Table of Contents

Forward Proxy

I need to access a web server at a different location, but that location's ISP blocks web server access (ports 80, 8080, 443). Establishing a port forward on another port, for example 10080, is only half of the solution, as some devices (e.g. iOS) do not allow HTTP access on ports other than the standard ports.

Concept

Terms:

  • Client: to computer from which I need to access the web server of the different location
  • Host: my (main) web server
  • Remote: the web server at this different location
  • Domain Name: Domain name under which the remote is accessed

I achieve this with a forward proxy on my host. The forward proxy is accessed with the standard port 80 and fowards the request to a non-standard port of remote, say 10080. The router of remote passes requests on port 10080 to the firewall, which then forwards the request to the port of the web server where apache is listining to.

client (sub.domain.tld) --> host (another.domain.tld:10080) --> remote (apache:80)

Configuration

Client

No special configuration necessary, but you need to register a sub domain name under which you can access the forward proxy, e.g. sub.domain.tld.

Host

Add a VirtualHost configuration file to sites-enabled, with the following content:

<VirtlHost *:80>
      ServerAdmin admin@localhost
      ServerName sub.domain.tld

      ProxyPass / http://remote.domain.tld:10080/
      ProxyPassReverse / http://remote.domain.tld:10080/

      ErrorLog ${APACHE_LOG_DIR}/remote-error.log
      LogLevel warn
      CustomLog ${APACHE_LOG_DIR}/remote-access.log combined
</VirtualHost>

Before you restart apache, make sure that mod_proxy and mod_proxy_http are loaded with:

# a2enmod proxy_http

Remote

Forward port 10080 from the router to the firewall, then forward port 10080 on the firewall to port 80 of the web server. Add a VirtualHost configuration file to sites-enabled, with the following content. If you need to harden access, add some rewrite rules:

<VirtualHost *:80>
      ServerAdmin admin@localhost
      ServerName remote.domain.tld
      DocumentRoot /var/www/remote

      <Directory /var/www/remote/>
              Options +Indexes FollowSymLinks -MultiViews
              AllowOverride All
              Order allow,deny
              allow from all
              DirectoryIndex index.php
      </Directory>

      ErrorLog ${APACHE_LOG_DIR}/error.log
      LogLevel warn
      CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>