Solved

Proxy and ActiveMQ

Posted on 2014-04-01
3
858 Views
Last Modified: 2014-04-02
So if you want to connect to clients and sllow them to either push or pull JMS messages, and wanted to put the Reverse Proxy in the DMZ, which one would you use.  Is there one from Open Source or one to purse

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Assisted Solution

by:Ryan Smith
Ryan Smith earned 100 total points
ID: 39970047
This article might help you find what your looking for.

http://www.apachetutor.org/admin/reverseproxies
0
 

Author Comment

by:Anthony Lucia
ID: 39970127
So I guess this is suggesting that ActiveMQ should use the mod_proxy contained within the Apache content..  There are two possible issues with that

1> The mod_proxy would probably not be within the DMZ

2> What about situations where you have a ActiveMQ but no Apache

Also, would the mod_proxy be able to scan ActiveMQ content and be able to act upon it (block users from certain queues)

njd
0
 
LVL 35

Accepted Solution

by:
mccarl earned 400 total points
ID: 39970916
You still haven't stated any requirements that (to me) necessitate using a proxy.

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's
A proxy ins't required in order to do this. The IP address is contained outside the encryted SSL stream, so your plain old firewall can do this just fine. But to answer your question fully, yes the proxy CAN terminate the SSL connection and then proxy the connection using unencrypted HTTP to the ActiveMQ server. However, I believe that it can't do any inspection at the ActiveMQ protocol level eg. in order to block messages depending on queues and such (not without writting you own apache module, or similar for other proxies)

To block producing/consuming based on the particular queue, that is where you would use the authorization plugin features builtin to ActiveMQ (as you asked in another question).

One thing that ActiveMQ DOES support is accepting incoming SSL connections and requiring the client that is connecting to present an SSL certificate to authenticate itself as. This combined with the queue based authorization in ActiveMQ and your firewall filtering incoming connections based on IP address would provide a very secure system, in my opinion. And be relatively easy to setup, with no dependency on other components such as proxies, etc.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question