https:// until the unencrypted version work.
>
> Can you confirm that the website address you put in the configuration file
> is one
> for which your machine is acting as a forward proxy?
>
>
> Antony.
>
> --
> Neurotics build castles in the sky;
> Psychotics live in them;
> Psychiatrists collect the rent.
>
>
> Please reply to the
> list;
> please *don't* CC
> me.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal