Using Aphace as Proxy Server

8/8/2019 Using Aphace as Proxy Server

1/15


2/15

Table of ContentsStill Waters Run Deep........................................................................................................................................1

A Little Drool.......................................................................................................................................................2

Getting Started....................................................................................................................................................3

Passing The Packets............................................................................................................................................5

Wheat And Chaff................................................................................................................................................9

Going Backwards..............................................................................................................................................11

Cache Cow.........................................................................................................................................................12

Endzone..............................................................................................................................................................13

Using Apache As A Proxy Server

i


3/15

Still Waters Run DeepUnless you've been cryogenically frozen for the last twenty years, you probably already know what Apache is.It's the planet's most popular Web server, with a humongouslyhigh number of Web sites relying on it toserve up content in a reliable and efficient manner. It has an enthusiastic fan following, an active developmentcommunity, and the love and loyalty of millions of Webmasters all over the planet.

The cool thing about Apache, though, is that it's not just a Web server. It can do lots of other things too andof its more interesting (though less wellknown) capabilities includes the ability to act as a proxy server forboth HTTP and FTP connections over a network.

If you didn't know about this, but are intrigued by the possibilities it opens up, or if you just want to take yourApache skills to the next level ("hey, Joe, did you know that you could use Apache to restrict certain machineson your network from accessing playboy.com?"), you've come to the right place. Over the next few pages, I'llbe exploring Apache's proxy module, guiding you through the process of installing, configuring and using it.Keep reading.

Still Waters Run Deep 1


4/15

A Little DroolFirst of all, the basics. What's a proxy, and why do you care?

A proxy is a piece of software that supports sending and receiving data on behalf of another application. It'san intermediate layer on your network that receives requests from within the networks, forwards them to theappropriate host, reads the response, and sends the response back to the requesting host or application withinthe network.

By functioning as a gateway to the public Internet, a proxy makes for more secure networks, and also allowsmultiple hosts on a network to share a single public IP address. So, if you have an office network consisting of multiple workstations, but only a single Internet connection, you can use a proxy to provide Internet access toall the workstations using the single IP address and single connection.

Since a proxy effectively carries the weight of serving all Internet traffic for a network, it can also be used todo a couple of other things. The first (and most interesting) is that it can substantially speed up your Internet

activity by caching, or locally saving, copies of frequentlyaccessed Web pages, and using these cachedcopies to serve client requests. This reduces latency, cuts down on Internet connectivity charges, and results ina more positive user experience all usually considered good things.

A proxy can also be used to monitor Internet traffic flowing in and out of a network, logging all requests inorder to gain a better understanding of how the Internet is being used; this data can be very useful, especiallyin corporate environments. And in the event that the data analysis reveals that most of the employees aregoofing off, wasting time and Internet packets on online comic strips or mindnumbing MUDs, a proxy caneven be configured to block access to certain sites, or block certain workstations for accessing the Web.

If you're a network administrator, the thought of all this power probably has you drooling. Wipe it up, and let's

get started.

A Little Drool 2


5/15

Getting StartedObviously, in order to do anything constructive with Apache, you need a copy of the source code. Drop byhttp://httpd.apache.org/ and get yourself the latest version (this article uses both Apache 1.3 and Apache 2.0).

Once you've got a source code archive, uncompress it into a directory on your system,

$ cd /tmp$ tar xzvf httpd2.0.36.tar.gz

and run the "configure" script in the newlycreated directory (for Apache 1.3):

$ ./configure enablemodule=proxy

If you're using Apache 2.0, you should use this instead:

$ ./configure enableproxy enableproxyftpenableproxyhttpenablecache enablediskcache

Once the source tree has been prepped, you can compile and install Apache with a quick

$ make$ make install

Apache should get installed to the default location of /usr/local/apache, unless you specified a differentlocation by adding the "prefix" parameter to the "configure" script.

