Welcome! Log In Create A New Profile

Advanced

setting up a forward proxy for a few specific website only, and block the rest

Posted by toffs.hl 
hi All,
Newbie to nginx, and been trying to search high and low for this
particular way of configuration. Here is what I plan to do

1) Setup a nginx forward proxy, and this particular proxy server will only
accept the proxy connection based on destination website, for example,
I want to setup this nginx to proxy for 5 website, eg , lets call this
proxy server PROXY_AAA
a) www.nginx.com
b) www.nginx.org
c) www.freebsd.org
d) www.php.net
e) www.mariadb.org

2) I will setup this proxy server in cloud server provider

3) I will need to create a PAC file, and let my users to use this particular
proxy PAC file for traffic re-direction, user will have to configure their
browser to use proxy PAC file.

4) Whenever my users (that are using the PAC file) trying to access to the
above 5 website, regardless of using HTTP or HTTPS, the proxy PAC file will
get the traffic flow through my PROYX_AAA server, any other website that the
user access, the traffic will go direct via exiting connection (meaning it
will not send through my PROXY_AAA).

5) I also need to configure the PROXY_AAA to proxy for the above 5 website
only, and block any other website or refused the connection request to
access any other website, as I want this proxy server will only proxy for
the domain that I configure/allow, not any other website. This is also to
avoid other users to force their traffic through my proxy server.

6) Proxy connection based on source IP address is not possible, as the users
IP is dynamic and changes over time. My proxy will accept any source IP, and
will proxy only for the few website that i configure. The proxy PAC file
help to decide the traffic should send to my proxy or direct connection.

So would like to ask anyone has configure such config in nginx before ? How
do I configure the nginx as forward proxy, to block all proxy request, and
allow only the few website that I want to proxy ?

HL.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271492,271492#msg-271492

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Wed, Dec 14, 2016 at 01:09:32AM -0500, toffs.hl wrote:

Hi there,

> 1) Setup a nginx forward proxy,

nginx is not a (forward) proxy.

If you want to make it be one, you will have significant coding to do.

The rest of what you want sounds like it should be straightforwardly
available in any reasonable web proxy server.

So you'll probably be much happier starting with a proxy server, and
then configuring it to do what you want.

> and this particular proxy server will only
> accept the proxy connection based on destination website

That should be in the proxy server config.

> 2) I will setup this proxy server in cloud server provider

That is up to you.

> 3) I will need to create a PAC file, and let my users to use this particular
> proxy PAC file for traffic re-direction, user will have to configure their
> browser to use proxy PAC file.

That is up to the browser configuration.

> 4) Whenever my users (that are using the PAC file) trying to access to the
> above 5 website, regardless of using HTTP or HTTPS, the proxy PAC file will
> get the traffic flow through my PROYX_AAA server

That is up to the browser to handle the PAC file contents correctly.

> 5) I also need to configure the PROXY_AAA to proxy for the above 5 website
> only

That is the same as point 1), and is the proxy server configuration.

> 6) Proxy connection based on source IP address is not possible, as the users
> IP is dynamic

That is also the proxy server configuration; although "do not limit by
source IP" is probably the default configuration.

> So would like to ask anyone has configure such config in nginx before ? How
> do I configure the nginx as forward proxy, to block all proxy request, and
> allow only the few website that I want to proxy ?

Probably not; you don't, because nginx is not a proxy server.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login