4.7.4 Note

Organization of this subsection

(1) Basic points to be noted
(2) Points to be noted for the ProxyPass directive
(3) Notes for the ProxyPassReverse directive
(4) Notes for the HWSProxyPassReverseCookie directive
(5) Points to be noted for performance

(1) Basic points to be noted

The reverse proxy sets the functions according to request URL patterns. So, you can specify settings so that the reverse proxy forwards specific requests to other backend servers as a reverse proxy and responds to other requests as a Web server. However, the settings make it unclear whether the requests are processed by the reverse proxy or by the Web server. Therefore, when you use a reverse proxy, we recommend that you specify the following settings to forward all the requests from the reverse proxy to the backend server.
```
ProxyPass / http://forwarding-destination-backend-server-address/
```
If you use a reverse proxy and a Web server together, you can separate the functionality amongst the virtual hosts.
The reverse proxy stores the Host header value received from the client into the X-Forwarded-Host header, converts the Host header value to the specification value of the ProxyPass directive, and then forwards the converted value to the backend server. If you want to refer to the Host header value sent by the client on the backend server, refer to the X-Forwarded-Host header value sent by the reverse proxy. However, if the ProxyPreserveHost directive is set to On, directly refer to the Host header sent by the reverse proxy.

When you access the backend server via the reverse proxy, you must specify not the URL of the backend server, but the URL to which the reverse proxy accesses the HTML content provided by the backend server. When you enter the reference URL for content such as images and style sheets, the same care must be taken.

Example:

Set up the link from the index.html to index2.html in the following states:

On the reverse proxy, the ProxyPass directive value is specified as /before/ http://backend-server-address/after/.
On the backend server, both index.html and index2.html exist in the same directory (/after/ below).

The following table shows the relationship between the coding method and accessibility of index.html:

Table 4‒10: Relationship between the coding method and accessibility of link
Coding of link	Accessibility when link is clicked
<A HREF="index2.html">link</A>	Y
<A HREF="/before/index2.html">link</A>	Y
<A HREF="http://reverse proxy address/before/index2.html">link</A>	Y
<A HREF="/after/index2.html">link</A>	N

Reverse proxy does not support HTTP version 0.9.
When a reverse proxy receives a request from a client, the reverse proxy stores the sender IP address in the X-Forwarded-For header and forwards the header to the back-end server.

Therefore, if an application on the back-end server needs to reference the client's sender IP address, make sure that the application references the X-Forwarded-For header forwarded by the reverse proxy.

To Page Top

(2) Points to be noted for the ProxyPass directive

When the path name specified in the ProxyPass directive and the request URL are same, or when the path name is included from the beginning of request URL, the path name is determined as matching.

However, when there is no forward slash (/) at the end of path name and if the path name matches exactly with the request URL, or the path name is included from the beginning as the directory, the path name is determined as matching.

If the path name is matching, delete the beginning part of URL that is similar to the path name and add the remaining part to the path name that is specified in the ProxyPass directive, and then send the request.

In the ProxyPass directive, specify a path name that ends with a forward slash (/). The following table describes the relationship between specifications of ProxyPass directive and the request:

Table 4‒11: Relationship between specifications of ProxyPass directive and request
Example of ProxyPass directive specification	Request	Match	Location where request is forwarded
ProxyPass /abc/ http://backend.example.com/	http://reverse proxy address/abc/	Y	http://backend.example.com/
	http://reverse proxy address/abc	N	--
	http://reverse proxy address/abc/def	Y	http://backend.example.com/def
ProxyPass /abc http://backend.example.com/	http:// reverse proxy address /abc	Y	http://backend.example.com/
	http:// reverse proxy address /abc/	Y	http://backend.example.com//
	http:// reverse proxy address /abc/def	Y	http://backend.example.com//def

Legend:

Y: Match.

N: Does not match.

--: Not applicable.

If you specify multiple ProxyPass directives and the requested URL matches with multiple path names, the ProxyPass directive that is specified first is applied.

Example:

Backend server that processes requests for /abc/def/: backend1.example.com

Backend server that processes requests for /abc/ other than to /abc/def/: backend2.example.com

Backend server that processes all other requests: backend3.example.com

Specify these settings in the following sequence:
```
ProxyPass /abc/def/ http://backend1.example.com/
ProxyPass /abc/ http://backend2.example.com/
ProxyPass / http://backend3.example.com/
```
The request URL specified in the ProxyPass directive is forwarded before performing the corresponding file search in the local process, which is a feature of the Web server. Therefore, when the request URL matches the path name specified in the ProxyPass directive, even if a file matching the request URL exists, the request URL is converted into a backend server request, and then forwarded to the backend server.
If the specified directory in a request URL is not closed by a forward slash (/), the reverse proxy does not respond with the redirect.

Example: In the case of ProxyPass /ab/ http://backend.example.com/

If a request of http://reverse proxy is address/ab, the request does not match, and if /ab is not available in the reverse proxy, the Web server responds with '404 Not Found'.
If the forwarding-destination URL in a ProxyPass directive includes the forwarding-destination URL in a subsequent ProxyPass directive, the values specified by keys in the prior ProxyPass directive are shared by the subsequent ProxyPass directive. Therefore, no key values can be specified in the subsequent ProxyPass directive.

