Apache proxy: How do I restrict external access to it?

Apache proxy: How do I restrict external access to it?

Post by Peter Papadopulo » Thu, 04 Jul 1996 04:00:00



A question for the Apache freaks out there:

How can I restrict the access to an Apache server running exclusively
as proxy server. It has no DocumentRoot or GET Method in the sense
of a regular webserver, which I normally use for this.

I want to limit access to the local subnet.

Any hints are welcome.

Please respond also by mail.

Peter

--
Peter Papadopulos                 opus 5, interaktive medien GmbH
webmaster                         Friedhofstr. 72
                                  D-63263 Neu-Isenburg, Germany

 
 
 

1. Problems trying to restrict access or require authorization for Apache PassProxy proxy server usage

I am attempting to use Apache 1.3.3 on UnixWare 7 as a non-caching proxy
server and would like to restrict access or require authorization for
requests to this proxy. Access is to be granted to users from subnet
192.168.0. Users from outside this subnet are to be prompted for a user name
and password which will be checked against a file of valid users and
passwords.

I configured Apache with

./configure --prefix=/usr/local/apache --enable-module=proxy

Following are the relevant portions of my httpd.conf file:

ProxyRequests On
Listen 9100
<VirtualHost 192.168.0.12:9100>
ServerName www.foobar.org
<Directory proxy:*>
AuthName "foobar"
AuthType Basic
AuthUserFile /usr/local/apache/etc/PASSWD
order deny,allow
deny from all
allow from 192.168.0
require valid-user
Satisfy any
</Directory>
ProxyPass / http://www.encyclopedia.com/
ProxyPassReverse / http://www.encyclopedia.com/
</VirtualHost>

If I turn off the authorization checks, the proxy is working fine.  If I
turn on the authorization checks, I can connect fine from the 192.168.0
subnet. But if if I connect from outside the 192.168.0 subnet, I receive no
prompt for username and password but receive the following message in the
browser :

HTTP/1.0 407 Proxy Authentication Required
Date: Fri, 15 Jan 1999 08:34:58 GMT
Server: Apache/1.3.3 (Unix)
Proxy-Authenticate: Basic realm="foobar"
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>407 Proxy Authentication Required</TITLE>
</HEAD><BODY>
<H1>Proxy Authentication Required</H1>
This server could not verify that you
are authorized to access the document you
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
<HR>
<ADDRESS>Apache/1.3.3 Server at www.foobar.org Port 9100</ADDRESS>
</BODY></HTML>

The results are the same with either the Netscape 4.5 or IE 4.0 browser.

Does anyone have suggestions on how to achieve the desired results?

Thanks for your help!
-Mark Schwenk

2. Disk read errors? FAILURE?

3. restricting access with apache as proxy

4. AWE32 in freebsd

5. Apache 1.1.1: Any way to restrict proxy access to certain cites only?

6. Question on X with Linux 7.1 and Solaris 2.6

7. Apache with restricted access and proxies

8. Mitsumi CD-ROM driver installation help needed

9. Apache with access control vs proxy (Not apache AS proxy)

10. How? - Restrict access to Apache Proxy

11. Restricting external telnet access?

12. restricted proxy access in CERN httpd

13. Restrict Proxy Access?