Beat Traffic into Shape with Pound

Get to know this reverse proxy load balancer for web traffic with SSL support.

The great thing about Open Source is the large variety of choices you have to solve a particular problem. Previously, the September 2006 “Tech Support” introduced Perlbal, a Perl-based reverse proxy load balancer written by Danga. This month, let’s look at another reverse proxy load balancer named Pound.

Pound was written with security in mind, so the daemon is very small, can run in a chroot jail, and runs setuid as a non- root user. Pound is also an SSL wrapper and HTTP(S) sanitizer. You can download Pound here. It’s provided per the terms of the GNU Public License.

After downloading and unpacking the source tarball, installation is the standard ./configure&&make&&make install. (If you plan on utilizing Pound’s SSL support, specify ./configure ––with-ssl. Look for the pound executable in /usr/local/sbin and look for the configuration file, pound.cfg, in /usr/local/etc.

If you’re using Pound in a highly-trafficked transaction environment, you can boost performance if the Perl Comparible Regular Expression (PCRE) package is installed, and if you like against the tcmalloc library found in the Google perftools package.

Next, configure Pound. Here’s a simple pound.cfg file:

Port 80
	Port 80
	Port 80

This instructs Pound to listen on the public IP address and pass requests evenly to the two backend machines named with Service. If the machines have significantly different resources available to them, you can alter the odds of a server being chosen with the Priority directive. Values may be 1 through 9, where the value 9 means use most often, and the value 1 means least frequent. Pound balances servers dynamically: if a server goes down, Pound automatically removes the system from the pool of available servers.

Many web applications use sessions and Pound can track sessions between a client browser and the host backend server. Pound supports five techniques: client IP address, basic authentication, URL parameter, cookie value, and header value. Only one session definition is allowed per Service.

For example, to use client IP-based tracking that keeps sessions active for ten minutes, add the following to your Pound config file:

  Type IP
  TTL 600

To harden Pound, run the daemon as a non-privileged user. To do this, use the User and Group directives to specify the user and group, respectively:

User    "nobody"
Group   "nobody"

Additionally, you should consider running Pound in a chroot jail, which precludes the daemon from accessing any files outside those in the jail.

To help test and refine your configuration, you can increase the LogLevel parameter to extract extra information.

Keep in mind that after adding Pound into your network setup, your backend servers will log the IP address of your Pound machine instead of the client IP of the person browsing your site. As a general rule, Pound passes all headers as set by the client to the backend servers, with two exceptions: Pound adds a X-Forwarded-For header, and may add information about the SSL certificate.

You can use the X-Forwarded-for header to update your logging mechanism to record the correct information.

For example, If you’re using Apache combined logging, replace the letter h (remote host) with:


In addition to the baseline features listed here, Pound also supports HTTPS decryption, WebDAV, dynamic rescaling, arbitrary regular expression rules for selecting backends, and more. The man page for pound provides a detailed description of every option available and is worth taking the time to read through.

Comments on "Beat Traffic into Shape with Pound"


Nice one, in deed. It worked great.

I usually do not write a lot of responses, however i did a few searching and wound up here
Beat Traffic into Shape with Pound | Linux Magazine. And I do have 2 questions for you if you tend not to mind.
Could it be just me or does it seem like a few of these comments come across like they are
coming from brain dead people? :-P And, if you are posting at
other online sites, I would like to keep up with everything new you have to post.
Would you list of every one of all your social
pages like your twitter feed, Facebook page or linkedin profile?

It is perfect time to make some plans for the future and it is time to be happy. I have read this post and if I could I want to suggest you few interesting things or tips. Maybe you could write next articles referring to this article. I wish to read even more things about it!

Hey! I know this is somewhat off topic but I was wondering which blog platform are you using for this site? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at alternatives for another platform. I would be great if you could point me in the direction of a good platform.

“Thanks again for the blog article.Thanks Again. Awesome.”

Leave a Reply