Some fun with the Apache proxy server.
Those of you who have used the Apache proxy or Apache reverse proxy may have
found that there are insidious people from other sites who will use your proxy
from the outside. Why? Because their large files get cached in your proxy
server connected to high bandwidth pipes. Then you pay the freight for the
Here's how to prevent this.
Reverse proxy: Never turn ProxyRequests on. The ProxyPass
directive works without it, and will only allow those requests that specifically
Regular proxy: Presumably this is so your users behind the firewall use
the proxy as a caching proxy. Use the Deny and Allow configuration commands.
Deny from all
Allow from 192.168.0.0/16
However, if you are annoyed because you just discovered that someone is
stealing bandwidth from you, and you are running a reverse proxy, heres how to
do some interesting things. We use mod_rewrite to rewrite their requests,
instead of proxying them through.
Look at this configuration:
All requests that are not to the website hidden behind the firewall, are sent
the file at http://... .
It is important to send a nice file, perhaps advertising your products.
Don't send something obscene. Chances are that they are sending
advertising for their own products through your site, and you wouldn't want to
their customers to be offended by something that appears to be coming from them
when it's really coming from xxx.sex.com. If bandwidth is not a problem,
you might think of redirecting them to a huge file over a very slow connection
somewhere. Again, don't do this. It might choke their customers
browsers, and make the customers mad at their company. That wouldn't be