[Fwd: Re: [Techtalk] url port forward?]
overhaul at littledeath.net
Fri Oct 1 20:15:26 EST 2004
(oops.. i forgot to hit "reply all" on this one)
Almut thanks, I was able to find the info on the net and apply it to
my httpd.conf file and "sortof" works.....
Almut Behrens wrote:
> Exactly, that's the way to go. What you want to set up with mod_proxy
> is a so-called "reverse proxy". So, on your server "B" you'd have to
> run apache with the following additional options in httpd.conf (in its
> most simple form):
> ProxyRequests Off
> ProxyPass / http://your.internal.server/
> ProxyPassReverse / http://your.internal.server/
> A detailed description of what this does can be found in the reference
> docs: http://httpd.apache.org/docs/mod/mod_proxy.html (for 1.x
> versions) or http://httpd.apache.org/docs-2.0/mod/mod_proxy.html
> (for apache 2.x -- note that mod_proxy for 2.x has more features, and
> works somewhat differently).
> Of course, for this to work, the mod_proxy functionality has to be
> made available by loading the module dynamically, i.e. "LoadModule
> proxy_module libexec/mod_proxy.so" (or by having it statically
> compiled into apache).
It was already statically compiled.
> For simple reverse proxying tasks this should work as is, but there
> are some issues with this approach, for example having to do with
> absolute HREFs inside the delivered HTML code, etc.
> (For the latter, see http://apache.webthing.com/mod_proxy_html/).
That is exactly the problem I ran into.
After a long week I will put this off till tomorrow but I will read the
article above to see if there's a workaround to the absolute href's
> There's a very good tutorial article by Nick Kew (the author of
> mod_proxy_html), focusing on the apache 2.x way of doing it:
> So, rather than rephrasing everything he says in my own words, I'll
> just suggest you read that article :)
> Last but not least, there's a more general issue to think about: for
> this whole approach to be of any real value, you'd have to make sure,
> that the apache (or port-forwarder) on server "B" is only accessible by
> "C"/you (either by having it located somewhere where only you have
> access, or via some other special authentication mechanism...).
> If server B is open to the public, then you wouldn't have gained much.
> You'd only have moved the issue of which IPs to allow, from server A
> to B (-> if anyone could connect to the proxying service on B, and B
> forwards the requests to A, then you could just as well let people
> directly connect to A -- from an access control point of view...)
Yes, I'm considering this problem as well. I might use a <Directory>
control block to limit access. and then update that everytime my ip
changes. Which is a pain, but it would work. (or I could switch isp's
and get a static ip)
Thanks again and I'll let you know if it all works out.
> I hope this wasn't too confusing... Anyway, if you get stuck somewhere,
> don't hesitate to ask for more details :)
> Techtalk mailing list
> Techtalk at linuxchix.org
More information about the Techtalk