setting up a forward proxy for a few specific website only, and block the rest

Francis Daly francis at daoine.org
Thu Dec 29 10:56:12 UTC 2016


On Wed, Dec 14, 2016 at 01:09:32AM -0500, toffs.hl wrote:

Hi there,

> 1) Setup a  nginx forward proxy,

nginx is not a (forward) proxy.

If you want to make it be one, you will have significant coding to do.

The rest of what you want sounds like it should be straightforwardly
available in any reasonable web proxy server.

So you'll probably be much happier starting with a proxy server, and
then configuring it to do what you want.

> and this particular proxy server will only
> accept the proxy connection based on destination website

That should be in the proxy server config.

> 2) I will setup this proxy server in cloud server provider

That is up to you.

> 3) I will need to create a PAC file, and let my users to use this particular
> proxy PAC file for traffic re-direction, user will have to configure their
> browser to use proxy PAC file.

That is up to the browser configuration.

> 4) Whenever my users (that are using the PAC file) trying to access to the
> above 5 website, regardless of using HTTP or HTTPS, the proxy PAC file will
> get the traffic flow through my PROYX_AAA server

That is up to the browser to handle the PAC file contents correctly.

> 5) I also need to configure the PROXY_AAA to proxy for the above 5 website
> only

That is the same as point 1), and is the proxy server configuration.

> 6) Proxy connection based on source IP address is not possible, as the users
> IP is dynamic

That is also the proxy server configuration; although "do not limit by
source IP" is probably the default configuration.

> So would like to ask anyone has configure such config in nginx before ? How
> do I configure the nginx as forward proxy, to block all proxy request, and
> allow only the few website that I want to proxy ? 

Probably not; you don't, because nginx is not a proxy server.

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list