Solved

Proxy and ActiveMQ

Posted on 2014-04-01
3
822 Views
Last Modified: 2014-04-02
So if you want to connect to clients and sllow them to either push or pull JMS messages, and wanted to put the Reverse Proxy in the DMZ, which one would you use.  Is there one from Open Source or one to purse

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's

Thanks
0
Comment
Question by:Anthony Lucia
3 Comments
 
LVL 6

Assisted Solution

by:Ryan Smith
Ryan Smith earned 100 total points
ID: 39970047
This article might help you find what your looking for.

http://www.apachetutor.org/admin/reverseproxies
0
 

Author Comment

by:Anthony Lucia
ID: 39970127
So I guess this is suggesting that ActiveMQ should use the mod_proxy contained within the Apache content..  There are two possible issues with that

1> The mod_proxy would probably not be within the DMZ

2> What about situations where you have a ActiveMQ but no Apache

Also, would the mod_proxy be able to scan ActiveMQ content and be able to act upon it (block users from certain queues)

njd
0
 
LVL 35

Accepted Solution

by:
mccarl earned 400 total points
ID: 39970916
You still haven't stated any requirements that (to me) necessitate using a proxy.

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's
A proxy ins't required in order to do this. The IP address is contained outside the encryted SSL stream, so your plain old firewall can do this just fine. But to answer your question fully, yes the proxy CAN terminate the SSL connection and then proxy the connection using unencrypted HTTP to the ActiveMQ server. However, I believe that it can't do any inspection at the ActiveMQ protocol level eg. in order to block messages depending on queues and such (not without writting you own apache module, or similar for other proxies)

To block producing/consuming based on the particular queue, that is where you would use the authorization plugin features builtin to ActiveMQ (as you asked in another question).

One thing that ActiveMQ DOES support is accepting incoming SSL connections and requiring the client that is connecting to present an SSL certificate to authenticate itself as. This combined with the queue based authorization in ActiveMQ and your firewall filtering incoming connections based on IP address would provide a very secure system, in my opinion. And be relatively easy to setup, with no dependency on other components such as proxies, etc.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question