Proxy Server solution

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Silas1066, Jul 8, 2011.

  1. Silas1066 macrumors regular

    Nov 1, 2009
    I am looking to implement proxy servers at several locations in my company, and I wanted to get some advice from you guys.

    A mac mini OSX server (I suppose it would be Lion at this point): it is inexpensive, doesn't require user licenses, and is easy to administer.

    However, what proxy software would work with this? Squid is one possibility, but I am not sure how good it is, or how difficult it is to get to work with OSX.

    Another option would be a Linux box, but I'm not sure what proxy software would work best here either.

    Power and ease of administration are more important than cost.
  2. bluetick macrumors member

    Mar 15, 2010
    Squid on Linux is the same Squid, as on OS X.
  3. edjrwinnt macrumors member

    Mar 8, 2008
    North Ridgeville, Ohio
    I got the built-in proxy server in Snow Leopard Server kind of working. I can setup the HTTP part with port 80 setup on the clients but for whatever reason HTTPS with port 443 setup will not work.

    If I could get past this then I would recommend the proxy server built into Snow Leopard Server.
  4. IscariotJ macrumors 6502a

    Jan 13, 2004
    I haven't had much luck using the admin tools, ended up editing httpd.conf manually. I'll get around to posting the changes.

    Apache vs Squid really depends on your requirements. Squid is relatively easy to configure for http/https proxying but can be configured to provide more advanced options such as throttling; it will even talk direct to certain Cisco switches so that traffic is automatically routed through Squid. However, depending on the size of user base and the functionality being provided it can be a resource hog ( some of the cached objects reside in memory ).

    Apache is quite lightweight ( I've even got it configured as a proxy on my MBP for when I'm tethered.... ), but is worth considering if basic proxy/caching is all you're after.
  5. edjrwinnt macrumors member

    Mar 8, 2008
    North Ridgeville, Ohio
    I actually got my Snow Leopard Proxy to work by setting the HTTPS proxy on the clients to use port 80 instead of port 443. Now everything works fine except Microsoft Outlook will not connect to my Exchange Server at work that using SSL to connect to a static IP Address.
  6. hwojtek, Jul 19, 2011
    Last edited: Jul 19, 2011

    hwojtek macrumors 65816


    Jan 26, 2008
    Poznan, Poland
    Squid all the way. And proper routing set up on the router in order to tunnel all port 80 requests through the Squid machine. I am running Squid (Fink) on my Leopard server and it works beautifully. I wanted to use Apache and drop my previous linuxbox at all, but I've had problems with Apache and routing in order to tunnel the traffic. While the Apache worked with the proxy set up in Network Preferences, it didn't work transparently when I tried my usual routing:
    LAN_IP=`nvram get lan_ipaddr`
    LAN_NET=$LAN_IP/`nvram get lan_netmask`
    iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
    iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
    iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
    in DDWRT. Since my linuxbox worked no problems, I just installed the Squid on OS X, copied my previous squid.conf, adjusted the paths and pronto.
  7. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    I ran squid for a month or so, and didn't find it to be caching much. This is due to many URLs appearing to be dynamic to the proxy engine. Overall I cached maybe 1 GB for a family of four. It wasn't worth the effort.
  8. smitty97 macrumors member

    Jun 9, 2006
    Squid no longer runs under 10.7 Lion. Any alternatives?
  9. hwojtek macrumors 65816


    Jan 26, 2008
    Poznan, Poland
  10. piccolodiavolo, Jul 21, 2011
    Last edited: Jul 21, 2011

    piccolodiavolo macrumors newbie

    Jun 28, 2011
    Microsoft Forefront TMG


    Why not using a Microsoft Forefront Threat Management Gateway Appliance from company SecureGuard.

    Price is 999€ per unit (fully licensed). We have 13 of this and 4 of the 1000 series running in a mixed os (windows, mac, linux, bsd) environment.

    Working like a charm!!! Really worth to go for such an appliance. You can create nice weekly, monthly web proxy reports, etc….


  11. hwojtek macrumors 65816


    Jan 26, 2008
    Poznan, Poland
    Yeah, absolutely. At 1k Euro/unit this is a goddamn bargain.
  12. smitty97 macrumors member

    Jun 9, 2006
    ok, that worked. had to tinker with the conf file a bit, but it's running.
  13. bentoms macrumors regular

    Mar 23, 2006
    Please can you give steps on what you did?
  14. gkedge, Feb 17, 2013
    Last edited: Feb 17, 2013

    gkedge macrumors newbie

    Feb 17, 2013
    Add proxy_connect_module to get SSL Forward Proxy

    I got this working by adding the proxy_connect_module to the Apache's server mix. OS X Snow Leopard Server Admin: Web>Settings>Modules check Enable for proxy_connect_module.

    Based on Apache's description, I don't understand why it wasn't on by default if he Web service was going to attempt forward proxy caching:
    Apache Module mod_proxy_connect

    Note: I have to make sure that any machine using the proxy bypasses my local domain, otherwise remote Server Admin (and other interesting internal stuff) isn't going to work:
    *.local, *

Share This Page