WordPress behind forward proxy

How to configure WordPress behind forward proxy. The tutorial explains why and how to configure your WordPress installation to make outbound connections via a forwarding proxy.

Why?

Most WordPress installations are allowed to make direct outbound connections. Outbound connections are needed to fetch updates or to connect to various services like the WordPress.com Jetpack or Google Analytics.

However, allowing all sorts of outbound connections means that you don’t know what URL’s are being accessed. After infection it is possible that your installation connects back to Command & Control servers. This is something that I don’t want and it’s the main reason why I want to keep visibility and control on every outbound connection made from my WordPress installation.

How?

You start by adding the following lines to your wp-config.php

define('WP_PROXY_HOST', '192.168.84.101');
define('WP_PROXY_PORT', '8080');

This is the bare minimum. If you have to authenticate against the proxy or want to exclude certain domains, these options can be used as well.

WP_PROXY_HOST - Enable proxy support and host for connecting.</li>
WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li>
WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li>
WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li>
WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. You do not need to have localhost and the blog host in this list, because they will not be passed through the proxy. The list should be presented in a comma separated list, wildcards using are supported, eg. *.wordpress.org,

After saving the file, your outbound connections should be going via your proxy. Now it’s best to check your proxy logs. My installation was missing curl for php. This caused https lookups to fail. It’s clearly visible in the logs because the WordPress installation tries to do a POST for HTTPS websites. The result is a error 501 from the proxy server. Squid is being used in this case.

1421584726.310      0 172.16.x.y NONE/501 3680 POST https://accounts.google.com/o/oauth2/token - HIER_NONE/- text/html

This can be fixed by installing cURL for php. On Ubuntu, this can be done by installing the package php5-curl.

apt-get install php5-curl

This will automatically reconfigure and restart your apacha/php. Checking your proxy logs will show this.

1421740626.118    105 172.16.x.y TCP_MISS/200 4313 CONNECT accounts.google.com:443 - HIER_DIRECT/74.125.136.84 -

Perfectly valid again and your WordPress installation is good to go for both http and https.

6 thoughts on “WordPress behind forward proxy

  1. Gloria Walton

    When i try to setup proxies behind wordpress, It gives me error like “An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums”

    What should i do?

    Reply
  2. Greg Bryant

    I need to authenticate for my proxy configuration but I don’t want to hard-code my username and password in the wp-config file. we use a wpad…pac file that typically causes the browser to ask me to authenticate with my username and password. Is there a way to cause this same behavior when a user attempts to download/update a theme/plugin?

    Thanks

    Reply
  3. Pingback: ubuntu 安装shadowsocks client和privoxy实现全局代理 – DormanthinkZ.W

Leave a Reply

Your email address will not be published. Required fields are marked *