A few years back when Apache 2.2.17 was release for windows, I found a guide online on how to use mod_rewrite to create an access control list for an apache forward proxy.

The steps where as follow
1. Enabled mod_proxy with ProxyRequest on
2. Enable mod_rewrite with rules


 ErrorLog logs/proxy_2-error.log
 TransferLog logs/proxy_2-access.log

<IfModule proxy_module>
ProxyRequests On
<Proxy *>
    Order deny,allow
    Deny from all
    Allow from

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{Request_URI} !^$ [NC]
RewriteCond %{Request_URI} !(.*)msn.com [NC]
RewriteRule ^(.*)$ - [F]

This setup would deny access to any website other than msn.com when setting up Apache as the proxy in your web browser settings.

My problem is that newer versions of Apache act as if it passes the request to mod_proxy first instead of mod_rewrite so my ACL is useless. Is there something I'm doing wrong?