Welcome to the third and concluding part of the "Getting Started with Apache 2.0" series.
Before outlining the topics that I'll cover in the current article, let me quickly review what you learned in the last one. It started with a quick overview of the "main server" configuration section of the "httpd.conf" file. This was followed by an explanation of the log files generated by the Apache Web server and how to customize its entries. The article concluded with a section on how to set up "Virtual Hosts" - a feature that gives you the ability to run multiple websites on a single Apache Web server.
Today, I'll show you how to configure the Apache server as a "proxy server" for your local network and then, I'll talk about "URL Re-writing," a powerful feature that allows you to "re-write" requests to the Web server in real time. Next, I'll explain how you can configure "user-specific" directories on your Web server and finally, I'll wrap this series with introductions to some offbeat Apache modules with which you can experiment.
Letís get moving, shall we?
Apache As A Proxy Server
So far, I've only concentrated on the "Web server" capabilities of Apache. However, you'll be surprised to learn that your favorite software package can also be configured to run as a "proxy" server on your local network.
For the uninitiated, a "proxy" server - or a "forward proxy server," to be more specific - is a mechanism (a combination of hardware and/or software) that allows computers (a.k.a. clients) connected to a common network to access the World Wide Web, among other things, using a single connection to the Internet.
On the contrary, a "reverse proxy" server allows an Apache instance to map requests from Internet users to a local "namespace" without the need to configure the clients specifically. Network administrators, typically, configure reverse proxies to provide access to servers placed behind firewalls, to implement load balancing, to enable caching and so on.
Today I will only show you how to set up a "forward proxy server", but there is no reason to worry - you can learn more about "reverse proxies" by visiting the link provided at the end of this section.
Let's come back to the "mod_proxy" module. By default, this module is not enabled. Therefore, you'll have to recompile Apache using the following command:
Under the hood, the "proxy" features of Apache are driven by three different modules that work in tandem with the "mod_proxy" module: they are "mod_proxy_http", "mod_proxy_ftp" and "mod_proxy_connect." As the names suggest, the first allows Apache to serve HTTP proxy requests, the second serves FTP requests and the third module allows the server to service SSL requests using the CONNECT HTTP method.
You'll notice that I've listed only one module i.e. mod_proxy while compiling Apache. The reason is simple: all three modules are automatically enabled by the "--enable-proxy" option.
Alternatively, if you have compiled DSO support using the "-enable-so" option, as you would have done if you compiled Apache to work with PHP 5.0 - as outlined in the first part of this series - you can conveniently activate this module at run time using the "LoadModule" Apache directive, and avoid the tedious task of re-compiling the source code.
Once you've enabled the "mod_proxy" module, the focus shifts back to the ubiquitous "httpd.conf" configuration file. Add the following lines to the configuration file to set up Apache as a "forward proxy":
Restart the Apache Web server in order to allow the directives to take effect. Of course, you'll also need to configure the computers on the network to use the above machine - the IP Address of the machine running the proxy server should be more than sufficient - when connecting to the Internet.
Now, let me review the directives one-by-one: the "ProxyRequests" directive has to be set to "On" in order to enable Apache to function as a "forward" proxy server. The "Proxy" directive allows you to secure the proxy server by preventing unauthorized access, a recommended practice to prevent misuse. Note the use the wildcard character (*) with the "Proxy" directive in order to match all "proxied" content. Furthermore, this directive can also enclose the "Order," "Allow" and "Deny" directives in order to control access to the proxy server. Here, I would like to highlight the use of the "192.168.100.0/255.255.255.0" network/netmask combination, permitting access to specific group of computers on the network.
You can also use the "ProxyBlock" directive to restrict access to a particular URL or URLs that contain specific words. Take a look at the next listing:
As mentioned above, this "ProxyBlock" directive allows you to specify a list of hosts, domains and words that will be blocked by the proxy server. The above settings prevents HTTP and FTP access to the domain "hustler.com" as well as to any URL that contains the pattern "xxx".
Note that the proxy module will attempt to resolve all hosts, specified in the "ProxyBlock" directive, at startup. This exercise could result in a slight delay when Apache starts.
And before you proceed to the next section, donít forget to review the documentation at http://httpd.apache.org/docs-2.0/mod/mod_proxy.html for information on how to set up a "reverse" proxy.
blog comments powered by Disqus