Passing The Packets - Administration

Apache can function as both a "forward proxy" and a "reverse proxy". A forward proxy accepts client requests, forwards them to the Internet, and sends the responses back to the requesting client. A reverse proxy, on the other hand, provides an easy way to remap external URLs such that they appear to belong to the same domain space as the proxy itself, and to provide enhanced caching facilities at the proxy level (if that didn't make much sense, don't worry - I've explained it in detail a little further along).

Pop open the Apache configuration file, "httpd.conf", and add the following lines to it (for Apache 1.3):

<IfModule mod_proxy.c>
ProxyRequests On
<Directory proxy:*>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Directory>
</IfModule>

If you're using Apache 2.0, you should use this instead:

<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Proxy>
</IfModule>

Here, the

ProxyRequests On

tells Apache to activate its proxy services. It is followed by a

<Proxy>
...
</Proxy>

or

<Directory>
...
</Directory>

block, which contains rulesets for determining which clients can access these services. These are similar to firewall rules, which you may be familiar with already.

<Directory proxy:*>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Directory>

Note that the last line within the block specifies the IP addresses of clients allowed to use the proxy. In the example above, I've specified all clients on the 192.168.0.* network; you can just as easily restrict this to a list or range of specific IP addresses.

Once that's done, shut down and restart the server.

$ /usr/local/apache/bin/apachectl restart

Next, you need to tell clients on the network about the proxy server. In most cases, this involves popping open the client's configuration and setting the host name or IP address of the machine running the proxy server. Assuming that the proxy server is running on the machine identified by the IP address 192.168.0.10, here's what the configuration looks like in Internet Explorer,



and in Netscape Communicator.



Once the client configuration is complete, attempt to access an Internet resource - the client should make the request via the proxy (which should, obviously, be connected to the Internet), receive a response and display it to the user.

You can verify that the request is in fact being handled via the proxy by checking Apache's log files - if, for example, I used a browser on a networked machine to access the Melonfire Web site, here's what I'd see in the server logs:

192.168.0.143 - - [23/May/2002:15:35:52 +0530] "GET
http://www.melonfire.com/images/account_h.jpg HTTP/1.0" 200 5118
192.168.0.143 - - [23/May/2002:15:35:53 +0530] "GET
http://www.melonfire.com/images/community_h.jpg HTTP/1.0" 200 6772
192.168.0.143 - - [23/May/2002:15:35:56 +0530] "GET
http://www.melonfire.com/images/contact_h.jpg HTTP/1.0" 502 519
192.168.0.143 - - [23/May/2002:15:36:02 +0530] "GET
http://www.melonfire.com/images/logo1.jpg HTTP/1.0" 200 6988
192.168.0.143 - - [23/May/2002:15:36:02 +0530] "GET
http://www.melonfire.com/images/teasers/3.jpg HTTP/1.0" 502 519
192.168.0.143 - - [23/May/2002:15:36:04 +0530] "GET
http://www.melonfire.com/images/company_n.jpg HTTP/1.0" 200 6298
192.168.0.143 - - [23/May/2002:15:36:05 +0530] "GET
http://www.melonfire.com/images/community_n.jpg HTTP/1.0" 200 5971
192.168.0.143 - - [23/May/2002:15:36:05 +0530] "GET
http://www.melonfire.com/images/go.jpg HTTP/1.0" 200 7002 192.168.0.143
- - [23/May/2002:15:36:06 +0530] "GET
http://www.melonfire.com/images/services_n.jpg HTTP/1.0" 200 5817
192.168.0.143 - - [23/May/2002:15:36:07 +0530] "GET
http://www.melonfire.com/images/account_n.jpg HTTP/1.0" 200 3820

>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire

blog comments powered by Disqus