Re: Locking down a proxy server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Vaughan wrote:
> I have a number of networks (think of them as being in local offices),
> each of which is connected to the internet via a NAT'ed firewall.  Users
> on these networks access the internet via an Apache server acting as a
> forwarding proxy. These local office proxies are then chained to a
> single central forwarding proxy (think of it as being at head office)
> from where the internet is accessed.
> 
> The local office proxies are locked down to only accept requests from
> their local 192.168 network. My problem is how to lock down the head
> office proxy such that it only handles requests from the local office
> proxies. 

Use your local firewall to implement a transparent proxy, configure each
local proxy to forward his request to the main proxy on a special port,
filter on the main proxy with that port only and implement certificate
authentication between the local and the central proxy. See the
documentation of the proxy server. DO NOT USE apache for this.

An alternative is to implement a VPN between the local offices and the
central one and have the proxy only talks over the VPN.

Davide

-- 
Have you ever noticed that at trade shows Microsoft is always the
one giving away stress balls...
   -- From a Slashdot.org post

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux