route apache traffic through squid proxy serveriptables secure squid proxySquid traffic tunneled through...

Good for you! in Russian

Can't find the Shader/UVs tab

Why don't MCU characters ever seem to have language issues?

Could a cubesat be propelled to the moon?

"One can do his homework in the library"

A three room house but a three headED dog

Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits?

The bar has been raised

Why does Captain Marvel assume the planet where she lands would recognize her credentials?

Why is there a voltage between the mains ground and my radiator?

Could a cubesat propel itself to Mars?

Aliens englobed the Solar System: will we notice?

Am I not good enough for you?

What wound would be of little consequence to a biped but terrible for a quadruped?

Fourth person (in Slavey language)

What is the likely impact of grounding an entire aircraft series?

What Happens when Passenger Refuses to Fly Boeing 737 Max?

Unreachable code, but reachable with exception

Finding algorithms of QGIS commands?

Are there historical instances of the capital of a colonising country being temporarily or permanently shifted to one of its colonies?

Are babies of evil humanoid species inherently evil?

Good allowance savings plan?

Do items de-spawn in Diablo?

Is Gradient Descent central to every optimizer?



route apache traffic through squid proxy server


iptables secure squid proxySquid traffic tunneled through VPNRouting and authenticating all access through squidRoute all traffic through my laptop (using Squid) with WindowsRoute RRAS traffic through a proxySquid Proxy: url_regex acl is not working?How to configure RRAS to route all traffic through squid proxy?Convert HTTP request to HTTPS through Apache and SquidRouting your Internet through openvpn and Squid Proxy













0















I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.



So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.



The setup:




  • Server #1 runs squid3

  • Server #2 runs apache2


How can i configure apache for routing all traffic through a specific proxy?






apache-2.2 proxy squid







share|improve this question
















bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

    – Ale
    Nov 19 '14 at 22:28













  • yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

    – pila
    Nov 19 '14 at 22:31











  • Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

    – user186340
    Nov 21 '14 at 20:54
















0















I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.



So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.



The setup:




  • Server #1 runs squid3

  • Server #2 runs apache2


How can i configure apache for routing all traffic through a specific proxy?






apache-2.2 proxy squid







share|improve this question
















bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

    – Ale
    Nov 19 '14 at 22:28













  • yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

    – pila
    Nov 19 '14 at 22:31











  • Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

    – user186340
    Nov 21 '14 at 20:54














0












0








0








I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.



So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.



The setup:




  • Server #1 runs squid3

  • Server #2 runs apache2


How can i configure apache for routing all traffic through a specific proxy?






apache-2.2 proxy squid







share|improve this question
















I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.



So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.



The setup:




  • Server #1 runs squid3

  • Server #2 runs apache2


How can i configure apache for routing all traffic through a specific proxy?






apache-2.2 proxy squid




apache-2.2 proxy squid






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 15 '15 at 19:45









Coops

5,22412448




5,22412448










asked Nov 19 '14 at 22:24









pilapila

1113




1113





bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

    – Ale
    Nov 19 '14 at 22:28













  • yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

    – pila
    Nov 19 '14 at 22:31











  • Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

    – user186340
    Nov 21 '14 at 20:54



















  • so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

    – Ale
    Nov 19 '14 at 22:28













  • yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

    – pila
    Nov 19 '14 at 22:31











  • Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

    – user186340
    Nov 21 '14 at 20:54

















so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

– Ale
Nov 19 '14 at 22:28







so basically you want to setup a reverse proxy so that all requests from clients go through the proxy instead of arriving directly on the Apache server?

– Ale
Nov 19 '14 at 22:28















yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

– pila
Nov 19 '14 at 22:31





yes. i want to "block" specific patterns. and when the server uses the proxy not every client needs to configure the proxy. example: user request -> proxy -> (is allowed) yes = -> apache -> client ; no = ->blocked

– pila
Nov 19 '14 at 22:31













Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

– user186340
Nov 21 '14 at 20:54





Looks like an XY problem. If your goal is to block some patterns then you can do so directly in Apache's configuration; a reverse proxy is way overkill for this.

– user186340
Nov 21 '14 at 20:54










1 Answer
1






active

oldest

votes


















0














The configuration you want is a reverse proxy. The main points to configure such a system are:




  • the DNS name of the web server must point to the IP address of the squid proxy

  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.

  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)

  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.






share|improve this answer
























  • is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

    – pila
    Nov 19 '14 at 22:46











  • do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

    – Ale
    Nov 19 '14 at 22:49













  • okay thanks i will test this tomorrow and then comment back

    – pila
    Nov 19 '14 at 22:50











  • how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

    – pila
    Nov 20 '14 at 15:49











  • cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

    – Ale
    Nov 20 '14 at 15:54











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f645639%2froute-apache-traffic-through-squid-proxy-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














The configuration you want is a reverse proxy. The main points to configure such a system are:




  • the DNS name of the web server must point to the IP address of the squid proxy

  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.

  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)

  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.






share|improve this answer
























  • is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

    – pila
    Nov 19 '14 at 22:46











  • do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

    – Ale
    Nov 19 '14 at 22:49













  • okay thanks i will test this tomorrow and then comment back

    – pila
    Nov 19 '14 at 22:50











  • how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

    – pila
    Nov 20 '14 at 15:49











  • cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

    – Ale
    Nov 20 '14 at 15:54
















0














The configuration you want is a reverse proxy. The main points to configure such a system are:




  • the DNS name of the web server must point to the IP address of the squid proxy

  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.

