# Paste the following fragment into the <VirtualHost> section intended for
# proxying HTTP(S) requests and caching the responses. See INSTALL-PROXY for
# details.
#
# List of modules used:
#
#   rewrite
#   headers
#   ssl
#   proxy
#   proxy_http
#   cache
#   cache_disk
#

        # Enable the rewrite rules functionality.
        #
        <IfModule !rewrite_module>
          Error "rewrite_module is not enabled"
        </IfModule>

        RewriteEngine  on
        RewriteOptions AllowAnyURI

        # Make sure that the HTTP header management functionality is enabled.
        #
        <IfModule !headers_module>
          Error "headers_module is not enabled"
        </IfModule>

        # Enable the HTTP proxy.
        #
        <IfModule !proxy_module>
          Error "proxy_module is not enabled"
        </IfModule>

        <IfModule !proxy_http_module>
          Error "proxy_http_module is not enabled"
        </IfModule>

        ProxyRequests On

        # Enable SSL/TLS API usage for querying HTTPS URLs.
        #
        <IfModule !ssl_module>
          Error "ssl_module is not enabled"
        </IfModule>

        SSLProxyEngine on

        # Optional: prevent non-authorized proxy usage, for example:
        #
        # <Proxy *>
        #   Require ip 10.5
        # </Proxy>

        # Accept only the HTTP GET method and respond with the 403 HTTP status
        # code (Forbidden) for other methods.
        #
        RewriteCond %{REQUEST_METHOD} !GET
        RewriteRule .* - [F]

        # Optional: restrict the URL set allowed for proxying, for example:
        #
        # RewriteCond %{HTTP_HOST} !(.+\.)?example.org
        # RewriteRule .* - [F]

        # Convert the http scheme to https for URLs being proxied.
        #
        # To prevent the conversion we can exclude certain hosts. For example:
        #
        # RewriteCond %{HTTP_HOST} !(.+\.)?example.org [OR]
        # RewriteCond %{HTTP_HOST} !(.+\.)?example.net
        #
        # Or check for a custom header value. Note that this header should not
        # be forwarded to the origin server. For example:
        #
        # RewriteCond %{HTTP:X-Preserve-HTTP} !(1|on|true) [NC]
        # RequestHeader unset X-Preserve-HTTP
        #
        RewriteRule ^proxy:http://(.*)$ "https://$1" [P]

        # Enable the disk storage-based cache.
        #
        <IfModule !cache_module>
          Error "cache_module is not enabled"
        </IfModule>

        <IfModule !cache_disk_module>
          Error "cache_disk_module is not enabled"
        </IfModule>

        CacheEnable disk "http://"

        # Specify the cache root directory and make sure it is writable by the
        # user under which Apache2 is running.
        #
        # Note that if there are no other proxies enabled for the WEB server,
        # you can probably specify (you still have to specify it) the default
        # cache directory (/var/cache/apache2/mod_cache_disk for Debian/Ubuntu
        # and /var/cache/httpd/proxy for Fedora/RHEL).
        #
        CacheRoot

        # Cache entry maximum size (in bytes).
        #
        CacheMaxFileSize 100000000

        # Prevent duplicate caching of responses for the same simultaneously
        # proxied URL. Specify an appropriate per-URL lock timeout (in
        # seconds) to avoid stalled downloads from keeping the entries
        # uncached.
        #
        CacheLock       on
        CacheLockMaxAge 600

        # Always validate an existing cache entry by querying the origin
        # server.
        #
        # We do this by injecting the request header which always declares the
        # existing cache entry as potentially stale (ignoring Expire response
        # header and Cache-Control header's max-age field) which should also
        # be propagated through all the upstream proxies forcing them to
        # validate the resource freshness.
        #
        # Note that this relies on both the proxy and origin servers correctly
        # supporting conditional requests based on entity tags (ETag HTTP
        # response and If-None-Match HTTP request headers) or less accurate
        # entity modification times (Last-Modified HTTP response and
        # If-Modified-Since HTTP request headers), which is normally the case
        # if both are running Apache. A proxy normally caches the ETag and/or
        # Last-Modified response header values alongside the cached entity and
        # adds If-None-Match and/or If-Modified-Since headers respectively to
        # the entity validation request. An origin server normally checks if
        # any of the ETag or Last-Modified headers changed for the entity and
        # responds with its full content, if that's the case, or with the 304
        # HTTP status code (Not Modified) otherwise (see the Apache Caching
        # Guide for details).
        #
        # Also note that to observe the injected header the cache handler
        # should not be configured as a quick handler.
        #
        RequestHeader     set Cache-Control max-age=0
        CacheQuickHandler off