Solved

Proxy and ActiveMQ

Posted on 2014-04-01
3
884 Views
Last Modified: 2014-04-02
So if you want to connect to clients and sllow them to either push or pull JMS messages, and wanted to put the Reverse Proxy in the DMZ, which one would you use.  Is there one from Open Source or one to purse

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Assisted Solution

by:Ryan Smith
Ryan Smith earned 100 total points
ID: 39970047
This article might help you find what your looking for.

http://www.apachetutor.org/admin/reverseproxies
0
 

Author Comment

by:Anthony Lucia
ID: 39970127
So I guess this is suggesting that ActiveMQ should use the mod_proxy contained within the Apache content..  There are two possible issues with that

1> The mod_proxy would probably not be within the DMZ

2> What about situations where you have a ActiveMQ but no Apache

Also, would the mod_proxy be able to scan ActiveMQ content and be able to act upon it (block users from certain queues)

njd
0
 
LVL 36

Accepted Solution

by:
mccarl earned 400 total points
ID: 39970916
You still haven't stated any requirements that (to me) necessitate using a proxy.

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's
A proxy ins't required in order to do this. The IP address is contained outside the encryted SSL stream, so your plain old firewall can do this just fine. But to answer your question fully, yes the proxy CAN terminate the SSL connection and then proxy the connection using unencrypted HTTP to the ActiveMQ server. However, I believe that it can't do any inspection at the ActiveMQ protocol level eg. in order to block messages depending on queues and such (not without writting you own apache module, or similar for other proxies)

To block producing/consuming based on the particular queue, that is where you would use the authorization plugin features builtin to ActiveMQ (as you asked in another question).

One thing that ActiveMQ DOES support is accepting incoming SSL connections and requiring the client that is connecting to present an SSL certificate to authenticate itself as. This combined with the queue based authorization in ActiveMQ and your firewall filtering incoming connections based on IP address would provide a very secure system, in my opinion. And be relatively easy to setup, with no dependency on other components such as proxies, etc.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this post we will learn different types of Android Layout and some basics of an Android App.
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
The viewer will learn how to implement Singleton Design Pattern in Java.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question