Setting up a proxy web server with Apache
A proxy web server is something of a cross between a web server and a web client. As a server, it accepts requests from client systems. As a client, it passes on these requests to other web servers on behalf of its own clients. It can be thought of as an intermediary system that sites between clients and normal web servers in order to facilitate or streamline the process of retrieving web pages. The benefits of proxy servers are that 1) a proxy can reduce the overall web traffic for an organization -- especially when people tend to access the same sets of pages and 2) a proxy can be set up to provide access to web sites when individual desktops are otherwise restricted by a firewall from accessing the web.
By caching web pages, a proxy server can download a page once while providing it to any number of systems while reducing the fetch time for all but the first request. This advantage depends heavily on whether the web content is static or dynamic and, when dynamic, the extent to which it is dynamic.
Setting up a web proxy using Apache is surprisingly simple. First, you need to compile the Apache source using the --enable-module switch set to "proxy". After unzipping and extracting the contents of the tarball, use a command like this:
./configure --prefix=/usr/local/apache2proxy --enable-module=proxy
This command analyzes your system and creates a make file appropriate to your environment. You then compile and install your new proxy server in the usual way:
make
make install
At the completion of your install, you should expect to have a /usr/local/apache2proxy (I am calling this apache2proxy because it's Apache version 2.x and a proxy build) directory with the normal bin, cgi-bin, conf, htdocs, logs etc. subdirectories.
The configuration file for a web proxy can be surprsingly short. The directives that you actually need are very few. Here is an example of an httpd.conf file that provides everything that is required:
ServerRoot "/usr/local/apache2proxy"
Listen 10.1.2.3:8087
User nobody
Group nobody
ProxyRequests On
You don't need to use an unusual port such as 8087 (shown in the example above), but this is often the way proxies are configured. Keep in mind that this setting in no way influences the URLs that users will enter. This setting only determines how your clients will communicate with your proxy and not the URLs that the proxy will address on your clients' requests.
If you want an access log as well, add the format and location for your access log with the following commands:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" common
Start and restart your proxy server with the apachectl script that you will find in your bin directory and don't forget to install this same script in your /etc/rc* directories with names such as /etc/init.d/apache2proxy, /etc/rc3.d/Sapache2proxy and so on.
Your users' browsers will have to be specially configured to use your proxy. This involves telling the systems to use the proxy and identifying the proxy server and the port on which it is running.
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
