Route apache traffic through squid proxy server

apache-2.2PROXYsquid

I am using squid as proxy server for blocking patterns in a url (like: block .jpg,.bmp, etc). Now I want to route the whole traffic from my 2nd server (which runs apache) through the proxy server.

So, when a visitor accesses a .jpg file for example, the proxy server blocks the request.

The setup:

  • Server #1 runs squid3
  • Server #2 runs apache2

How can i configure apache for routing all traffic through a specific proxy?

Best Answer

The configuration you want is a reverse proxy. The main points to configure such a system are:

  • the DNS name of the web server must point to the IP address of the squid proxy
  • the squid proxy has to be configured to listen for requests on port 80 (supposing you want to use the standard HTTP port) and forward the requests to the apache server (reverse proxy mode, using the httpd-accelerator module). For an example see here. If you want to support encryption (HTTPS), you'll need to have your SSL certificates/keys on the Squid proxy, and configure it accordingly.
  • make sure that the apache server is inaccessible from your clients (e.g., by using a private IP address, assuming that your clients are outside that private network, or a firewall)
  • anything needing the client's IP address on Apache must look to the X-Forwarded-For header added by squid, as the client IP address will be the one of the squid server. This includes the logs, if you want to look at them on the apache server and not on the squid proxy.
Related Topic