diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index 0655a1b..dd80f7c 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -385,6 +385,67 @@ define apache::configfile($source="", $content="", $http=true, $https=true) {
 }
 
 
+# Configure forward proxy.
+#
+# === Parameters
+#
+#   $port:
+#       Port to listen. Defaults to "8080".
+#   $allow:
+#       Array of addresses or networks allowed to connect.
+#       Defaults to ["127.0.0.1"].
+#   $cache:
+#       Enable disk cache. Defaults to false.
+#   $cachesize:
+#       Maximum size of the cache. Defaults to "1024M".
+#   $cachecleantime:
+#       Cache cleaning interval in minutes.
+#       Defaults to "60".
+#
+class apache::proxy($port="8080",
+                    $allow=["127.0.0.1"],
+                    $cache=false,
+                    $cachesize="1024M",
+                    $cachecleantime="60") {
+
+    include apache::mod::proxy
+
+    if $cache == true {
+        case $::operatingsystem {
+            "centos","redhat","fedora": {
+                $cachepath = "/var/cache/mod_proxy"
+
+                augeas { "set-htcacheclean-sysconfig":
+                    changes => [
+                        "set INTERVAL ${cachecleantime}",
+                        "set CACHE_ROOT ${cachepath}",
+                        "set CACHE_LIMIT ${cachesize}",
+                    ],
+                    incl    => "/etc/sysconfig/htcacheclean",
+                    lens    => "Shellvars.lns",
+                    require => Package["httpd"],
+                    notify  => Service["htcacheclean"],
+                }
+
+                service { "htcacheclean":
+                    ensure => running,
+                    enable => true,
+                }
+            }
+            default: {
+                fail("Caching proxy not supported in ${::operatingsystem}")
+            }
+        }
+    }
+
+    apache::configfile { "proxy.conf":
+        https   => false,
+        content => template("apache/proxy.conf.erb"),
+    }
+
+}
+
+
 # Install mod_auth_kerb.
 #
 class apache::mod::auth_kerb {
@@ -683,15 +744,9 @@ class apache::mod::proxy {
 
     case $::operatingsystem {
         "debian","ubuntu": {
-            apache::debian::a2enmod { "proxy":
-                content => template("apache/proxy.conf.erb"),
-            }
-        }
-        "centos","redhat","fedora": {
-            apache::configfile { "proxy.conf":
-                content => template("apache/proxy.conf.erb"),
-            }
+            apache::debian::a2enmod { "proxy": }
         }
+        "centos","redhat","fedora": { }
         default: {
             fail("Apache module not supported in ${::operatingsystem}.")
         }
diff --git a/apache/templates/proxy.conf.erb b/apache/templates/proxy.conf.erb
index adc3bed..ede1a05 100644
--- a/apache/templates/proxy.conf.erb
+++ b/apache/templates/proxy.conf.erb
@@ -1,12 +1,21 @@
-<% if @apache_proxy_allow -%>
-ProxyRequests On
-ProxyVia On
+Listen <%= @port %>
+
+<VirtualHost _default_:<%= @port %>>
+  ProxyRequests On
+  ProxyVia On
+
+<% if @cache == true -%>
+  <IfModule mod_disk_cache.c>
+    CacheEnable disk /
+    CacheRoot <%= @cachepath %>
+  </IfModule>
 
-<Proxy *>
-  Order deny,allow
-  Deny from all
-  Allow from <%= @apache_proxy_allow %>
-</Proxy>
-<% else -%>
-ProxyRequests Off
 <% end -%>
+  <Proxy *>
+    Order deny,allow
+    Deny from all
+<% @allow.each do |addr| -%>
+    Allow from <%= addr %>
+<% end -%>
+  </Proxy>
+</VirtualHost>