How to set some kind of authentication for forword proxy in apache2?

Question

I have a VPS and have configured it to run apache2 as a forward proxy:

<IfModule mod_proxy.c>
ProxyRequests On
<Proxy vps_ip:80>
Order deny,allow
Deny from all
Allow from all
</Proxy>
</IfModule>

This allows me to use my VPS from my home machine to download resources from the web, using curl:

curl -x "vps_ip:80"  http://www.someresource.com -o /tmp/mydown

However, I understand that this is considered an open proxy and I want to restrict its use just for my home machine. Apache configuration supports static IP whitelist for proxy clients like my home machine. However, my ISP assigns me different dynamic IPs every time I connect to the internet.

How can I prevent others from using my forward proxy on my VPS?

Have you read the authentication sector of the Apache docs? – Sven Sep 03 '16 at 14:46 — Sven, Sep 03 '16 at 14:46

score 1 · Accepted Answer · answered Sep 04 '16 at 02:25

One common approach is to tell apache to listen only on localhost on the VPS:

Listen 127.0.0.1:80

then use ssh to "forward" a local port on the home machine to the VPS port.

ssh -L 8000:localhost:80 user@vps

Then curl using the local port should go through the vps apache:

curl -x "localhost:8000" http://someresource.com -o /tmp/mydown

How to set some kind of authentication for forword proxy in apache2?

1 Answers1