Re: Reverse proxy like DNAT, any chance? :)

Carlos André <candrecn@xxxxxxxxx> · Wed, 28 Oct 2009 10:48:27 -0300

Hi Emmanuel,

I'm using Snort.
It dont (yet) permit use of "X-Forwarded-For" :(
Anyway since I cant block IP of SSL-out box, then this feature come
out I cant put a inline IDS with active response function on same box.
Maybe IDS sensor after SSL-out box, then, on a event... send a command
to SSL-out box to DROP attacker IP...  Or just put IDS and SSL-out on
same box... (I prefer segregate, anyway sending a DROP command to
another box will slow down response a little...) If any event detected
from a X-Forwarded IP then just put on iptables (-I INPUT -s
<X-Forwarded-For> -j DROP) or something like that...

On Wed, Oct 28, 2009 at 9:29 AM, Emmanuel Bailleul
<Emmanuel.Bailleul@xxxxxxxxxxx> wrote:
>> -----Message d'origine-----
>> De : Carlos André [mailto:candrecn@xxxxxxxxx]
>> Envoyé : mercredi 28 octobre 2009 13:06
>> À : users@xxxxxxxxxxxxxxxx
>> Objet :  Reverse proxy like DNAT, any chance? :)
>>
>> Hi ppl,
>>
>> Maybe it's look like a stupid question, but, is there any way to make
>> apache acting as a "reverse proxy" send the original IP source to
>> destination? Like iptables DNAT ?
>>
>> Coz I need protect users/server (HTTPS) and webserver (IDS), but my
>> SSL-out box (apache RP) send its own IP to apache webserver, not
>> original source... then I cant just block SSL-out box IP (but I need a
>> active response from Snort... even passive, a lot of alerts from
>> SSL-out IP doesnt help so much).
>>
>> There my conf: INTERNET---HTTPS---SSLOUTBOX---HTTP---IDS---WEBSERVER
>>
>> Thanks :)
>>
>
> Hi,
>
> Would there be any chance your IDS extract the source address info from the "X-forwarded-for" header instead of the source IP ?
>
> Regards.
>
> Emmanuel
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx