Re: Reverse Proxy - How to disable HTTP access?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Reverse Proxy - How to disable HTTP access?
From: Jon Brule <jon.brule@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Mar 2007 13:00:06 -0400
In-reply-to: <7.1.0.9.0.20070319104653.018d98e0@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Sigh... Relief...

After some digging and playing, I figured out that I needed to do the proxy change in the mod_ssl configuration file (/etc/httpd/conf.d/ssl.conf) and not in the main configuration file (/etc/httpd/conf/httpd.conf). As a result, I am configuring the reverse proxy under the default SSL virtual host using the following syntax:

         <VirtualHost _default_:443>
             SSLEngine on
             .
             .
             .
             SSLProxyEngine on
             ProxyPass /timesheet http://localhost:8080/system
             ProxyPassReverse /timesheet http://localhost:8080/system
         </VirtualHost>

Doing this enables the proxy only for the SSL virtual host, which is exactly what I wanted to do!!!

Also, it seems that I may use genkey(1) to update the server certificate...

Hope this info helps someone else too...

Thanks,
Jon Brule

At 11:04 AM 3/19/2007, Jon Brule wrote:

Good Morning,

First, I must apologize and confess to being a reverted newbie... Years ago (pre 2000), I worked with the Apache web server, but I find myself suffering from C.R.S. syndrome...

I have setup a reverse proxy for an internal HTTP Tomcat web service on a default configuration for Apache 2.2 web server. My additional configuration is as follows (system / host names changed to protect the guilty):

        #
        # Reverse Proxy Server: Backend system on Tomcat server
        #
         <IfModule mod_proxy.c>
         ProxyRequests Off

        <Proxy http://internet.com/system/*>
             Order deny,allow
             Deny from all
         </Proxy>

        ProxyPass /timesheet http://localhost:8080/system
         ProxyPassReverse /timesheet http://localhost:8080/system
         </IfModule>

The reverse proxy works fine when I attempt to go to the http://internet.com/system URL. I also discovered that SSL is available by default on my installation (Apache was installed via RedHat Fedora Core 6) using a default SSL localhost self-signed certificate. This means that the application is also available through the https://internet.com/system URL.

My chief question (one for which I am still coming the archives) is how do I disable the proxy configuration for the HTTP URL? I want only to proxy the system's access when the HTTPS protocol is used to connect to Apache. Can I do it with this type of configuration, or do I need to think about a virtual host?

Also, I assume the following to be an FAQ: How does one change the default localhost self-signed certificate to a custom one (self-signed or official)? Is this strictly done with OpenSSL work, or does it require some Apache configuration as well? Again, looking through the archives for this one too...

Any info would be greatly appreciated...

Thanks,
Jon Brule

Regards,
Jon
_________________
Jon R. Brule
Paramount Computing Associates
585-231-2037 / 8*221-2037 (Xerox Office)
585-345-9622 (PCA Main Number)
585-721-3554 (Mobile)

Prev by Date: Apache Authentication & Authorization
Next by Date: program recommendation: scheduling and project management
Previous by thread: Reverse Proxy - How to disable HTTP access?
Next by thread: Apache parsing PHP 'and' SSI tags in v1.3?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]