  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)

  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.






share|improve this answer
























  • is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

    – pila
    Nov 19 '14 at 22:46











  • do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

    – Ale
    Nov 19 '14 at 22:49













  • okay thanks i will test this tomorrow and then comment back

    – pila
    Nov 19 '14 at 22:50











  • how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

    – pila
    Nov 20 '14 at 15:49











  • cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

    – Ale
    Nov 20 '14 at 15:54














0












0








0







The configuration you want is a reverse proxy. The main points to configure such a system are:




  • the DNS name of the web server must point to the IP address of the squid proxy

  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.

  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)

  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.






share|improve this answer













The configuration you want is a reverse proxy. The main points to configure such a system are:




  • the DNS name of the web server must point to the IP address of the squid proxy

  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.

  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)

  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 19 '14 at 22:43









AleAle

1,010718




1,010718













  • is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

    – pila
    Nov 19 '14 at 22:46











  • do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

    – Ale
    Nov 19 '14 at 22:49













  • okay thanks i will test this tomorrow and then comment back

    – pila
    Nov 19 '14 at 22:50











  • how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

    – pila
    Nov 20 '14 at 15:49











  • cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

    – Ale
    Nov 20 '14 at 15:54



















  • is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

    – pila
    Nov 19 '14 at 22:46











  • do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

    – Ale
    Nov 19 '14 at 22:49













  • okay thanks i will test this tomorrow and then comment back

    – pila
    Nov 19 '14 at 22:50











  • how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

    – pila
    Nov 20 '14 at 15:49











  • cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

    – Ale
    Nov 20 '14 at 15:54

















is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

– pila
Nov 19 '14 at 22:46





is this solution possible for infinite servers? so that the squid does not need to have every apache ip? i want that squid automatically detects the source and points traffic back to the server

– pila
Nov 19 '14 at 22:46













do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

– Ale
Nov 19 '14 at 22:49







do you mean for infinite clients (i.e., that you don't need to anticipate who is connecting to your proxy)? in this case, yes: that's what a reverse proxy is for, you just have to configure the apache server's address in it (as from your question I guess there's only one of them)

– Ale
Nov 19 '14 at 22:49















okay thanks i will test this tomorrow and then comment back

– pila
Nov 19 '14 at 22:50





okay thanks i will test this tomorrow and then comment back

– pila
Nov 19 '14 at 22:50













how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

– pila
Nov 20 '14 at 15:49





how do i set the cache_peer option in squid for every host? it is possible that i do not know all users using this proxy server..

– pila
Nov 20 '14 at 15:49













cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

– Ale
Nov 20 '14 at 15:54





cache_peer is the IP of the apache web server you want behind your proxy -- you don't care about who your clients are. that's why it's named a reverse proxy: you configure who your server is, and clients will only access that server (but you don't need to preconfigure the clients)

– Ale
Nov 20 '14 at 15:54


















draft saved

draft discarded




















































Thanks for contributing an answer to Server Fault!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f645639%2froute-apache-traffic-through-squid-proxy-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Фонтен-ла-Гаярд Зміст Демографія | Економіка | Посилання |...

Image
Муніципалітети департаменту Йонна фр.муніципалітетФранціїБургундія-Франш-КонтеЙоннаПарижаДіжонаОсера Фонтен-ла-Гаярд Fontaine-la-Gaillarde Країна  Франція Регіон Бургундія-Франш-Конте  Департамент Йонна  Округ Сан Кантон Сан-Норд-Ест Код INSEE 89172 Поштові індекси 89100 Координати 48°13′13″ пн. ш. 3°22′51″ сх. д. H G O Висота 111 - 234 м.н.р.м. Площа 10,61 км² Населення 502 (2011-01-01) Густота 47,31 ос./км² Розміщення Влада Мер Мандат Michel Papinaud 2014-2020 Фонте́н-ла-Гая́рд , Фонтен-ла-Ґаярд (фр. Fontaine-la-Gaillarde ) — муніципалітет у Франції, у регіоні Бургундія-Франш-Конте, департамент Йонна. Населення — 502 осіб (2011) [1] . Муніципалітет розташований на відстані [2] близько 105 км на південний схід від Парижа, 160 км на північний захід від Діжона, 50 км на північ від Осера. Зміст 1 Демографія 2 Економіка 3 Посилання 4 Див. т...
Read more

Список ссавців Італії Природоохоронні статуси | Список |...

Image
Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з ...
Read more

Маріан Котлеба Зміст Життєпис | Політичні погляди |...

Image
Народились 7 квітняНародились 1977Уродженці Банської БистриціВипускники Університету Матея БелаСловацькі політикиРевізіоністи ГолокостуРомофобиУльтраправіШовіністиПопулізмКритики Європейського союзуАнтиамериканізм словац.7 квітня1977Банська БистрицяЧССРультраправийсловацькийполітикЙозефу ТісоПершій Словацькій республіціВолодимиру ПутінуциганНАТОСШАЄвросоюзусловацьке національне повстанняантисемітськоїпопулістської«Котлеба — Народної партії Наша Словаччина»Банськобистрицького краю7 квітня1977Банська БистрицяЧССРуніверситету Матея Бела20062000200921 лютого2010єврословацьку кронугромадського партнерстваЄСНАТОромської меншини2012напіввоєнізованих структурМіністерство внутрішніх справчервні2016Верховний судБанськобистрицькому краї2016однопалатний словацький законодавчий орган«Котлеба — Народна партія Наша Словаччина»Банськобистрицького краю«Глінкова гвардія»Другої світової війни«Революцію гідності» Маріан Котлеба словац. Marian Kotleba Народився 7 квітня 1977 ( 1977-04-...
Read more