Running WordPress & PHP Behind ISA Proxy

Some things work well on their own but when mixed make your life hard. Things like Linux and PHP work very well. Microsoft ISA proxy also does a good job in a corporate MS environment. But making the two work together in a controlled environment can be an exercise in frustration.

In this post I’ll pass on the methods I found to get PHP and your Linux boxes talking out through a corporate ISA proxy server. You can then bring in RSS feeds, updates and other things in WordPress and use apt-get to update Ubuntu.

cntlm

To start with we need to install cntlm on a Linux box (I’ll mention Ubuntu here but any flavour should work with a couple of tweaks). cntlm is “an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy“. Basically your non-Windows machines and apps can now talk to cntlm which will then talk to the ISA proxy in your organisation. So you stay within your corporate infrastructure and keep the security guys happy.

Download the deb installation package to your Ubuntu machine and install it with,

sudo dpkg -i cntlm_0.35.1-1_i386.deb

Open the config file for cntlm and edit it to add in your ISA proxy information and a valid user, domain and password that has web access with download rights. Further down the settings make sure gateway is enabled and you set suitable restrictions on the IP ranges that can use cntlm.

sudo nano /etc/cntlm.conf

Restart cntlm to make sure it gets the new settings,

sudo /etc/init.d/cntlm restart

Test your cntlm configuration by attempting to get to an external website,

sudo cntlm -M http://www.google.com -u your_user@your_domain -p your_password your_isa_proxy:port

apt-get

Configure apt-get to use the new proxy by editing the apt-get config,

sudo nano /etc/apt/apt.conf.d/70debconf

and add this line pointing to your cntlm proxy gateway. Change the IP and port if you’ve installed cntlm on another machine or different port.

Acquire::http::proxy "http://127.0.0.1:3128";

WordPress

Add these extra lines to the wp-config.php file in your WordPress directory. This works from version 2.8 onward and means you can keep your install and plugins up to date and secure. Again, make sure you change the IP and port to that of your cntlm proxy gateway. You may be able to comment out the username and password if things don’t work as expected. It’ll depend on your cntlm configuration.

define('WP_PROXY_HOST', '127.0.0.1');
define('WP_PROXY_PORT', '3128');
define('WP_PROXY_USERNAME', 'my_user_name');
define('WP_PROXY_PASSWORD', 'my_password');
define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com');

With any luck you now have a Linux machine and WordPress install that can easily be kept up to date inside your corporate environment.

Leave a Reply

Your email address will not be published. Required fields are marked *