Locking down a proxy server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a number of networks (think of them as being in local offices),
each of which is connected to the internet via a NAT'ed firewall.  Users
on these networks access the internet via an Apache server acting as a
forwarding proxy. These local office proxies are then chained to a
single central forwarding proxy (think of it as being at head office)
from where the internet is accessed.

Users logon the local office networks and the central office network has
no knowledge of the user accounts.

The local office proxies are locked down to only accept requests from
their local 192.168 network. My problem is how to lock down the head
office proxy such that it only handles requests from the local office
proxies. I can't filter on the basis of the IP address as the local
offices have dynamic addresses.

In the prototype solution local office proxies add an X-header into the
request and the head office proxy rejects all requests not containing
this header. Whilst this prevents open abuse of the proxy, the solution
does feel a little bodged.

I was wondering whether it is possible to configure the local office
proxies to act as a client to use digest authentication. I know Apache
supports server side authentication but I'm struggling to see how it can
act as the client.

Any suggestions as to how I lockdown my head office proxy gratefully
received.

Many thanks

Dave


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux