Using Apache As A Proxy Server - Passing The Packets (
Page 3 of 7 )
Apache can function as both a
"forward proxy" and a "reverse proxy". A forward proxy accepts client requests,
forwards them to the Internet, and sends the responses back to the requesting
client. A reverse proxy, on the other hand, provides an easy way to remap
external URLs such that they appear to belong to the same domain space as the
proxy itself, and to provide enhanced caching facilities at the proxy level (if
that didn't make much sense, don't worry - I've explained it in detail a little
further along).
Pop open the Apache configuration file, "httpd.conf", and
add the following lines to it (for Apache 1.3):
<IfModule mod_proxy.c>
ProxyRequests On
<Directory proxy:*>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Directory>
</IfModule>If you're using Apache 2.0, you should use this instead:
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Proxy>
</IfModule>Here, the
ProxyRequests On
tells Apache to activate its proxy services. It is followed
by a
<Proxy>
...
</Proxy>
or
<Directory>
...
</Directory>
block, which contains rulesets for determining which clients
can access these services. These are similar to firewall rules, which you may be
familiar with already.
<Directory proxy:*>
Order deny,allow
Deny from all
Allow from 192.168.0.0/255.255.255.0
</Directory>Note that the last line within the block specifies the IP
addresses of clients allowed to use the proxy. In the example above, I've
specified all clients on the 192.168.0.* network; you can just as easily
restrict this to a list or range of specific IP addresses.
Once that's
done, shut down and restart the server.
$ /usr/local/apache/bin/apachectl restart
Next, you need to tell clients on the network about the proxy
server. In most cases, this involves popping open the client's configuration and
setting the host name or IP address of the machine running the proxy server.
Assuming that the proxy server is running on the machine identified by the IP
address 192.168.0.10, here's what the configuration looks like in Internet
Explorer,
and in Netscape
Communicator.
Once the client configuration
is complete, attempt to access an Internet resource - the client should make the
request via the proxy (which should, obviously, be connected to the Internet),
receive a response and display it to the user.
You can verify that the
request is in fact being handled via the proxy by checking Apache's log files -
if, for example, I used a browser on a networked machine to access the Melonfire
Web site, here's what I'd see in the server logs:
192.168.0.143 - - [23/May/2002:15:35:52 +0530] "GET
http://www.melonfire.com/images/account_h.jpg HTTP/1.0" 200 5118
192.168.0.143 - - [23/May/2002:15:35:53 +0530] "GET
http://www.melonfire.com/images/community_h.jpg HTTP/1.0" 200 6772
192.168.0.143 - - [23/May/2002:15:35:56 +0530] "GET
http://www.melonfire.com/images/contact_h.jpg HTTP/1.0" 502 519
192.168.0.143 - - [23/May/2002:15:36:02 +0530] "GET
http://www.melonfire.com/images/logo1.jpg HTTP/1.0" 200 6988
192.168.0.143 - - [23/May/2002:15:36:02 +0530] "GET
http://www.melonfire.com/images/teasers/3.jpg HTTP/1.0" 502 519
192.168.0.143 - - [23/May/2002:15:36:04 +0530] "GET
http://www.melonfire.com/images/company_n.jpg HTTP/1.0" 200 6298
192.168.0.143 - - [23/May/2002:15:36:05 +0530] "GET
http://www.melonfire.com/images/community_n.jpg HTTP/1.0" 200 5971
192.168.0.143 - - [23/May/2002:15:36:05 +0530] "GET
http://www.melonfire.com/images/go.jpg HTTP/1.0" 200 7002 192.168.0.143
- - [23/May/2002:15:36:06 +0530] "GET
http://www.melonfire.com/images/services_n.jpg HTTP/1.0" 200 5817
192.168.0.143 - - [23/May/2002:15:36:07 +0530] "GET
http://www.melonfire.com/images/account_n.jpg HTTP/1.0" 200 3820
/ 22 
