[Fwd: Re: [Techtalk] url port forward?]

overhaul overhaul at littledeath.net
Fri Oct 1 20:15:26 EST 2004 

(oops.. i forgot to hit "reply all" on this one)

Almut thanks,    I was able to find the info on the net and apply it to
my httpd.conf file and "sortof" works.....

Almut Behrens wrote:

> Exactly, that's the way to go.  What you want to set up with mod_proxy
> is a so-called "reverse proxy".  So, on your server "B" you'd have to
> run apache with the following additional options in httpd.conf (in its
> most simple form):
> 
> ProxyRequests     Off
> ProxyPass         /  http://your.internal.server/
> ProxyPassReverse  /  http://your.internal.server/
> 
> A detailed description of what this does can be found in the reference
> docs:  http://httpd.apache.org/docs/mod/mod_proxy.html (for 1.x
> versions)  or http://httpd.apache.org/docs-2.0/mod/mod_proxy.html
> (for apache 2.x -- note that mod_proxy for 2.x has more features, and
> works somewhat differently).
> 
> Of course, for this to work, the mod_proxy functionality has to be
> made available by loading the module dynamically, i.e. "LoadModule
> proxy_module libexec/mod_proxy.so"  (or by having it statically
> compiled into apache).

It was already statically compiled.

> 
> For simple reverse proxying tasks this should work as is, but there
> are some issues with this approach, for example having to do with
> absolute HREFs inside the delivered HTML code, etc.
> (For the latter, see http://apache.webthing.com/mod_proxy_html/).

That is exactly the problem I ran into.

After a long week I will put this off till tomorrow but I will read the
article above to see if there's a workaround to the absolute href's
problem.

> 
> There's a very good tutorial article by Nick Kew (the author of
> mod_proxy_html), focusing on the apache 2.x way of doing it:
> 
> http://www.apacheweek.com/features/reverseproxies
> 
> So, rather than rephrasing everything he says in my own words, I'll
> just suggest you read that article :)
> 
snip
> 
> Last but not least, there's a more general issue to think about: for
> this whole approach to be of any real value, you'd have to make sure,
> that the apache (or port-forwarder) on server "B" is only accessible by
> "C"/you (either by having it located somewhere where only you have
> access, or via some other special authentication mechanism...).
> If server B is open to the public, then you wouldn't have gained much.
> You'd only have moved the issue of which IPs to allow, from server A
> to B  (-> if anyone could connect to the proxying service on B, and B
> forwards the requests to A, then you could just as well let people
> directly connect to A -- from an access control point of view...)

Yes, I'm considering this problem as well.   I might use a  <Directory>
control block to limit access. and then update that everytime my ip
changes.   Which is a pain, but it would work.  (or I could switch isp's
and get a static ip)

Thanks again and I'll let you know if it all works out.

-o

> 
> 
> I hope this wasn't too confusing... Anyway, if you get stuck somewhere,
> don't hesitate to ask for more details :)
> 
> Almut
> 
> 
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

More information about the Techtalk mailing list