Solved

Proxy and ActiveMQ

Posted on 2014-04-01
3
790 Views
Last Modified: 2014-04-02
So if you want to connect to clients and sllow them to either push or pull JMS messages, and wanted to put the Reverse Proxy in the DMZ, which one would you use.  Is there one from Open Source or one to purse

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's

Thanks
0
Comment
Question by:Anthony Lucia
3 Comments
 
LVL 6

Assisted Solution

by:Ryan Smith
Ryan Smith earned 100 total points
ID: 39970047
This article might help you find what your looking for.

http://www.apachetutor.org/admin/reverseproxies
0
 

Author Comment

by:Anthony Lucia
ID: 39970127
So I guess this is suggesting that ActiveMQ should use the mod_proxy contained within the Apache content..  There are two possible issues with that

1> The mod_proxy would probably not be within the DMZ

2> What about situations where you have a ActiveMQ but no Apache

Also, would the mod_proxy be able to scan ActiveMQ content and be able to act upon it (block users from certain queues)

njd
0
 
LVL 35

Accepted Solution

by:
mccarl earned 400 total points
ID: 39970916
You still haven't stated any requirements that (to me) necessitate using a proxy.

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's
A proxy ins't required in order to do this. The IP address is contained outside the encryted SSL stream, so your plain old firewall can do this just fine. But to answer your question fully, yes the proxy CAN terminate the SSL connection and then proxy the connection using unencrypted HTTP to the ActiveMQ server. However, I believe that it can't do any inspection at the ActiveMQ protocol level eg. in order to block messages depending on queues and such (not without writting you own apache module, or similar for other proxies)

To block producing/consuming based on the particular queue, that is where you would use the authorization plugin features builtin to ActiveMQ (as you asked in another question).

One thing that ActiveMQ DOES support is accepting incoming SSL connections and requiring the client that is connecting to present an SSL certificate to authenticate itself as. This combined with the queue based authorization in ActiveMQ and your firewall filtering incoming connections based on IP address would provide a very secure system, in my opinion. And be relatively easy to setup, with no dependency on other components such as proxies, etc.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to implement Singleton Design Pattern in Java.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question