Configure Apache as a forward proxy

Apache can be configured as both a forward and a reverse proxy. An ordinary proxy (also called a forward proxy) is an intermediate server that sits between the client and the origin server. The client is configured to use the forward proxy to access other sites. When a client want to get the content from the origin server, it sends a request to the proxy naming the origin server as the target. The proxy then requests the content from the origin server and returns it to the client.

Here is how we can configure Apache as a forward proxy:

First, we need to enable the proxy, proxy_http, and proxy_connect modules. We can do that using the a2enmod command:

apache enable proxy modules

Next, go to the /etc/apache2/mods-enabled directory and open the file proxy.conf in a text editor of your choice. Uncomment the #ProxyRequests On line and the <Proxy *> block:

apache proxy.conf file

Now, create a new file in the /etc/apache2/sites-available directory. We will call our file forward_proxy.conf. This is the configuration of the file:

<VirtualHost *:8080>
 # The ServerName directive sets the request scheme, hostname and port that
 # the server uses to identify itself. This is used when creating
 # redirection URLs. In the context of virtual hosts, the ServerName
 # specifies what hostname must appear in the request's Host: header to
 # match this virtual host. For the default virtual host (this file) this
 # value is not decisive as it is used as a last resort host regardless.
 # However, you must set it for any further virtual host explicitly.
 #ServerName www.example.com
ProxyRequests On
 ProxyVia On
<Proxy "*">
 Require ip 192.168
 </Proxy>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the loglevel for particular
 # modules, e.g.
 #LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error_forward_proxy.log
 CustomLog ${APACHE_LOG_DIR}/access_forward_proxy.log combined
# For most configuration files from conf-available/, which are
 # enabled or disabled at a global level, it is possible to
 # include a line for only one particular virtual host. For example the
 # following line enables the CGI configuration for this host only
 # after it has been globally disabled with "a2disconf".
 #Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Here is a description of the lines in the file:

<VirtualHost *:8080> – specifies the port that will be used for this virtual host.

ProxyRequests On, ProxyVia On – enables the proxy.

<Proxy “*”>Require ip 192.168</Proxy> – determines the range of IP addresses that will be allowed to use the proxy. In our case, the range of allowed hosts is 192.168.0.0 – 192.168.255.255.

ErrorLog ${APACHE_LOG_DIR}/error_forward_proxy.log, CustomLog ${APACHE_LOG_DIR}/access_forward_proxy.log combined – specifies the log files location.

Next, open the /etc/apache2/ports.conf file and add the Listen 8080 line:

apache ports conf

Enable the site using the a2ensite command:

apache enable proxy

Restart Apache in order for the changes to take effect. Your web clients need to be configured to use the proxy for outside connections. Here is a proxy configuration window from Windows:

windows proxy

Geek University 2022