2

I'm trying to configure apache (2.4.18) on ubuntu 16.04 as a forward proxy to allow workstations on a couple of subnets to access a selection websites on the internet.

I have managed to configure mod_proxy and restrict access to particular subnets, my question is about the best method for limiting which URLs the workstations will be able to access via the proxy server.

I have had a google and looked at the apache documentation, but can't seem to find a method of doing this, ideally I just want a whitelist of websites that apache will proxy too.

I have thought about using iptables to simply drop connection to all but the whitelisted sites, but this does not seem very scalable and I'd rather have it defined in the apache config if possible.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
rusty shackleford
  • 123
  • 7

1 Answers1

2

As you've already discovered, this isn't as easy as you'd like... mainly because this isn't the use case that Apache is built for. If you'd like to go in the opposite direction, and block a few sites, it would be a lot easier, but that doesn't really help you.

If you've got a reasonably small number of URLs, you could simply set up one <Proxy> directive per URL that you allow access to, e.g.

<Proxy "example.com">
  Require host yournetwork.example.com
</Proxy>

<Proxy "example.net">
  Require host yournetwork.example.com
</Proxy>

You could drop in these as #include files, making it reasonably easy to keep track of.

But on the whole, if possible, I'd suggest looking at some software that is actually designed for what you want to do. Squid comes to mind, for instance.

Jenny D
  • 27,358
  • 21
  • 74
  • 110