Hi!
Do u know if is is possible to use a web server (apache) with a proxy server (squid) in the same machine?
I want to put the squid at the front lines ... The problem is that the http requests are made in the 80 port in which is used by the apache..
Thx

Hi alaios

sure, that's possible. You only have to ensure, that the squid is listening on an other port e.g. 8080 (standard) and don't forget to configure your browser for don't using a Proxy for local connections.

have fun!

cu doehn

But an http request is made on the 80 port.... How it can be processed firstly from squid and nor from the apache?

Hi alaios,

if you use a proxy, you have to tell it to the browser. Then the request is done on port 8080. The browser tells the proxy on this port, that it want a web page and the proxy will get it for the browser. If you defined an address for not querying the proxy, the request is done directly from the browser.

If squid listens on port 80, it wouldn't understand the request, if it is a webserver request. It is a totally different protocol.

For a better understanding:

Request without proxy:
1. Request
Browser ------- :80-> Webserver
2. Answer
Browser <------------- Webserver



Request with proxy

1. Browser request
Browser ------- :8080-> Proxy
2. Proxy request
Proxy -------- :80-> Webserver
3. Answer to üroxy
Proxy <-------------- Webserver
4. Answer to browser
Browser <---------------- Proxy

The proxy is not acting like a webserver. This is done a little more tricky. But for understanding this, you first have to understand the basics of the http and tcp.

cu doehn

I know these things...I want to talk about the tricky part

Hi alaios,

well then...

the first tricky detail is, that the IP-Address is an internal IP. (I think, you know this, it's the same problem as nat)
the second is, that the browser has first to send it's requests to the proxy. The proxy won't reply if it is not his own IP or name.
This would be done, if you use net. So you have to send a request that is looking like this:
CONNECT http://www.xxx.yyy/zzz.html

Then the proxy GETs the page and sends it back to the browser.

This has to be done for every object you want to get over the HTTP protocol.

This also means that the proxy is able to cache the requests, nat isn't able, because it only knows the IP, not the full "path".

So, it is practice to not listen on port 80, because http and "proxy" is different.

The proxy will also get an address like this for you.

http://testserver.org:1234/

This is also http but it uses an other port.

Hope this is what you want to hear ;-)

cu doehn

Hi alaios,

what you are thinking about is a transparent proxy.

This could be done with ipchains or iptables.

ipchains -A input -p tcp -s 192.168.100.0/24 -d 0/0 80 -j REDIRECT 8080

Then you are able to decide, if you want to redirect or not, but then apache has to listen on an other port.

You are able to do it like this:

ipchains -A input -p tcp -s <your_net> -d <your_server_ip> 80 -j REDIRECT 81
ipchains -A input -p tcp -s <your_net> -d 0/0 80 -j REDIRECT 8080

For this example, your proxy has to listen on 8080 and your apache on 81.
Don't forget to activate the kernel ip_forwarding feature:

echo 1 > /proc/sys/net/ipv4/ip_forward

cu doehn