Apache as HTTP Proxy Server


There are many various proxy servers on all platforms. But Apache is my favorite! And now I’ll show how to configure it as HTTP Proxy Server with Authentication.

1. Install Apache to “C:\SERVER\ApacheProxy” (http://httpd.apache.org/download.cgi)

2. Let’s configure “conf/httpd.conf”

ServerRoot "C:/SERVER/ApacheProxy"
Listen 3128

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule setenvif_module modules/mod_setenvif.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
 User daemon
 Group daemon
</IfModule>
</IfModule>

ServerAdmin admin@firetrot.com
ServerName firetrot
DocumentRoot "C:/SERVER/ApacheProxy/htdocs"

<Directory />
 Options FollowSymLinks
 AllowOverride None
 Order deny,allow
 Deny from all
</Directory>

<Directory "C:/SERVER/ApacheProxy/htdocs">
 Options Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

<IfModule dir_module>
 DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
 Order allow,deny
 Deny from all
 Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

# Possible values include: debug, info, notice, warn, error, crit, alert, emerg
LogLevel error 

<IfModule log_config_module>
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
 CustomLog "logs/access.log" common
</IfModule>

<IfModule alias_module>
 ScriptAlias /cgi-bin/ "C:/SERVER/ApacheProxy/cgi-bin/"
</IfModule>

<Directory "C:/SERVER/ApacheProxy/cgi-bin">
 AllowOverride None
 Options None
 Order allow,deny
 Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
 TypesConfig conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
</IfModule>

AllowCONNECT 443 563 5050

ProxyRequests On
ProxyVia On

<Proxy *>
 AuthName "FireTrot Proxy Server"
 AuthUserFile "C:\SERVER\ApacheProxy\users\userlist"
 AuthType Basic
 Require valid-user
</Proxy>

The most interested part is at the end.

AllowCONNECT 443 563 5050

To make ability to work with services that need CONNECT protocol (for ex. tunnels) (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect)

3. Create directory “C:\SERVER\ApacheProxy\users”

4. As you see, in “Proxy” directive:

 AuthUserFile "C:\SERVER\ApacheProxy\users\userlist"
 AuthType Basic
 Require valid-user

These lines are for Basic Authentication procedure.

Users (login:password) are listed in “C:\SERVER\ApacheProxy\users\userlist” file which can be made by:

C:\SERVER\ApacheProxy\bin\htpasswd.exe -cm "C:\SERVER\ApacheProxy\users\userlist" testuser

And type password.

5. Install service

C:\SERVER\ApacheProxy\bin\httpd.exe -n "ApacheProxy" -k install

That’s all! Run server!