The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL (with the OpenSSL disclaimer) - no warranty, it's free to use, copy and give away.
What Pound is:
1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end browsers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. an HTTP/1.1 proxy: Pound will accept requests from HTTP/1.1 clients on one connection even if the back-end server is HTTP/1.0. Connections to the server will be reopened as necessary.
6. a failover-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
7. a request redirector: requests may be distributed among servers according to the requested URL and the presence or absence of headers, based on pattern matching.
Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine.
What Pound is not:
1. Pound is not a Web server: by itself, Pound serves no content - it contacts the back-end server(s) for that purpose.
2. Pound is not a Web accelerator: no caching is done - every request is passed "as is" to a back-end server. Some speed-ups may be achieved by the HTTP/1.1 to HTTP/1.0 proxying though.
