User Tools

Site Tools


apache:forward_proxy

Apache httpd 2.4 forward proxy

Creates a forward proxy (squid drop in replacement) on TCP port 3128. Proved to be faster than squid 3.5 on the same hardware when using Apache httpd event MPM.

Make sure you have a local DNS caching resolver, such as unbound or PowerDNS Recursor configured in /etc/resolv.conf.

ProxyDomain directive protects the proxy from accessing domain hosts by filling up the local domain name or search domains from /etc/resolv.conf.

Apache httpd mod_reqtimeout drops some long lived https connections in its default configuration (RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500).

Required modules: mod_proxy, mod_proxy_connect.

Listen 3128
<VirtualHost *:3128>
        ProxyRequests On
        ProxyDomain "."
        CustomLog "/var/log/httpd/proxy_access_log" common
        ErrorLog "/var/log/httpd/proxy_error_log"
        <IfModule mod_reqtimeout.c>
                RequestReadTimeout header=0 body=0
        </IfModule>
        <Proxy "*">
                Require ip 192.168.0.0/16
                Require ip 127.0.0.0/8
                Require ip 10.0.0.0/8
                Require ip 172.16.0.0/12
        </Proxy>
</VirtualHost>

No caching is performed in this setup but it can be implemented using httpd mod_cache and mod_cache_disk.

To enable disk caching:

<VirtualHost>
...
        <IfModule mod_cache_disk.c>
                CacheRoot "/var/spool/httpd"
                CacheEnable disk http://
                CacheEnable disk ftp://
        </IfModule>
...
</VirtualHost>

Couldn't find a way to disable “Server: Apache” header or to pass it unchanged from HTTP response headers.

apache/forward_proxy.txt · Last modified: 2018/04/08 11:59 by cbredi