Apache Restricted Proxy
Apache Restricted Proxy
A restricted proxy server, one that only allows access to a tight subset of
websites. Apache is the logical choice
for such an endeavor, but configuration is not terribly straightforward. After
numerous attempts, I settled on something like the below. I found that a
ProxyAllow directive would have fit the bill perfectly, but is curiously
lacking.
Configuration
This Apache 2.0 configuration will test the HTTP_HOST variable against a very
short list of allowed domains, after fully-qualifying any non-FQDNs to the
local domain. If it does not match any of the domains, the rewrite rule's [F]
flag returns a 403. Other options would be using an external rewrite map for
more flexibility on the list of allowed domains.
<VirtualHost *:80>
ServerName restproxy.example.com
ServerAlias restproxy
DocumentRoot /var/www/html/restproxy
ErrorDocument 403 "This web site is forbidden. Please contact Big Brother if you have any questions."
ProxyRequests On
ProxyVia On
<Proxy *>
Order Deny,Allow
Allow from 192.168
Deny from all
</Proxy>
RewriteEngine On
RewriteLog /var/log/httpd/restproxy_rewrite_log
RewriteLogLevel 1
# If no dot in hostname, fully-qualify with .example.com
RewriteMap lowercase int:tolower
RewriteCond ${lowercase:%{HTTP_HOST}} ^([^:]*).*$
RewriteCond %1 !\. [NC]
RewriteRule ^.*/(.*) http://%1.example.com:%{SERVER_PORT}/$1 [L,R]
# Damn it would be nice to have a ProxyAllow directive
RewriteMap lowercase int:tolower
RewriteCond ${lowercase:%{HTTP_HOST}} ^([^:]*).*$
RewriteCond %1 !.*example.com$
RewriteCond %1 !.*google.com$
RewriteCond %1 !.*cnn.com$
RewriteRule ^proxy: - [F]
</VirtualHost>
|
