Re: [mod-security-users] need help with reverse proxy for mod_security
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2007-05-18 14:20:11
|
Murch, Jeff wrote: > Brian, > > Maybe Google was a poor example. That's not the ultimate destination > site I was just using it to test the reverse proxy. > > When I hit the reverse proxy nothing happens it just hangs. I was able > to see the apache htdocs folder before I made it a proxy. > > As I understand it the ProxyPass and ProxyPassReverse directives say any > traffic that hits the proxy will be forwarded to http://www.google.com > and the response from http;//www.google.com will be forwarded back > through the reverse proxy to the client. > > Would the reverse proxy care about the content of the header or does it > just know that any traffic that hits it's / gets forwarded? > > So traffic that hits the proxy with no destination other than / goes to > google but traffic that hits the proxy with /other could be sent > somewhere else with another ProxyPass directive? > > Regards, Jeff LoadModule proxy_http_module modules/mod_proxy_http.so ProxyPass / http://somewhere/ That will take every request directed at the proxy machine, create a new request on the proxy machine the same as the client sent, send the request to somewhere, using Host: somewhere, then return the reply to the original client. Adding ProxyPassReverse / http://somewhere/ will make redirects from somewhere work correctly. Adding ProxyPreserveHost On will do the same as above, but use the original Host: header from the client instead of what is in the ProxyPass. Make sure you have the trailing '/' on those. Still having issues, then 'LogLevel debug' and check the error log out. -B > > > > > > > -----Original Message----- > From: Brian Rectanus [mailto:Bri...@br...] > Sent: Thursday, May 17, 2007 10:41 PM > To: Murch, Jeff > Cc: mod-security-users > Subject: Re: [mod-security-users] need help with reverse proxy for > mod_security > > Murch, Jeff wrote: >> I am trying to get a reverse proxy set up to protect some tomcat > servers with mod_security. I have never done this before and am having > some trouble. My setup is as follows: >> Apache 2.2 with the directory mods-enabled containing all of the > proxy-* files from the mods-available folder. >> I've edited my hosts to spoof the dns to send www.google.com the the > proxy address and edited proxy.conf to the following: >> <IfModule mod_proxy.c> >> #turning ProxyRequests on and allowing proxying from all may > allow >> #spammers to use your proxy to send email. >> >> ProxyRequests Off >> >> <Proxy *> >> AddDefaultCharset off >> Order deny,allow >> Allow from all >> #Allow from .example.com >> </Proxy> >> >> # Enable/disable the handling of HTTP/1.1 "Via:" headers. >> # ("Full" adds the server version; "Block" removes all > outgoing Via: >> headers) >> # Set to one of: Off | On | Full | Block >> >> ProxyPass / http://www.google.com >> ProxyPassReverse / http://www.google.com >> >> #ProxyVia On >> </IfModule> >> >> >> My intent is that when I go to www.google.com on the machine with the > spoofed address I hit the reverse proxy and am forwarded to the actual > google site. Can anyone tell me what I'm missing?? I want to get the > reverse proxy working before I add mod_security. > > > So, a user goes to www.google.com on some machine and you want them to > go instead to your reverse proxy which runs mod_security and then in > turn proxies to the real google (filtering the traffic)? > > > Well, if you have www.google.com in /etc/hosts pointing at the proxy, > then the ProxyPass will point at the proxy as well and you have an > endless loop. But, I think you realize that ;) > > All you need is this on the proxy: > > LoadModule proxy_http_module modules/mod_proxy_http.so > ... > <IfModule mod_proxy.c> > ProxyPass / http://www.google.com/ > ProxyPassReverse / http://www.google.com/ > </IfModule> > > But, if you are using named based virtual hosts, make sure the virtual > host is: > > ServerName www.google.com > ServerAlias google.com > > > So, what exactly is the problem? What error? > > -B > -- Brian Rectanus Breach Security |