Apache build proxy server
Author: zbuger
blog: https://blog.csdn.net/zbuger/article/details/51648048
Apache version 2.2
As we all know, Apache is currently the best HTTP server. In fact, it can be used not only as a server, but also as a proxy server. This article explains how to use Apache to set up an HTTP proxy server.
This article will be based on the Win32 version of Apache 2.0.47. The previous Apache 1.x version configuration method is slightly different, but it is not explained here.
Apache installation.
Download the Apache installer from http://www.apache.org and double-click the installer to install it. After installation, start the Apache server. Then open IE and enter http://localhost/ in the address bar of IE, you should be able to see the Apache welcome screen.
httpd.conf
Next, we modify the Apache configuration file to support the HTTP proxy server function. Open the httpd.conf file with a text editor.
First, add the proxy server module. Find the following lines:
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
Remove the # in front to make the corresponding module effective. Then restart Apache. (You can also use the command line net stop apache2 and then net start apache2 to restart the server.) At this time, Apache should be able to start normally, although it is not a proxy server yet.
Then we add the following line to the configuration file:
ProxyRequests On
Then restart Apache again. At this time, Apache is the HTTP proxy server. Open IE, select the menu "Tools→Internet Options→Connections→LAN Settings", select "Use a proxy server for LAN", and then fill in 127.0.0.1 in the address below and 80 in the port. After filling in, confirm. If you can connect to the Internet through IE at this time, it means that the proxy configuration is correct. (Note: The port 80 here is the port number specified by the Listen command in httpd.conf. If you modify the Listen command to make Apache listen to other ports, please make the corresponding changes in the IE settings. In addition, if you use For dial-up connection, please modify the proxy settings of the corresponding dial-up connection in "Tools→Internet Options→Connections" instead of modifying the LAN proxy settings)
Access control
Next we try access control. Edit httpd.conf and add the following settings:
Allow and prohibit
<Proxy *>
Order allow,deny
Allow from all
Deny from 127.0.0.1
</Proxy>
This configuration means that all computers except the local computer are allowed to access the agent. Then restart Apache. Try to use IE to connect to the Internet again, and you will receive a message similar to the following:
Forbidden
You don't have permission to access http://www.google.com/ on this server.
This indicates that the local computer has been prohibited from using the proxy. On the contrary, the following settings:
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
Means that only the local computer is allowed to use the proxy server.
The * sign behind the Proxy instruction indicates the destination address that the client uses the proxy server to access. In the above two examples, the * sign represents all addresses, that is, it is forbidden to use the proxy server to access all addresses.
Ban an address
If you want to prohibit only certain addresses, you can refer to the following example:
<Proxy http://www.google.com/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
<Proxy http://www.yahoo.co.jp/r/*>
Order allow,deny
Allow from all
Deny from 127.0.0.1
</Proxy>
The above example means that only the local computer is allowed to access http://www.google.com/ and the local computer is prohibited from accessing resources under http://www.yahoo.co.jp/r/. Since Apache’s Proxy command is currently unable to support multiple target addresses, which means it cannot be written in the form of <Proxy http://www.google.com/ http://www.yahoo.co.jp >, so if you When you want to restrict multiple target addresses, you must use multiple Proxy instructions.
ProxyBlock
If you want to restrict all users (not just some users) from accessing certain addresses, you can use the ProxyBlock command:
ProxyBlock microsoft co.jp www.google.com
The above instruction blocks three types of target addresses: addresses that include microsoft, addresses that include co.jp, and addresses that include www.google.com. But when you actually use IE to test, you will find that http://www.google.com/ and http://www.google.co.kr/ (Google Korea site) will not be accessible, but http://www. google.co.kr/ does not meet the above blocking rules. This is because when Apache starts, it will perform domain name resolution on the string that looks like a host name or domain name in the blocked address. If the resolution is successful, the corresponding target IP address will be blocked. The IP addresses of www.google.co.kr and www.google.com are the same, so www.google.co.kr is also blocked. In addition, because Apache tries to resolve domain names, when you use ProxyBlock, the startup time of Apache will become longer.
Also note that if you write ProxyBlock *, you will not be able to access any address through the proxy server.
Secondary agent
Finally, I will introduce the second-level agent. Apache can be used as a secondary proxy, that is, Apache, which is already a proxy server, can connect to the Internet through other proxy servers. Add the following command:
ProxyRemote * http://12.34.56.78:8080
You can make Apache use 12.34.56.78:8080 as a proxy server. The first parameter after the ProxyRemote instruction represents the protocol name or target address, for example:
ProxyRemote ftp http://12.34.56.78:8080 # 对于所有ftp请求使用二级代理
ProxyRemote http://www.google.com/ http://12.34.56.78:8080 # 当访问 www.google.com时使用二级代理
Configure Apache httpd proxy server on windows
Author: Charlie Ash brother
blog: https://blog.csdn.net/qwert678000/article/details/78789974
Configure proxy information
Open the configuration file Apache24/conf/httpd.conf:
Listen port modification (modify to the port and ip you want to monitor)
Listen 192.168.2.5:9001
Load the required modules
LoadModuleaccess_compat_module modules/mod_access_compat.so
LoadModulelbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModulelbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModulelbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModulelbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModuleproxy_module modules/mod_proxy.so
LoadModuleproxy_connect_module modules/mod_proxy_connect.so
LoadModuleproxy_ftp_module modules/mod_proxy_ftp.so
LoadModuleproxy_html_module modules/mod_proxy_html.so
LoadModuleproxy_http_module modules/mod_proxy_http.so
LoadModulexml2enc_module modules/mod_xml2enc.so
# 注释掉ssl模块,不然启动的时候需要443端口会报错
#LoadModulessl_module modules/mod_ssl.so
Add Proxy configuration, enable Apache forward proxy and allow all requests to access the proxy
ProxyRequests On
<Proxy *>
Requireall granted
</Proxy>
Linux client configuration verification
vi /etc/profile //Edit this file and add the following proxy configuration at the bottom
http_proxy=192.168.2.3:9901 # http协议使用代理服务器地址
https_proxy=$http_proxy # https协议使用安全代理地址
no_proxy=localhost,127.0.0.1 # 不使用代理的主机或IP
export http_proxyhttps_proxy no_proxy
among them
192.168.2.3::代理地址,可以是IP,也可以是域名;
9901:使用的端口;
Save and exit, source /etc/profile takes effect immediately. test:
[root@localhost temp]# cd ~/temp
[root@localhost temp]# wget www.baidu.com
--2019-01-07 13:41:25-- http://www.baidu.com/
正在连接 192.168.2.3:9901... 已连接。
...