RE: reverse proxy using apache

[Adrian Brinton <adrian () brinton to>]

I use it as an alternative to port forwarding. Using Apache, I can proxy
requests to a back end machine without allowing direct connectivity. You
can't use 90% of the IIS exploits that come out because Apache chokes on
them. A (non-security related) benefit is that I can also run multiple
servers on different FQDN's from one IP too. 

I do mail relay with qmail too... this is my home network, so the geek
factor is really more compelling than any real security concerns :)


adrian
adrian () brinton to

-----Original Message-----
From: Moore, James [mailto:James.Moore () MSFC NASA GOV]
Sent: Thursday, January 13, 2000 8:00 AM
To: Adrian Brinton; firewall-wizards () nfr net
Subject: RE: reverse proxy using apache


Just outta' cusiosity: what does this provide in terms of security?

Jim Moore
256.461.4381

----------- PGP PUBLIC KEY FINGERPRINT ------------
1D9C 3AC3 34E6 EEDF 22B9  7886 7797 6908 048F 049B
---------------------------------------------------


> -----Original Message-----
> From: Adrian Brinton [SMTP:adrian () brinton to]
> Sent: Tuesday, January 11, 2000 12:43 AM
> To:   'Scott Saxen'; firewall-wizards () nfr net
> Subject:      RE: reverse proxy using apache
>
> I'm not sure if this is what you're looking for, but I use apache as a
> proxy server using the ProxyPass directive. I have the apache box on a
> dsl line and a NAT'ed network behind (this could be a DMZ if I had
some
> time and another few computers). When an outside user connects, they
see
> the apache box. Apache proxys them out to an IIS server (or whatever
you
> want) on the NAT'ed network. The user sees nothing... it looks like
> they're hitting the IIS (or whatever) server directly. Works for SSL
too
> (between the user and the proxy, in my case), you just have to add SSL
> support to apache. Below are the relevant lines of the httpd.conf
file.