LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Apache2.2 as reverse proxy
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-24-2009, 11:07 AM   #1
4play
LQ Newbie
 
Registered: Oct 2003
Location: london
Distribution: Centos
Posts: 27

Rep: Reputation: 15
Apache2.2 as reverse proxy

Im trying to setup apache 2.2 as a reverse proxy on our company firewall.

It needs to just forward on requests for companyname.co.uk/client/ to the specific internal client server and return the page generated by that client server.

I have got this working by editing the httpd.conf file to

Code:
<IfModule mod_proxy.c>
ProxyRequests Off

<Proxy *>
    Order deny,allow
#    Deny from all
    Allow from all
</Proxy>

proxypass /helpdesk/ http://companyname.local/helpdesk/
proxypassreverse /helpdesk/ http://companyname.local/helpdesk/
This is the entry for out helpdesk webserver.

What im really looking for is a guide to help me harden this server does one exist?
Am i doing this wrong or is there a better bit of software for this purpose?

many thanks
 
Old 06-25-2009, 12:19 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
First, another option for a reverse proxy is squid: http://wiki.squid-cache.org/SquidFaq/ReverseProxy

Second, assuming Apache web server is going to be used only as a reverse proxy (and not serving web pages itself), there are a number of things you can do to lock it down.

Off the top of my head here are some suggestions:

Lock down default Directory permissions

Code:
<Directory />
    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None
</Directory>
Other Directory stanzas can likely be removed altogether.

Ensure httpd is running as an unprivileged user

Example:
Code:
User apache
Group apache
This will of course need to be a service account on your system.

Disable loading of some potentially dangerous modules

Including:
  • mod_userdir
  • mod_info
  • mod_status
  • mod_include
  • mod_dav* (unless acting as a webdav service)

Make easily retrievable server info a little quieter

Two directives:
Code:
ServerSignature Off
ServerTokens ProductOnly
-------

Those are just a few of the more obvious things. You might explore mod_security and its capabilities at some point.

Reverse proxies are very cool, because in addition to potentially offering better performance for the end user, they act as an "application firewall".
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 SSL Reverse Proxy doublejoon Linux - Networking 4 08-04-2011 09:29 AM
Reverse Proxy??? jantman Linux - Server 2 12-07-2007 06:01 PM
Squid as Reverse Proxy and LAN proxy? zivota Linux - Security 2 02-26-2007 05:00 PM
reverse proxy? bwall Linux - Newbie 1 11-22-2005 07:42 PM
still trying to reverse proxy wildbob Linux - Networking 6 10-28-2003 09:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:02 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration