RE: reverse proxy using apache

["Moore, James" <James.Moore () MSFC NASA GOV>]

Just outta' cusiosity: what does this provide in terms of security?

Jim Moore
256.461.4381

----------- PGP PUBLIC KEY FINGERPRINT ------------
1D9C 3AC3 34E6 EEDF 22B9  7886 7797 6908 048F 049B
---------------------------------------------------


> -----Original Message-----
> From: Adrian Brinton [SMTP:adrian () brinton to]
> Sent: Tuesday, January 11, 2000 12:43 AM
> To:   'Scott Saxen'; firewall-wizards () nfr net
> Subject:      RE: reverse proxy using apache
>
> I'm not sure if this is what you're looking for, but I use apache as a
> proxy server using the ProxyPass directive. I have the apache box on a
> dsl line and a NAT'ed network behind (this could be a DMZ if I had some
> time and another few computers). When an outside user connects, they see
> the apache box. Apache proxys them out to an IIS server (or whatever you
> want) on the NAT'ed network. The user sees nothing... it looks like
> they're hitting the IIS (or whatever) server directly. Works for SSL too
> (between the user and the proxy, in my case), you just have to add SSL
> support to apache. Below are the relevant lines of the httpd.conf file.
>
> Hope this helps.
> adrian () brinton to
>
>
> LoadModule proxy_module       modules/libproxy.so
> AddModule mod_proxy.c
>
> ProxyRequests On
>
> # Note addresses changed...
> NameVirtualHost 1.2.3.4
> Listen 1.2.3.4:80
> Listen 1.2.3.4:443
>
> # This creates a virtual host that will be proxy'ed to another box.
> <VirtualHost 1.2.3.4>
>     ServerAdmin webmaster () yourdomain com
>     ServerName proxythis.yourdomain.com
>     ProxyPass / http://192.168.1.1/
>     ProxyPassReverse / http://192.168.1.1/
>     ErrorLog logs/error_log
>     TransferLog logs/access_log
> </VirtualHost>
>
> # This creates a virtual host for SSL conections. They'll be proxy'ed
> w/o SSL.
> VirtualHost 1.2.3.4:443>
>     ServerAdmin webmaster () yourdomain com
>     ServerName secure.yourdomain.com
>     ProxyPass / http://192.168.1.1/
>     ProxyPassReverse / http://192.168.1.1/
>     SSLEngine on
>     SSLCertificateFile /etc/httpd/conf/ssl.crt/yourcert.crt
>     SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourkey.key
>     ErrorLog /var/log/httpd/ssl-error_log
>     TransferLog logs/ssl-access_log
> </VirtualHost>
>
> -----Original Message-----
> From: Scott Saxen [mailto:ssaxen () lucent com]
> Sent: Friday, January 07, 2000 4:22 PM
> To: firewall-wizards () nfr net
> Subject: reverse proxy using apache
>
>
> I am having problems using reverse proxy under apache 1.3.9
> I have a client that wants to (being a network engineer I would call it
> NAT) change the URL or what would be called 'rewrite' I think. So they
> want
> the client side to use a url (arbitrary) and send it to the proxy server
> of
> which would be apache, then from there it would go to a webserver, which
> in
> turn queries some other box. The proxy server is going to sit in the
> dmz,
> but in front of the firewall (not sure what kind of firewall and dont
> think
> its pertinent to this question). Problem I am having is the rewrite_mod
> syntax....dont know it. Does anyone have a sample configuration I could
> mess around with to make this work? Much appreciated.....
>
> ssaxen () lucent com
> thanks.