LLMpediaThe first transparent, open encyclopedia generated by LLMs

mod_proxy

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Apache HTTP Server Hop 3
Expansion Funnel Raw 53 → Dedup 4 → NER 4 → Enqueued 3
1. Extracted53
2. After dedup4 (None)
3. After NER4 (None)
4. Enqueued3 (None)
Similarity rejected: 2
mod_proxy
Namemod_proxy
Developed byApache Software Foundation
Initial release1997
Latest releaseongoing
Programming languageC (programming language)
Operating systemUnix-like; Microsoft Windows
PlatformApache HTTP Server
LicenseApache License

mod_proxy mod_proxy is an HTTP proxy module for the Apache HTTP Server that provides forward and reverse proxying capabilities, load balancing, caching, and protocol translation. It integrates with multiple Apache subsystems and third-party modules to extend Apache HTTP Server functionality for web, streaming, and application delivery. Widely used in deployments alongside software from projects and organizations such as Nginx, Varnish, HAProxy, Tomcat (software), and Squid (software), it serves in architectures for content delivery, application gateways, and edge processing.

Overview

mod_proxy acts as a proxy and gateway within the Apache HTTP Server ecosystem, enabling HTTP, HTTPS, FTP, AJP, and WebSocket traffic handling. It interoperates with modules such as mod_ssl, mod_rewrite, mod_cache, and mod_security to provide TLS termination, request manipulation, caching policies, and request inspection. Operators commonly deploy mod_proxy in front of application servers like Apache Tomcat, JBoss, and GlassFish, or in front of content caches like Varnish, as part of stacks involving orchestration systems such as Kubernetes and Docker (software). Enterprises and projects including Wikipedia, WordPress, Reddit (website), and GitHub architectures have influenced proxying best practices.

Features and Modules

mod_proxy is modular: core capabilities are split into submodules including proxy_http, proxy_connect, proxy_ftp, proxy_ajp, and proxy_wstunnel. proxy_http handles HTTP/1.0 and HTTP/1.1 tunneling and header forwarding; proxy_connect enables SSL/TLS tunneling for outbound CONNECT requests; proxy_ajp bridges with Apache Tomcat via the AJP protocol; proxy_wstunnel supports WebSocket proxying. Integration modules include mod_proxy_balancer for load distribution, mod_slotmem_shm for shared state, and mod_lbmethod_byrequests for balancing algorithms. These modules interact with authentication providers such as LDAP directories, identity systems like OAuth 2.0, and logging backends used by ELK Stack components.

Configuration and Usage

Typical configuration uses ProxyPass and ProxyPassReverse directives to map incoming URIs to backend endpoints, alongside ProxyPreserveHost and ProxyRequests settings to control host header behavior and forward proxy mode. Administrators place rules within VirtualHost or server-wide contexts and often combine them with URL rewriting via mod_rewrite and TLS termination with mod_ssl. Load balancing is configured with ProxySet and BalancerMember definitions, enabling sticky sessions and health checks; deployments integrate with orchestration tools such as Ansible, Chef (software), and Puppet (software) for templated configuration. Monitoring and observability often rely on Prometheus, Grafana, and log aggregation into Splunk or ELK Stack.

Security and Performance Considerations

Security practices include strict use of TLS managed by mod_ssl or external terminators, application of request filtering via mod_security, and careful header sanitization to mitigate HTTP header injection and request smuggling. Administrators must tune timeout and buffer settings to protect against slowloris-style attacks documented in advisories from entities like MITRE and US-CERT. Performance optimization involves enabling connection reuse, adjusting KeepAlive and worker MPM parameters, offloading SSL to hardware or dedicated proxies such as HAProxy or Nginx, and combining with caching layers like Varnish or Squid (software). Benchmarks and capacity planning reference tools such as ApacheBench, wrk, and Siege (software).

Compatibility and Integration

mod_proxy supports backend protocols used by application servers including Apache Tomcat, Jetty, JBoss, and GlassFish, and interoperates with CDNs and cache layers from providers like Cloudflare and Akamai. It runs on platforms supported by the Apache HTTP Server project, including distributions maintained by Debian, Red Hat, Ubuntu, and CentOS. Integration with identity and access systems leverages standards and products such as OAuth 2.0, SAML 2.0, and directory services like OpenLDAP. In containerized environments, mod_proxy is frequently paired with service meshes and controllers such as Istio and Envoy (software) for advanced routing and observability.

History and Development

Development of mod_proxy began in the late 1990s as part of the Apache HTTP Server project to add proxy capabilities to the server core and evolved through contributions from volunteers and organizations coordinated by the Apache Software Foundation. Over successive Apache HTTP Server releases, the proxy subsystem was refactored to split protocol handlers into distinct submodules and to introduce modular balancer and slot memory components. Security hardening and feature additions have been influenced by incident reports and community contributions tied to events and advisories from bodies such as CERT Coordination Center and CVE. The module remains maintained by contributors in the Apache HTTP Server community and by ecosystem integrators from companies deploying large-scale web services.

Category:Apache HTTP Server modules