Re: [mod-security-users] Working with Reverse Proxy
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Working with Reverse Proxy
|
From: Ivan R. <iva...@gm...> - 2006-05-22 20:58:57
|
On 5/22/06, Chris Scott <chr...@ex...> wrote: > Hey Guys, > > I'm trying to setup a reverse proxy that does some filtering as well. I'= ve > got mod_security and mod_proxy loaded and configured. mod_security is > matching its filters (the deny message shows up in the log), but the prox= y > still passes the connection to the end server. Is there any way to deny = the > proxying based off of what mod_security allows or denies? > > ... > > GET /error/HTTP_INTERNAL_SERVER_ERROR.html.var You have ErrorDocument configured on the same domain name. The original request is cancelled (and does not go through). In order to respond as configured Apache creates a new request but that request is proxied to the backend server. You can either respond with a very simple message: ErrorDocument 403 "Sorry can't allow you access today" or respond with an error document on a different domain (one that is not proxied: ErrorDocument 500 http://foo.example.com/cgi-bin/tester or create a proxy exclusion for a part of domain (e.g. /error/) and place your error documents there. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
