An HTTP proxy is a server that accepts requests for web pages from browsers, retrieves the requested pages from their servers, and returns them to the browser. They are often used on networks on which clients are not allowed to connect to web servers directly so that restrictions on who can access the web and what sites they can view can be enforced. A proxy can also cache commonly accessed pages, so if many clients visit the same site its pages only have to be downloaded once. This speeds up web access and reduces bandwidth utilization.
Apache is not the best proxy server available for UNIX systems—Squid (covered in Chapter 44) takes that honor. Squid has many more configurable options, is more efficient, and can deal with much larger caches. If you want to set up a proxy on a system that is already running Apache, however, then it may make sense to use the existing web server as a proxy instead of installing and running a separate server process for Squid.
Apache's proxy support is only available if the mod_proxy module has been compiled into the web server or is available to be dynamically loaded. You can see if the module is available by clicking on the Re-Configure Known Modules icon on the main page. If mod_proxy is checked, then your server can be used as a proxy. If so, you can skip the next paragraph, which deals with loading the proxy module.
On some Linux distributions, the proxy module is included with the Apache package but not loaded by default. If this is the case on your system, you can enable it by following these steps:
1. | On the Apache Webserver module's main page, click on the Edit Config Files icon. This will bring up a page showing the contents of the primary configuration file, called httpd.conf. |
2. | Look for a line starting with LoadModule proxy_module, which is currently commented out with a # at the start. If no such line exists, then the proxy module is probably not installed at all and therefore cannot be used. |
3. | Delete the # at the start of the line and then click the Save button at the bottom of the page. |
4. | Click the Stop Apache link on any page to shut down Apache and then the Start Apache link to start it again. This is necessary for the web server to load the enabled proxy module. |
5. |
If Apache was compiled on your system from source, then you will need to recompile it with mod_proxy enabled in order to use the proxy features. If you do, Webmin will detect that a new version of the Apache server executable has been installed and will redisplay the form shown in Figure 29.1 when you next visit the module's main page. The proxy module will be automatically selected, so you should be able to just click the Configure button to tell Webmin that proxy features are now available.
Once mod_proxy has been enabled, you can set your system up as a proxy server by following these steps:
You should now be able to try your settings by configuring a web browser to use your Apache server as a proxy and visiting some web pages. All proxy requests that Apache processes will be written to the access log file for the virtual server in the usual format, but with the full URL recorded instead of just the page.
You may sometimes want to limit who has access to proxy, either by client IP address or by username and password. This can be done by following the instructions in Section 29.14 “Restricting Access by Client Address” and Section 29.13 “Password Protecting a Directory” and substituting the special directory proxy:*. If you set up client address access control, then only hosts with allowed addresses will be able to use your server as a proxy. They will, however, still be able to access normal web pages, as IP address restrictions for the special proxy:* directory only apply to proxy requests.
If you set up username and password authentication for your proxy server, then any web browsers that attempt to use it will be forced to log in first. This login is to the proxy server, not to any website that is being accessed through it. If a user visits a password-protected website using the proxy, he will have to log in separately to that site.
It is also possible to set up IP or password restrictions that apply only to some protocols or sites accessed through the proxy, by creating them for special directories like proxy:http or proxy:http://www.example.com/. Only requests for URLs that start with the text after proxy: will be effected by restrictions like these. They can be useful for blocking or limiting access to certain sites or preventing the proxy from being used to request certain protocols like http or ftp.
3.143.5.154