How to configure WordPress behind forward proxy. The tutorial explains why and how to configure your WordPress installation to make outbound connections via a forwarding proxy.
Most WordPress installations are allowed to make direct outbound connections. Outbound connections are needed to fetch updates or to connect to various services like the WordPress.com Jetpack or Google Analytics.
However, allowing all sorts of outbound connections means that you don’t know what URL’s are being accessed. After infection it is possible that your installation connects back to Command & Control servers. This is something that I don’t want and it’s the main reason why I want to keep visibility and control on every outbound connection made from my WordPress installation.
You start by adding the following lines to your wp-config.php
define('WP_PROXY_HOST', '192.168.84.101'); define('WP_PROXY_PORT', '8080');
This is the bare minimum. If you have to authenticate against the proxy or want to exclude certain domains, these options can be used as well.
WP_PROXY_HOST - Enable proxy support and host for connecting.</li> WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li> WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li> WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li> WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. You do not need to have localhost and the blog host in this list, because they will not be passed through the proxy. The list should be presented in a comma separated list, wildcards using are supported, eg. *.wordpress.org,
After saving the file, your outbound connections should be going via your proxy. Now it’s best to check your proxy logs. My installation was missing curl for php. This caused https lookups to fail. It’s clearly visible in the logs because the WordPress installation tries to do a POST for HTTPS websites. The result is a error 501 from the proxy server. Squid is being used in this case.
1421584726.310 0 172.16.x.y NONE/501 3680 POST https://accounts.google.com/o/oauth2/token - HIER_NONE/- text/html
This can be fixed by installing cURL for php. On Ubuntu, this can be done by installing the package php5-curl.
apt-get install php5-curl
This will automatically reconfigure and restart your apacha/php. Checking your proxy logs will show this.
1421740626.118 105 172.16.x.y TCP_MISS/200 4313 CONNECT accounts.google.com:443 - HIER_DIRECT/22.214.171.124 -
Perfectly valid again and your WordPress installation is good to go for both http and https.