> -----Message d'origine----- > De : Carlos André [mailto:candrecn@xxxxxxxxx] > Envoyé : mercredi 28 octobre 2009 13:06 > À : users@xxxxxxxxxxxxxxxx > Objet : Reverse proxy like DNAT, any chance? :) > > Hi ppl, > > Maybe it's look like a stupid question, but, is there any way to make > apache acting as a "reverse proxy" send the original IP source to > destination? Like iptables DNAT ? > > Coz I need protect users/server (HTTPS) and webserver (IDS), but my > SSL-out box (apache RP) send its own IP to apache webserver, not > original source... then I cant just block SSL-out box IP (but I need a > active response from Snort... even passive, a lot of alerts from > SSL-out IP doesnt help so much). > > There my conf: INTERNET---HTTPS---SSLOUTBOX---HTTP---IDS---WEBSERVER > > Thanks :) > Hi, Would there be any chance your IDS extract the source address info from the "X-forwarded-for" header instead of the source IP ? Regards. Emmanuel --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|