|
I’m configuring a reverse proxy in stages. Initially, I just wanted to see if the proxying would work, so In a virtual server, I set up a Proxy balancer://webfarm with a couple BalancerMembers inside and an lbmethod of byrequests. Then I used a:
ProxyPass / balancer://webfarm
to make sure I could get to the content on the back end server and it all worked fine. If a file was accessible on the back-end, I would get it back.
Then, to lock things down further, I removed the prefix-based ProxyPass line and replaced it with a series of:
ProxyPassMatch "^/pagename$" balancer://webfarm/pagename.php
lines for each page followed by a:
ProxyPass / !
to send everything not explicitly allowed a 404. This all works fine.
Checking my logs I saw favicon.ico was getting sent 404s on the proxy server, so I added a line to my config with the other allowed elements:
ProxyPassMatch "^/favicon.ico$" balancer://webfarm/favicon.ico
but after restarting Apache, I still get 404s. Thinking there may be something trailing or following that I can’t see, I tried:
ProxyPassMatch "favicon.ico" balancer://webfarm/favicon.ico
restarted and still 404s. The only way I can make it work is with
ProxyPass /favicon.ico balancer://webfarm/favicon.ico
which, while not the end of the world, is inconsistent with my overall lockdown strategy so I’m wondering if anyone can tell me where I went wrong. I haven’t gotten to the allow-list for my images yet, but I’m worried I’m going to have the same problem with them.
Also, I know the ProxyPassMatch line is definitely matching for favicon.ico because even if I put the ProxyPass / that passes everything to the back-end server back into the config, if it’s below the ProxyPassMatch line for favicon.ico I still get a 404.
Thanks,
Scott |
|