We often need a proxy (forward proxy) as an intermediate server to serve the request between the client and the origin server via proxy. Assume a scenario like: client needs to connect to internet or some other sites by using the forward proxy as the client can’t connect to them directly.
Let’s do the setup for Apache as a forward proxy. Below are the steps which you need to follow.
Step 1: We need a Apache server so download it from here.
https://www.apachelounge.com/download/
Apache server is available as binaries in a zip file from the above link.
Step 2: Extract the downloaded zip file in a C/D/E (your choice) drive within a folder called Apache24. i.e. C:\Apache24.
Note: You may give another name instead of Apache24 but in that case you will also have to update the SRVROOT value in httpd.conf file.
Step 3: Now we will install this as a window service to take an advantage of auto start and always keeping up the server up & running. To install this Apache server as window service, open command prompt and point to C:\Apache24\bin run the below command:
C:\Apache24\bin> httpd.exe -k install -n "MyServiceName"
For more options on installation, please visit the link here: http://httpd.apache.org/docs/2.4/platform/windows.html
Step 4: Update the related config/modules for Apache to setup forward proxy. open the file C:\Apache24\conf\httpd.conf in your favorite text editor and update/modify settings as mentioned:
a. Enable related modules by uncommenting them, remove the # character from beginning.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mode_proxy_connect.so
LoadModule proxy_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_xml2enc.so
LoadModule proxy_module modules/mod_proxy_html.so
LoadModule proxy_module modules/mod_proxy_http2.so
Here are short descriptions of each module which will give you idea why you need them.
mod_proxy: implement a proxy/gateway for Apache HTTP Server.
mod_proxy_connect: provides support for the CONNECT
HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.
mod_proxy_http: provides the features used for proxying HTTP and HTTPS requests.
mod_proxy_http2: supports HTTP/2 only and works with incoming fronted requests using HTTP/1.1 or HTTP/2.
mod_ssl: provides SSL v3 and TLS v1.x support for the Apache HTTP Server. SSL v2 is no longer supported.
mod_proxy_html: provides an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy.
mod_xml2enc: provides enhanced internationalisation support for markup-aware filter modules such as mod_proxy_html
. It can automatically detect the encoding of input data and ensure they are correctly processed by the libxml2 parser, including converting to Unicode (UTF-8) where necessary.
Note: For more details on above module please visit https://httpd.apache.org/docs/2.4/mod/
b. Update the listener information for apache server. (Search the word Listen in httpd.conf file)
Listen 192.89.12.120:8082
Note: You must use IP:Port combination instead of just using either one of them which you can do and the reason behind this is: If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports. For more detail please visit: https://httpd.apache.org/docs/2.4/bind.html
c. update ServerName as DNS Host Name (FQDN) if not then the IP address of the server (search the word ServerName)
ServerName 192.89.12.120:8082
Note: ServerName gives the name and port that the server uses to identify itself. This can often be determined automatically, but we recommend you specify it explicitly to prevent problems during startup. If your host doesn’t have a registered DNS name, enter its IP address here.
d. Update other details like ServerAdmin emailid, ErrorLog path, LogLevel etc as per your need.
Step 5: Now we will modify/update the proxy server details in C:/Apache24/conf/extra/proxy-html.conf file. So lets open the file using your favorite text editor and follow the below steps:
a. Enable forward proxy using ProxyRequest module by setting it to On.
ProxyRequests On
b. Configure the server address (i.e. internet, origin server etc) where request will be forwarded through this proxy server.
ProxyRemote = http://XXX.XXX.0.25:9400
OR
ProxyRemote * "${ProxyRemote}" -- in this case ProxyRemote is an environment variable which holds the origin server info.
Note: ProxyRemote is optional and needed only if you have remote proxy to redirect. In case if this machine has internet connection and don’t add this setting at all and that will make your proxy server to process the requests (internal or intranet).
c. Now lets enable the proxy routing and at the same time also restrict the forward proxy for specific subnet mask or IP if you need to do so or else ignore the Require IP setup.
<Proxy *>
Require ip 192.12 -- in this case any ip with mask 192.12 will be able to use the proxy
</Proxy>or<Proxy *>
Require ip 192.12.10.25 -- in this case only mentioned ip will be able to use the proxy
</Proxy>or if you don't need to restrict here then<Proxy *>
</Proxy>
Step 6: we are done here and it’s time to test your forward proxy setup. To test you can take another machine and setup the manual proxy setting (through internet setting or registry or curl command (if testing through curl command)), set the proxy url as ‘192.89.12.120:8082’ and run the test.
Though above configuration is for setting up the forward proxy in Windows machine but it is almost the same step you need to follow for Linux too.