If all goes well, you should now have a properlycompiled Apache Web server installed on your system.Check to make sure that the proxy module has been included in the build via a quick scan of the output of

"httpd l".

$ /usr/local/apache/bin/httpd lCompiledin modules:http_core.cmod_env.cmod_log_config.cmod_mime.cmod_negotiation.c

Getting Started 3
http://httpd.apache.org/http://httpd.apache.org/


6/15

mod_status.cmod_include.cmod_autoindex.cmod_dir.cmod_cgi.cmod_asis.cmod_imap.cmod_actions.cmod_userdir.cmod_alias.cmod_access.cmod_auth.cmod_proxy.cmod_setenvif.c

All that's left is to configure the proxy. Let's look at that next.


Getting Started 4


7/15


8/15


9/15

and in Netscape Communicator.

Once the client configuration is complete, attempt to access an Internet resource the client should make therequest via the proxy (which should, obviously, be connected to the Internet), receive a response and display itto the user.

You can verify that the request is in fact being handled via the proxy by checking Apache's log files if, for

example, I used a browser on a networked machine to access the Melonfire Web site, here's what I'd see in theserver logs:

192.168.0.143 [23/May/2002:15:35:52 +0530] "GEThttp://www.melonfire.com/images/account_h.jpg HTTP/1.0" 2005118192.168.0.143 [23/May/2002:15:35:53 +0530] "GEThttp://www.melonfire.com/images/community_h.jpg HTTP/1.0" 2006772192.168.0.143 [23/May/2002:15:35:56 +0530] "GET

http://www.melonfire.com/images/contact_h.jpg HTTP/1.0" 502519192.168.0.143 [23/May/2002:15:36:02 +0530] "GEThttps://reader010.{domain}/reader010/html5/0529/5b0d83854dd6b/5b0d838aa9086.jpg HTTP/1.0" 200 6988192.168.0.143 [23/May/2002:15:36:02 +0530] "GEThttps://reader010.{domain}/reader010/html5/0529/5b0d83854dd6b/5b0d838ae3000.jpg HTTP/1.0" 502519192.168.0.143 [23/May/2002:15:36:04 +0530] "GEThttp://www.melonfire.com/images/company_n.jpg HTTP/1.0" 2006298


Passing The Packets 7


10/15

192.168.0.143 [23/May/2002:15:36:05 +0530] "GEThttp://www.melonfire.com/images/community_n.jpg HTTP/1.0" 2005971192.168.0.143 [23/May/2002:15:36:05 +0530] "GEThttps://reader010.{domain}/reader010/html5/0529/5b0d83854dd6b/5b0d838be7a84.jpg HTTP/1.0" 200 7002192.168.0.143 [23/May/2002:15:36:06 +0530] "GEThttp://www.melonfire.com/images/services_n.jpg HTTP/1.0" 2005817192.168.0.143 [23/May/2002:15:36:07 +0530] "GEThttp://www.melonfire.com/images/account_n.jpg HTTP/1.0" 2003820


Passing The Packets 8


11/15

Wheat And ChaffThe ability to have all HTTP requests directed outside the network going through a single proxy, which iscompletely under your control, opens up some interesting possibilities. One of the most common onesinvolves using the proxy to filter out and reject requests for certain "bad" sites. Here's an example, which usesthe very powerful ProxyBlock directive to reject all requests for the Playboy Web site.

ProxyBlock .playboy.com

You can specify multiple sites by separating them with spaces.

ProxyBlock .playboy.com .badboy.com

You can block all sites in one swell foop with

ProxyBlock *

Obviously, this is kinda pointless, especially after all the trouble you've gone to to set up the proxy in the firstplace but feel free to try it, if only for the experience.

Any attempt to access one of these blocked sites will fail, with Apache returning a default error page to theclient. Here's what it looks like:

Obviously, you can customize this page simply specify the location of a different error page for all HTTP403 errors, via the ErrorDocument directive.

