Help with apache reverse proxy configuration

Posted on 2005-04-11
Last Modified: 2007-11-27
Hi All .....
Hope some apache guru out there can me out.....

I have a situation -- where some external clients are not able to see some administrative web applications we're hosting off an intranet/non-DMZ server.

I'm toying with the idea of either:
1) Giving the machine another IP -- visible in our DMZ.... protect with password/ssl
2) Setting up a reverse proxy -- via servers we already have in our DMZ..... protect with password/ssl

Question 1)
** Any thoughts on which option would be better....... 1) 2)  ?
     Anyother option I'm missing ?

Question 2)
** Re: option2)  What is best practice / fully apache standard module way of setting up a reverse proxy server.....
I.E. Is there a way to setup an apache (v2.0.5x) reverse proxy server without using any 3rd party modules ?
I've followed the following article:

All seems to be working -- except for rules pertaining to module (where do I get a binary of this thing ?):
>> LoadFile   /usr/lib/
>> ProxyHTMLURLMap       /      /admin/
>> ProxyHTMLURLMap       /admin      /admin

Apache Server Version:  2.0.53
OS System:                   Windows 2000 SP3

Relevant Apache Configuration Files Snippets:
LoadModule proxy_module      modules/
LoadModule proxy_http_module modules/
LoadModule headers_module    modules/
LoadFile   /usr/lib/
LoadModule proxy_html_module modules/

     ServerPath "E:/xxx/Apache2/sites/xxx"
     DocumentRoot "E:/xxx/Apache2/sites/xxx"
     DirectoryIndex index.htm index.html index.html.var
     ErrorLog "E:/xxx/Apache2/sites/xxx/logs/error.log"
     TransferLog "E:/xxx/Apache2/sites/xxx/logs/trace.log"
               RewriteEngine on
               RewriteCond %{SERVER_PORT} !^443$
               RewriteRule ^/(xxxSys)(.*) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(enrol.htm$) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(transfer.htm$) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(orderrefill.htm$) https://%{SERVER_NAME}/$1$2
               RewriteLog E:/xxx/Apache2/logs/httpd_rewrite_log
               RewriteLogLevel 0

     ProxyRequests Off
     ProxyPass       /admin   http://myInternalServerName/
     ProxyHTMLURLMap http://myInternalServerName /admin

     <Location /admin/>
          ProxyPassReverse /
          SetOutputFilter       proxy-html
          ProxyHTMLURLMap       /      /admin/
          ProxyHTMLURLMap       /admin      /admin
          RequestHeader        unset      Accept-Encoding


My corresponding <VirtualHost> section would also have the same reverse proxy rules/config....
Question by:fmisa

    Author Comment

    Not even one response ?
    Please let me know if the question is unclear ? or if I need to supply more information ?
    I was hoping this would be easy -- for someone with more real-world apache experience ?

    Hope to hear from someone soon.....

    LVL 51

    Expert Comment

    I'd go with its own IP, simple to setup 'cause just a virtual interface and a virtual host in httpd.conf

    Author Comment

    An easy 300 ;))

    Yes -- you're right -- I'm leaning towards the extra IP.....
    However,  I see many potential uses for Reverse Proxy for us in future.....

    I've finally got me configuration working -- based on the following:

    It works like a charm for static pages...... however, I'm noticing strange behaviour for some servlet generated pages as well as some servlet/authenticated pages.

    Along the lines of my original question:
    * Have you used reverse proxy -- in production for servlet/application server type apps.  Any words of wisdom ?
    * Isn't the standard apache module   mod_proxy sufficient ?  Why all this 3rd party augmentation ?  i.e. mod_proxy_html ?
    LVL 51

    Accepted Solution

    * servlets and alike as is are not a problem, usually
      but a lot of them (or sometimes the framework they're based on) use links containing the FQDN, or produce pages with embeded active scripting which computes/builds links on the fly, noe reverse proxy can identify such things
    * mod_proxy is sufficient for well programed pages

    or in other words: web designers need to know the technics and the network topology (but most reject to even think about that)-:

    Author Comment

    Thanks very much......
    I'll check our servlets -- that's probably the case.....



    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
    Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
    This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
    The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now