Example:
```
ProxyPass /test1/ http://backend.example.com:81/AAA/                  (1)
ProxyPass /test2/ http://backend.example.com:81/AAA/BBB/  timeout=10  (2)
```
The forwarding-destination URL in the ProxyPass directive in (1) includes the forwarding-destination URL in the ProxyPass directive in (2). Therefore, the values specified by keys in the directive in (1) are shared by the directive in (2). No key values can be specified in the subsequent directive in (2).

To Page Top

(3) Notes for the ProxyPassReverse directive

If the URL specified in the ProxyPassReverse directive and the Location header value received from the backend server are exactly same, or if the URL includes the prefix of the request URL, the URL specified in the ProxyPassReverse directive and the Location header value are seen as matching. If they match, the address is sent to the client as the reverse proxy according to the specification of the ProxyPassReverse directive.

(Example) When the Location header sent as a response by the backend server is Location: http://backend-server-address/docs/memo/

If the ProxyPassReverse directive is set to ProxyPassReverse /path/ http://backend-server-address/docs/, the Location header to be returned to the client is Location: http://reverse-proxy-address/path/memo/.

If you specify multiple ProxyPassReverse directives, the directive that is specified first is applied.
When the reverse proxy changes the value of Location header according to the value set in ProxyPassReverse directive and forwards it to the client, set the value used in the current connection for the Location header scheme. For example, http is set when accessing by http. Therefore, when a request is redirected to https by using the Location header at the time of access via http, set the host name of the reverse proxy to the Location header value on the backend server to prevent the Location header from matching the value of the ProxyPassReverse directive.

To Page Top

(4) Notes for the HWSProxyPassReverseCookie directive

The HWSProxyPassReverseCookie directive is specified to convert the Set-Cookie header sent by the backend server as a response. By setting the same value as the path name of the ProxyPass directive for the HWSProxyPassReverseCookie directive, the Set-Cookie header is converted for each ProxyPass directive.

The table below explains the conversion rules of the Set-Cookie header when the directives of the reverse proxy are specified as follows:

ProxyPass /front/ http://backend.example.com/
HWSProxyPassReverseCookie /front/

Table 4‒12: Conversion rules of the Set-Cookie header
#	Set-Cookie header sent to the client as a response	Set-Cookie header sent by the backend server as a response	Explanation for the conversion rule
1	Set-Cookie: ~; path=/front/	Set-Cookie: ~; path=/	When the domain name is not specified in the Set-Cookie header received from the backend server, the reverse proxy replaces the forward slash (/) of the path name in the Set-Cookie header with /front/.
2	Set-Cookie: ~; path=/front/	Set-Cookie: ~; domain=backend.example.com; path=/	When the domain name in the Set-Cookie header received from the backend server matches the domain name of the forwarding destination URL specified in the ProxyPass directive exactly, the reverse proxy replaces the forward slash (/) of the path name in the Set-Cookie header to /front/. The reverse proxy deletes the domain name in the Set-Cookie header, and then sends the Set-Cookie header to the client.
3	Set-Cookie: ~; domain=.example.com; path=/	Set-Cookie: ~; domain=.example.com; path=/	When the domain name in the Set-Cookie header received from the backend server starts with a period (.), the reverse proxy sends the Set-Cookie header received from the backend server to the client without any change.
4	Set-Cookie: ~; domain=other.example.com; path=/	Set-Cookie: ~; domain=other.example.com; path=/	When the domain name in the Set-Cookie header received from the backend server differs from the domain name of the forwarding destination URL specified in the ProxyPass directive, the reverse proxy sends the Set-Cookie header received from the backend server to the client without any changes.
5	Set-Cookie: ~	Set-Cookie: ~	When the domain name and the path name are not specified in the Set-Cookie header, the reverse proxy sends the Set-Cookie header received from the backend server without any changes.

Here are explanations for the conversion rules of the Set-Cookie header when the directives of the reverse proxy are specified as follows:
```
ProxyPass /front/ http://backend.example.com/abc/def/
HWSProxyPassReverseCookie /front/
```
- When the path name sent by the backend server is /abc/def/ghi/
  
  When the path name of the forwarding destination URL specified in the ProxyPass directive matches the prefix of the path name set in the Set-Cookie header, the matched part of the path name in the Set-Cookie header is replaced to the path name specified in the ProxyPass directive.
- The path name of the Set-Cookie header sent by the backend server is /abc/
  
  When the path name set in the Set-Cookie header matches the prefix of the path name of the forwarding destination URL specified in the ProxyPass directive, the path name in the Set-Cookie header is replaced to the path name in the ProxyPass directive.
- The path name of the Set-Cookie header sent by the backend server is /abc/xxx/
  
  When the path name of the forwarding destination URL specified in the ProxyPass directive does not match the path name set in the Set-Cookie header, the reverse proxy does not perform the Set-Cookie header conversion. The reverse proxy sends the Set-Cookie header received from the backend server to the client without any change.

To Page Top

(5) Points to be noted for performance

When the document name or the host name is specified in the ProxyPass directive, a DNS query is generated. If you already know the IP address of the backend server, you can reduce the time for resolving the name by mentioning the IP address in the hosts file in advance.

The maximum number of connections that can be established with the back-end server is calculated by using the following formula.

In Windows:

Maximum number of connections =
  Value specified in the ThreadsPerChild directive × Number of defined ProxyPass directives (excluding those that share settings with other ProxyPass directives)

In UNIX:

Maximum number of connections =
  Value specified in the MaxClients directive × Number of defined ProxyPass directives (excluding those that share settings with other ProxyPass directives)

To Page Top