Help with apache reverse proxy configuration

Posted on 2005-04-11
Medium Priority
Last Modified: 2007-11-27
Hi All .....
Hope some apache guru out there can me out.....

I have a situation -- where some external clients are not able to see some administrative web applications we're hosting off an intranet/non-DMZ server.

I'm toying with the idea of either:
1) Giving the machine another IP -- visible in our DMZ.... protect with password/ssl
2) Setting up a reverse proxy -- via servers we already have in our DMZ..... protect with password/ssl

Question 1)
** Any thoughts on which option would be better....... 1) 2)  ?
     Anyother option I'm missing ?

Question 2)
** Re: option2)  What is best practice / fully apache standard module way of setting up a reverse proxy server.....
I.E. Is there a way to setup an apache (v2.0.5x) reverse proxy server without using any 3rd party modules ?
I've followed the following article:

All seems to be working -- except for rules pertaining to module (where do I get a binary of this thing ?):
>> LoadFile   /usr/lib/libxml2.so
>> ProxyHTMLURLMap       /      /admin/
>> ProxyHTMLURLMap       /admin      /admin

Apache Server Version:  2.0.53
OS System:                   Windows 2000 SP3

Relevant Apache Configuration Files Snippets:
LoadModule proxy_module      modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module    modules/mod_headers.so
LoadFile   /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so

<VirtualHost 216.xxx.xxx.157:80>
     ServerName www.xxx.com
     ServerPath "E:/xxx/Apache2/sites/xxx"
     DocumentRoot "E:/xxx/Apache2/sites/xxx"
     DirectoryIndex index.htm index.html index.html.var
     ServerAdmin xxx@xxxx.com
     ErrorLog "E:/xxx/Apache2/sites/xxx/logs/error.log"
     TransferLog "E:/xxx/Apache2/sites/xxx/logs/trace.log"
               RewriteEngine on
               RewriteCond %{SERVER_PORT} !^443$
               RewriteRule ^/(xxxSys)(.*) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(enrol.htm$) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(transfer.htm$) https://%{SERVER_NAME}/$1$2
               RewriteRule ^/(.*)(orderrefill.htm$) https://%{SERVER_NAME}/$1$2
               RewriteLog E:/xxx/Apache2/logs/httpd_rewrite_log
               RewriteLogLevel 0

     ProxyRequests Off
     ProxyPass       /admin   http://myInternalServerName/
     ProxyHTMLURLMap http://myInternalServerName /admin

     <Location /admin/>
          ProxyPassReverse /
          SetOutputFilter       proxy-html
          ProxyHTMLURLMap       /      /admin/
          ProxyHTMLURLMap       /admin      /admin
          RequestHeader        unset      Accept-Encoding


My corresponding <VirtualHost 216.xxx.xxx.157:443> section would also have the same reverse proxy rules/config....
Question by:fmisa
  • 3
  • 2

Author Comment

ID: 13758648
Not even one response ?
Please let me know if the question is unclear ? or if I need to supply more information ?
I was hoping this would be easy -- for someone with more real-world apache experience ?

Hope to hear from someone soon.....

LVL 51

Expert Comment

ID: 13766042
I'd go with its own IP, simple to setup 'cause just a virtual interface and a virtual host in httpd.conf

Author Comment

ID: 13768829
An easy 300 ;))

Yes -- you're right -- I'm leaning towards the extra IP.....
However,  I see many potential uses for Reverse Proxy for us in future.....

I've finally got me configuration working -- based on the following:

It works like a charm for static pages...... however, I'm noticing strange behaviour for some servlet generated pages as well as some servlet/authenticated pages.

Along the lines of my original question:
* Have you used reverse proxy -- in production for servlet/application server type apps.  Any words of wisdom ?
* Isn't the standard apache module   mod_proxy sufficient ?  Why all this 3rd party augmentation ?  i.e. mod_proxy_html ?
LVL 51

Accepted Solution

ahoffmann earned 900 total points
ID: 13769739
* servlets and alike as is are not a problem, usually
  but a lot of them (or sometimes the framework they're based on) use links containing the FQDN, or produce pages with embeded active scripting which computes/builds links on the fly, noe reverse proxy can identify such things
* mod_proxy is sufficient for well programed pages

or in other words: web designers need to know the technics and the network topology (but most reject to even think about that)-:

Author Comment

ID: 13772259
Thanks very much......
I'll check our servlets -- that's probably the case.....



Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question