Solved

Proxy and ActiveMQ

Posted on 2014-04-01
3
736 Views
Last Modified: 2014-04-02
So if you want to connect to clients and sllow them to either push or pull JMS messages, and wanted to put the Reverse Proxy in the DMZ, which one would you use.  Is there one from Open Source or one to purse

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's

Thanks
0
Comment
Question by:Anthony Lucia
3 Comments
 
LVL 6

Assisted Solution

by:Ryan Smith
Ryan Smith earned 100 total points
ID: 39970047
This article might help you find what your looking for.

http://www.apachetutor.org/admin/reverseproxies
0
 

Author Comment

by:Anthony Lucia
ID: 39970127
So I guess this is suggesting that ActiveMQ should use the mod_proxy contained within the Apache content..  There are two possible issues with that

1> The mod_proxy would probably not be within the DMZ

2> What about situations where you have a ActiveMQ but no Apache

Also, would the mod_proxy be able to scan ActiveMQ content and be able to act upon it (block users from certain queues)

njd
0
 
LVL 35

Accepted Solution

by:
mccarl earned 400 total points
ID: 39970916
You still haven't stated any requirements that (to me) necessitate using a proxy.

Would this proxy be able to unwrap SSL and inspect ActiveMQ messages to block inbound traffic from certain IP's
A proxy ins't required in order to do this. The IP address is contained outside the encryted SSL stream, so your plain old firewall can do this just fine. But to answer your question fully, yes the proxy CAN terminate the SSL connection and then proxy the connection using unencrypted HTTP to the ActiveMQ server. However, I believe that it can't do any inspection at the ActiveMQ protocol level eg. in order to block messages depending on queues and such (not without writting you own apache module, or similar for other proxies)

To block producing/consuming based on the particular queue, that is where you would use the authorization plugin features builtin to ActiveMQ (as you asked in another question).

One thing that ActiveMQ DOES support is accepting incoming SSL connections and requiring the client that is connecting to present an SSL certificate to authenticate itself as. This combined with the queue based authorization in ActiveMQ and your firewall filtering incoming connections based on IP address would provide a very secure system, in my opinion. And be relatively easy to setup, with no dependency on other components such as proxies, etc.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now