Skip to content

Instantly share code, notes, and snippets.

@viz-prakash

viz-prakash/apache_forward_proxy.md

Last active January 4, 2024 21:17
Show Gist options
  • Save viz-prakash/c09655f8384e5f8883154f754405f483 to your computer and use it in GitHub Desktop.
Save viz-prakash/c09655f8384e5f8883154f754405f483 to your computer and use it in GitHub Desktop.
Download ZIP
Setup Apache HTTP forward proxy on Linux
Raw
apache_forward_proxy.md

With Apache server (difficult way and only works with HTTPS traffic)

On server proxy machine

Enable the proxy module

sudo a2enmod proxy

sudo a2enmod proxy_http

Uncomment following lines in /etc/apache2/mods-available/proxy.conf

ProxyRequests On
<Proxy *>
         Require ip "your_client_machines_ip_address not in quotes"
</Proxy>

ProxyVia Block

sudo systemctl restart apache2

Read more about apache proxies https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#examples
Read more about "Require ip" https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

Alternatively, follow this tutorial https://geek-university.com/configure-apache-as-a-forward-proxy/

On the client machine

You can change port 8080 to your liking.
Port 80 is default where Apache listens to forward

ssh -vL 8080:127.0.0.1:80 user@server_proxy

Test your proxy with Python requests

import requests

proxies = {
  'http': 'http://127.0.0.1:8080',
}

resp = requests.get('https://www.google.com', proxies=proxies)
print(resp.status_code)
print(resp.text)

Better and easier way is to use Apache Traffic Server (works with both HTTP and HTTPS proxy)

On the proxy server

Install Apache Traffic Server with command sudo apt-get install trafficserver.

Follow the steps to configure a forward proxy. It requires chaning the /etc/trafficserver/records.config file.

CONFIG proxy.config.url_remap.remap_required INT 0
CONFIG proxy.config.http.cache.http INT 1

Don't forget to disable the reverse proxy with CONFIG proxy.config.reverse_proxy.enabled INT 0.

Change the default port 8080 to your liking with config CONFIG proxy.config.http.server_ports STRING 65000 65000:ipv6.

Secure the proxy by limiting access to only your client

Add the following lines to the file /etc/trafficserver/ip_allow.yaml

  - apply: in
    ip_addrs: 1.2.3.4
    action: allow
    methods: ALL

Reboot the machine with reboot -n now otherwise traffic server will still be listening to default port 8080.

On client

Create a tunnel to the proxy using command ssh -vL 8080:localhost:65000 root@1**.2*.3**.4**.

Test

import requests

proxies = {
  'http': 'http://127.0.0.1:8080',
  'https': 'http://127.0.0.1:8080'
}

resp = requests.get('http://neverssl.com', proxies=proxies)
print(resp.status_code)
print(resp.text)

resp = requests.get('https://www.google.com', proxies=proxies)
print(resp.status_code)
print(resp.text)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment