问题
I have a local server running a 3rd party application which fetches website content (an http fetch-application for descriptive purpose).
In order to modify outgoing request headers and apply some custom ACL in the future, I want to create an apache2 transparent proxy on my local machine which will act as a proxy.
I can then use iptables to route all http requests to this local proxy which should then fetch websites on behalf of the fetch-application (without issuing redirects to the application).
The iptable rule below redirects http port 80 requests to the apache2 transparent proxy:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:3128
But now how do I configure the local proxy to transparently fetch urls?
Tried this but it ends up in a redirect looping:
<VirtualHost 127.0.0.1:3128>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [NC,R=302,L]
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [NC,P]
ProxyPass / http://$1
ProxyPassReverse / http://$1
</VirtualHost>
回答1:
Solved.
Changed my rewrites to:
RewriteEngine On
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [NC,P]
ProxyPass / http://$1
ProxyPassReverse / http://$1
ProxyPreserveHost On
And my iptables command to:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j DNAT --to-destination <ip>:3128
where proxy is the userid of the fetch-application.
来源:https://stackoverflow.com/questions/27703694/apache2-local-transparent-proxy