Forward Proxy¶

The Apache Traffic Server is a general purpose proxy. As such it can also be used as forward proxy.

A forward proxy is can be used as a central tool in your infrastructure to access the web. In combination with a cache that means overall reduced bandwidth usage.

If your forward proxy is not also configured as Transparent Proxying your clients will have to be configured to actually use it.

The main difference between a forward and a transparent proxy is that User Agents know that they are accessing a proxy, thus forming their requests like so:

GET http://example.com/index.php?id=1337 HTTP/1.1

This request, then is translated by the proxy to:

GET /index?id=1337 HTTP/1.1
Host: example.com

Apache Traffic Server offers two ways to User Agents: They can either be pointed directly to the default 8080 port. Alternatively, they can be pointed to the more dynamic proxy.config.url_remap.default_to_server_pac

This port will then serve a JavaScript like configuration that User Agents can use to determine where to send their requests to.

Configuration¶

In order to configure Apache Traffic Server as forward proxy you will have to edit records.config and set

proxy.config.url_remap.remap_required to 0

If your proxy is serving as pure forward proxy, you will also want to set

proxy.config.reverse_proxy.enabled to 0

Other configuration variables to consider:

Security Considerations¶

It’s important to note that once your Apache Traffic Server is configured as forward proxy it will indiscriminately accept proxy requests from anyone. That means, if it’s reachable on the internet, you have configured an Open Proxy. Most of the time, this is not what you want, so you’ll have to make sure it’s either only reachable within your NAT or is secured by firewall rules that permit only those clients to access it which you want to it to access.