OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: RE: reverse proxy using apache

RE: reverse proxy using apache

Subject: RE: reverse proxy using apache
From: Moore, James (James.MooreMSFC.NASA.GOV)
Date: Thu Jan 13 2000 - 09:59:52 CST

Just outta' cusiosity: what does this provide in terms of security?

Jim Moore
256.461.4381

----------- PGP PUBLIC KEY FINGERPRINT ------------
1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B
---------------------------------------------------

> -----Original Message-----
> From: Adrian Brinton [SMTP:adrianbrinton.to]
> Sent: Tuesday, January 11, 2000 12:43 AM
> To: 'Scott Saxen'; firewall-wizardsnfr.net
> Subject: RE: reverse proxy using apache
>
> I'm not sure if this is what you're looking for, but I use apache as a
> proxy server using the ProxyPass directive. I have the apache box on a
> dsl line and a NAT'ed network behind (this could be a DMZ if I had some
> time and another few computers). When an outside user connects, they see
> the apache box. Apache proxys them out to an IIS server (or whatever you
> want) on the NAT'ed network. The user sees nothing... it looks like
> they're hitting the IIS (or whatever) server directly. Works for SSL too
> (between the user and the proxy, in my case), you just have to add SSL
> support to apache. Below are the relevant lines of the httpd.conf file.
>
> Hope this helps.
> adrianbrinton.to
>
>
> LoadModule proxy_module modules/libproxy.so
> AddModule mod_proxy.c
>
> ProxyRequests On
>
> # Note addresses changed...
> NameVirtualHost 1.2.3.4
> Listen 1.2.3.4:80
> Listen 1.2.3.4:443
>
> # This creates a virtual host that will be proxy'ed to another box.
> <VirtualHost 1.2.3.4>
> ServerAdmin webmasteryourdomain.com
> ServerName proxythis.yourdomain.com
> ProxyPass / http://192.168.1.1/
> ProxyPassReverse / http://192.168.1.1/
> ErrorLog logs/error_log
> TransferLog logs/access_log
> </VirtualHost>
>
> # This creates a virtual host for SSL conections. They'll be proxy'ed
> w/o SSL.
> VirtualHost 1.2.3.4:443>
> ServerAdmin webmasteryourdomain.com
> ServerName secure.yourdomain.com
> ProxyPass / http://192.168.1.1/
> ProxyPassReverse / http://192.168.1.1/
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/ssl.crt/yourcert.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourkey.key
> ErrorLog /var/log/httpd/ssl-error_log
> TransferLog logs/ssl-access_log
> </VirtualHost>
>
> -----Original Message-----
> From: Scott Saxen [mailto:ssaxenlucent.com]
> Sent: Friday, January 07, 2000 4:22 PM
> To: firewall-wizardsnfr.net
> Subject: reverse proxy using apache
>
>
> I am having problems using reverse proxy under apache 1.3.9
> I have a client that wants to (being a network engineer I would call it
> NAT) change the URL or what would be called 'rewrite' I think. So they
> want
> the client side to use a url (arbitrary) and send it to the proxy server
> of
> which would be apache, then from there it would go to a webserver, which
> in
> turn queries some other box. The proxy server is going to sit in the
> dmz,
> but in front of the firewall (not sure what kind of firewall and dont
> think
> its pertinent to this question). Problem I am having is the rewrite_mod
> syntax....dont know it. Does anyone have a sample configuration I could
> mess around with to make this work? Much appreciated.....
>
> ssaxenlucent.com
> thanks.

This archive was generated by hypermail 2b27 : Sat Jan 15 2000 - 21:34:00 CST