1

On Apache server (Xampp) I have make a forward proxy for firewall filtering that works well, but I don't understand how to use RewriteRule to redirect a forbidden url to a custom error page.

I wish to redirect the request to a local error html file present on my server to inform the client if the url it requests to my proxy is not authorized.

On the example below I put only the part that doesn't work (I have others RewriteRule for allowed urls) :

  Listen 192.168.0.100:3128
<VirtualHost 192.168.0.100:3128>
  
  ServerName 192.168.0.100:3128  
  ProxyRequests On  
  ProxyVia On
  
  <Proxy *>
     
     # 1) If url is allowed (this part works well):
       ... some RewriteCond & RewriteRule ...
     
     # 2) If url is not allowed by some RewriteCond:
       RewriteRule ^ https://192.168.0.100/firewall/firewall_deny.html [R=302,L]
     OR
       RewriteRule ^ https://192.168.0.100/firewall/firewall_deny.html [P,L]
  
  </Proxy>
   
</VirtualHost>

When the url is allowed (case 1), the proxy works well and Chrome receive the page of the website asked. But in case of an url I have banned (case 2), there is no answer from the proxy.

I have tried a lot of different syntaxes I have found, but Chrome browser never receive any answer back from my server and just show its error page: "This site is unavailable" with error "ERR_TUNNEL_CONNECTION_FAILED".

Only in the case of a Forward Proxy (i'm not doing reverse proxy), is it possible to send back to the client a custom html file (or its url) ?

Thank's for any help

Edit on 23/10 :

This little proxy works well, but the only thing i don't know to do is to send back an error page to the client when the url is forbidden.

That's why i was asking if the RewriteRule used in <Proxy *> to authorized or not the connexion, can also be used to redirect to an error page, as we can do in normal configuration (not proxy). Something like :

RewriteRule ^ https://192.168.0.100/path/to/firewall/firewall_deny.html [R=302,L]

Apparently the redirection is done because in Fiddler i can see the 302 redirection page with the new url, but chrome doesn't seem to receive it.

I have also tried things like :

Redirect permanent path/to/firewall/

But it doesn't seem to work neither, in this forward proxy configuration. Maybe you have to rewrite in some way the header or something else, to send back to chrome the url of the error page, because it passes through a proxy tunnel.

Currently i'm trying to use others solutions found on ServerDefault, like ExtFilterDefine (mod_ext_filter.so) or Substitute (mod_substitute.so) with no success so far.

Improve this question
5
  • use squid and squidguard if you want to proxy clients?!
    – djdomi
    Oct 23 at 4:25
  • The Apache httpd forward proxy support exists only because Apache httpd is useful as a reverse proxy. It really shouldn't be used as a substitute for a proper forward proxy.
    – HBruijn
    Oct 23 at 9:53
  • if there are not many you should use Proxy tag for forbidden urls not just a generic proxy tag for everything, as in <Proxy https://forbidden.example.com/this/*> Require all denied<Proxy>
    – Daniel Ferradal
    Oct 23 at 13:11
  • Thank you for your advice. I agree that Apache isn't really adapted to do a forward proxy, but i already use this server to make a local website that isn't exposed to internet (it can't be accessed from outside) and it is simple to set up and configure. I only need to filter url by whitelist (deny all urls except some) with low use (only few connections pass trough this proxy). So i don't need more powerfull app like squid that could be difficult to configure for me. For Daniel: i can't use <Proxy someurl> as my proxy works on whitelist mode, so all urls are already denied, except some.
    – Eremin
    Oct 23 at 18:53
  • could you show me your configuration lines that allow you to let some URLs through and deny others? I'm setting up a ForwardProxy and need to allow passing some URLs and block others.
    – Tomas
    Nov 28 at 9:44

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .