apache advice

James McDonald james
Mon Aug 7 02:43:44 PDT 2006 

Roger Oberholtzer wrote:
> On Tue, 2006-08-01 at 17:38 -0400, A. Khattri wrote:
>   
>> On Tue, 1 Aug 2006, Roger Oberholtzer wrote:
>>
>>     
>>> 2. Redirect all activity on http://s.r.com:8080 to the internal machine
>>> using some general network thing.
>>>       
>> Isn't that the simplest solution?
>>     
>
> So I can use iptables for this? Currently this is not running. Can I
> just add one rule to pass all incomming port activity to an internal
> machine, and the replies back out? Would this work with http?
>   
I have used apaches reverse proxy functionality on an external host to 
provide access to an internal host as follows:

<VirtualHost *:8080>
   
    ServerName internetname.com.au
    ServerAlias internetname2.com.au
    ServerAlias  internetname3.com.au hostname
    ProxyPreserveHost On
    RequestHeader set front-end-https "on"
    Header unset "WWW-Authenticate: NTLM"
    Header add WWW-Authenticate "Basic realm=YOURREALM"
    UseCanonicalName        Off
    RewriteEngine  On
    ProxyRequests Off
    ProxyVia On
    # redirects to different hosts if needed
    Redirect /nagios https://mail.apfoods.com.au/nagios/

    # request to root '/' get redirected to /exchange
    RewriteRule ^/$ /exchange [R]
    # request to common m$ attack paths get a fail
    RewriteRule     ^(.*)?/iisadmin/? - [F]
    RewriteRule     ^(.*)?/samples/? - [F]
    RewriteRule     ^(.*)?/scripts/? - [F]
    RewriteRule     ^(.*).ida$ - [F]
    RewriteRule     ^(.*).htw$ - [F]
    RewriteRule     ^(.*)./_vti/_. - [F]
    RewriteRule     ^(.*).idq$ - [F]
    RewriteRule     ^(.*).exe$      -       [F]
    RewriteRule     ^(.*)?/winnt/?    -       [F]
    # Reverse proxy stuff any requests to certain paths get reverse 
proxied to an internal host
    ProxyPass /exchange https://apf-ma-dc01.apfoods.local/exchange/
    ProxyPassReverse /exchange https://apf-ma-dc01.apfoods.local/exchange/
    ProxyPass /public https://apf-ma-dc01.apfoods.local/public/
    ProxyPassReverse /public https://apf-ma-dc01.apfoods.local/public/
    ProxyPass /exchweb https://apf-ma-dc01.apfoods.local/exchweb/
    ProxyPassReverse /exchweb https://apf-ma-dc01.apfoods.local/exchweb/

</VirtualHost>

More information about the Linux-users mailing list