Some fun with the Apache proxy server.

Those of you who have used the Apache proxy or Apache reverse proxy may have found that there are insidious people from other sites who will use your proxy from the outside.  Why? Because their large files get cached in your proxy server connected to high bandwidth pipes.  Then you pay the freight for the bandwidth.

Here's how to prevent this.

Reverse proxy:  Never turn ProxyRequests on.  The ProxyPass directive works without it, and will only allow those requests that specifically match through.

Regular proxy:  Presumably this is so your users behind the firewall use the proxy as a caching proxy. Use the Deny and Allow configuration commands.

Order Deny,Allow
Deny from all
Allow from 192.168.0.0/16

However, if you are annoyed because you just discovered that someone is stealing bandwidth from you, and you are running a reverse proxy, heres how to do some interesting things.  We use mod_rewrite to rewrite their requests, instead of proxying them through. 

Look at this configuration:

All requests that are not to the website hidden behind the firewall, are sent the file at http://... . 

It is important to send a nice file, perhaps advertising your products.  Don't send something obscene.  Chances are that they are sending advertising for their own products through your site, and you wouldn't want to their customers to be offended by something that appears to be coming from them when it's really coming from xxx.sex.com.  If bandwidth is not a problem, you might think of redirecting them to a huge file over a very slow connection somewhere.  Again, don't do this.  It might choke their customers browsers, and make the customers mad at their company.  That wouldn't be nice.