Wednesday, March 13, 2013

Forward and Reverse Proxy using Apache


Forward Proxy 

A proxy server sitting in between client and origin server, acts as forward proxy, by sending HTTP requests on the client's behalf to the origin servers. The proxy protects the internal network by hiding the actual client's IP address and by using it's own instead. The client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

1) A good use of forward proxy is that it can be used for caching(mod_cache). The client's requests are served from cache provided by forward proxy server rather than requesting from the origin servers.

2) Another use of forward proxy is in filtering proxied content before passing them to the client or for restricting clients from accessing certain hosts/domains.

How to enable forward proxy in Apache?

The forward proxy is activated using the ProxyRequests directive.

Since any arbitrary client can use the forward proxy server, we need to secure the forward proxy server by allowing only authorized clients to use it.

From Apache 2.0, this can be done as follows. In httpd.conf file, add/uncomment the following lines

LoadModule proxy_module  modules/mod_proxy.so

<IfModule mod_proxy.c>
    ProxyRequests On

    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from 192.168.1
    </Proxy>
</IfModule>

How to set up caching server using Apache?

Forward proxy should be enabled to set the server as caching one.

From Apache 2.0, the proxying and caching functionalities have been split between the modules mod_proxy and mod_cache

After activating forward proxy with "ProxyRequests On", the same can be configured as caching server by adding the following lines in Apache configuration file 

CacheRoot "/var/spool/httpd/cache/"
CacheSize 5
CacheGcInterval 4
CacheMaxExpire 24
CacheLastModifiedFactor 0.1
CacheDefaultExpire 1
NoCache anonexp.blogspot.com

CacheRoot - Specifies the name of the directory that contains the cache.
CacheSize - Specifies the disk space required for the cache in KB
CacheGcInterval - Specifies the interval(in hours) to wait before checking if the disk space used by cache is greater than set by the CacheSize. In case if exceeding, unused objects are cache are cleaned out.
CacheMaxExpire - Specifies the maximum number of hours for which cached objects will be retained.
CacheLastModifiedFactor - It defines a value that will be used to calculate whether an item in the cache should be expired if the object hasn't explicitly been marked with an expiration date.
CacheDefaultExpire - Specifies the number of hours after which an object will be expired if no specific data is supplied about the expiration date or period from the original server.
NoCache - Specifies a list of words, hosts seperated by spaces that will not be cached.

How to use forward proxy for filtering?

Using  ProxyBlock directive, clients can be restricted from accessing specifies sites or domains.

ProxyBlock  www.xyz.com   # Blocks a specific host
ProxyBlock  xyz.com       # Blocks a specific domain
ProxyBlock  xyz           # Block any host or domain with string xyz in them

Reverse Proxy

A reverse proxy proxies on behalf of a backend server and not on behalf of outside client's request. Reverse proxy acts as a gateway to servers behind it.

Apache is activated as a reverse proxy using the ProxyPass directive or the flag to the RewriteRule directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

ProxyPass directive is used to convert a URL into another URL

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass               /    http://xyz.com/foo
ProxyPassReverse  /     http://xyz.com/foo

No comments:

Post a Comment