route apache traffic through squid proxy serveriptables secure squid proxySquid traffic tunneled through...
Good for you! in Russian
Can't find the Shader/UVs tab
Why don't MCU characters ever seem to have language issues?
Could a cubesat be propelled to the moon?
"One can do his homework in the library"
A three room house but a three headED dog
Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits?
The bar has been raised
Why does Captain Marvel assume the planet where she lands would recognize her credentials?
Why is there a voltage between the mains ground and my radiator?
Could a cubesat propel itself to Mars?
Aliens englobed the Solar System: will we notice?
Am I not good enough for you?
What wound would be of little consequence to a biped but terrible for a quadruped?
Fourth person (in Slavey language)
What is the likely impact of grounding an entire aircraft series?
What Happens when Passenger Refuses to Fly Boeing 737 Max?
Unreachable code, but reachable with exception
Finding algorithms of QGIS commands?
Are there historical instances of the capital of a colonising country being temporarily or permanently shifted to one of its colonies?
Are babies of evil humanoid species inherently evil?
Good allowance savings plan?
Do items de-spawn in Diablo?
Is Gradient Descent central to every optimizer?
route apache traffic through squid proxy server
iptables secure squid proxySquid traffic tunneled through VPNRouting and authenticating all access through squidRoute all traffic through my laptop (using Squid) with WindowsRoute RRAS traffic through a proxySquid Proxy: url_regex acl is not working?How to configure RRAS to route all traffic through squid proxy?Convert HTTP request to HTTPS through Apache and SquidRouting your Internet through openvpn and Squid Proxy
I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.
So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.
The setup:
- Server #1 runs squid3
- Server #2 runs apache2
How can i configure apache for routing all traffic through a specific proxy?
apache-2.2 proxy squid
edited Dec 15 '15 at 19:45
Coops
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.
So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.
The setup:
- Server #1 runs squid3
- Server #2 runs apache2
How can i configure apache for routing all traffic through a specific proxy?
apache-2.2 proxy squid
edited Dec 15 '15 at 19:45
Coops
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54
add a comment |
I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.
So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.
The setup:
- Server #1 runs squid3
- Server #2 runs apache2
How can i configure apache for routing all traffic through a specific proxy?
apache-2.2 proxy squid
edited Dec 15 '15 at 19:45
Coops
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.
So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.
The setup:
- Server #1 runs squid3
- Server #2 runs apache2
How can i configure apache for routing all traffic through a specific proxy?
apache-2.2 proxy squid
apache-2.2 proxy squid
edited Dec 15 '15 at 19:45
Coops
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
edited Dec 15 '15 at 19:45
Coops
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
edited Dec 15 '15 at 19:45
Coops
5,22412448
edited Dec 15 '15 at 19:45
Coops
5,22412448
edited Dec 15 '15 at 19:45
Coops
5,22412448
5,22412448
asked Nov 19 '14 at 22:24
pilapila
1113
asked Nov 19 '14 at 22:24
pilapila
1113
asked Nov 19 '14 at 22:24
pilapila
1113
1113
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54
add a comment |
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54
add a comment |
1 Answer
1
active
oldest
votes
The configuration you want is a reverse proxy. The main points to configure such a system are:
- the DNS name of the web server must point to the IP address of the squid proxy
- the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
- make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
- anything needing the client's IP address on Apache must look to the
X-Forwarded-Forheader added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
answered Nov 19 '14 at 22:43
AleAle
1,010718
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peeris the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)
– Ale
Nov 20 '14 at 15:54
|
show 2 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f645639%2froute-apache-traffic-through-squid-proxy-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The configuration you want is a reverse proxy. The main points to configure such a system are:
- the DNS name of the web server must point to the IP address of the squid proxy
- the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
- make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
- anything needing the client's IP address on Apache must look to the
X-Forwarded-Forheader added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
answered Nov 19 '14 at 22:43
AleAle
1,010718
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peeris the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)
– Ale
Nov 20 '14 at 15:54
|
show 2 more comments
The configuration you want is a reverse proxy. The main points to configure such a system are:
- the DNS name of the web server must point to the IP address of the squid proxy
- the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
- make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
- anything needing the client's IP address on Apache must look to the
X-Forwarded-Forheader added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
answered Nov 19 '14 at 22:43
AleAle
1,010718
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peeris the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)
– Ale
Nov 20 '14 at 15:54
|
show 2 more comments
The configuration you want is a reverse proxy. The main points to configure such a system are:
- the DNS name of the web server must point to the IP address of the squid proxy
- the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
- make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
- anything needing the client's IP address on Apache must look to the
X-Forwarded-Forheader added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
answered Nov 19 '14 at 22:43
AleAle
1,010718
The configuration you want is a reverse proxy. The main points to configure such a system are:
- the DNS name of the web server must point to the IP address of the squid proxy
- the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
- make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
- anything needing the client's IP address on Apache must look to the
X-Forwarded-Forheader added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
answered Nov 19 '14 at 22:43
AleAle
1,010718
answered Nov 19 '14 at 22:43
AleAle
1,010718
answered Nov 19 '14 at 22:43
AleAle
1,010718
answered Nov 19 '14 at 22:43
AleAle
1,010718
1,010718
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peeris the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)
– Ale
Nov 20 '14 at 15:54
|
show 2 more comments
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peeris the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)
– Ale
Nov 20 '14 at 15:54
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server
– pila
Nov 19 '14 at 22:46
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)
– Ale
Nov 19 '14 at 22:49
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
okay thanks i will test this tomorrow and then comment back
– pila
Nov 19 '14 at 22:50
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..
– pila
Nov 20 '14 at 15:49
cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)– Ale
Nov 20 '14 at 15:54
cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)– Ale
Nov 20 '14 at 15:54
|
show 2 more comments
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f645639%2froute-apache-traffic-through-squid-proxy-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?
– Ale
Nov 19 '14 at 22:28
yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked
– pila
Nov 19 '14 at 22:31
Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.
– user186340
Nov 21 '14 at 20:54