ErrorDocument 403 /error403.html

Here's an example of a custom error page, specified using the technique above:

Wheat And Chaff 9


12/15


13/15

Going BackwardsYou can also have Apache work as a reverse proxy, allowing you to create "shortcut" URLs which appear tobe local to the proxy server, yet actually point to external Web resources. Most of this is accomplished via theProxyPass directive, which requires you to specify both the local path and the remote URL.

Here's an example:

ProxyPass /melonfire/ http://www.melonfire.com/

In this case, any request for the URL

http://proxy/melonfire/

will be automatically forwarded (via the proxy, naturally) to

http://www.melonfire.com/

Going Backwards 11


14/15

Cache Cowfrequentlyaccessed Web pages to connecting clients. Apache comes with a fairly good proxy cachingfeature, which can be used to store Web pages on the server and use these locallycached copies to serveclient requests.

In order to enable this cache, add the following lines to your Apache 1.3 configuration file:

CacheRoot "/usr/local/apache/proxy"CacheSize 5CacheGcInterval 4CacheMaxExpire 24CacheLastModifiedFactor 0.1CacheDefaultExpire 1NoCache yahoo.com

Most of these are fairly selfexplanatory the CacheRoot directive sets the directory where cached files willbe stored, while the other directives specify things like maximum cache size and maximum cache flushinterval. It's also possible to exclude certain Web sites from being cached, via the NoCache directive.

The corresponding directives for Apache 2.0 are:

CacheRoot "/usr/local/apache/proxy"

CacheSize 500CacheDirLevels 5CacheDirLength 3

Using a cache can speed up browsing on your network, as the server can use cached copies to provide fasterresponse times to connecting clients.

Cache Cow 12


15/15

EndzoneIf you're in charge of running a small office network, you might find Apache's builtin proxy server andcaching features fairly useful, especially if all you're looking for is a simple, efficient solution.

The proxy server is great for enabling Internet connection sharing across multiple networked workstation, andcan also add to your peace of mind by providing an additional layer of security to your network. It alsoprovides you with more control over Internet usage, allowing you to restrict access to "bad" sites, and controlwhich workstations have access to the Internet. Finally, its logging facilities allow you to monitor Internetusage, providing you with useful feedback on the performance of your network.

The caching features can also come in handy, especially if your users tend to visit the same set of sites on aregular basis. By using the cached copies, Apache's proxy server can reduce bandwidth consumption, enhanceuser perception of network performance, and reduce Internet costs.

Of course, when all is said and done, the Apache proxy server will always play second fiddle to the Web

server, which still gets the lion's share of the attention. If you're looking for a practical, robust and efficientsolution, and your requirements aren't too complicated, Apache's proxy server will probably work for you. If,on the other hand, you're looking for more advanced features (like access control lists, more detailed loggingand so on), you should consider using squid, which has to be one of the most powerful, fullfeatured proxyservers out there today.

I'll be discussing squid in a separate article soon but, until then, feast on the following links:

Apache 1.2 documentation for mod_proxy, at http://httpd.apache.org/docs/mod/mod_proxy.html

Apache 2.0 documentation for mod_proxy, at http://httpd.apache.org/docs2.0/mod/mod_proxy.html

An introduction to Web caching, at http://www.webcaching.com/mnot_tutorial/

An introduction to squid, at http://linux.oreillynet.com/pub/a/linux/2001/07/26/squid.html

See you soon!

Note: All examples in this article have been tested on Linux/i686 with Apache 1.3 and Apache 2.0. Examplesare illustrative only, and are not meant for a production environment. Melonfire provides no warranties orsupport for the source code described in this article. YMMV!

Endzone 13
http://linux.oreillynet.com/pub/a/linux/2001/07/26/squid.htmlhttp://www.web-caching.com/mnot_tutorial/http://httpd.apache.org/docs-2.0/mod/mod_proxy.htmlhttp://httpd.apache.org/docs/mod/mod_proxy.html

Using Aphace as Proxy Server

Documents

Transcript of Using Aphace as Proxy Server