mmh ... Maybe this is realy a missunderstandig. What I`m searching is a pice of Software that I can publish my HTTP-Servers in my DMZ to the world. AND I would like to do things like: www.Name.de/sub1/ -> box2.internal/sub_main/sub www.Name.de/sub2/ -> box3.internal/something_else/sub www.Name.de/sub1/sub2 -> box2.internal/sub_main/sub3 We have one external IP, but have very different boxes for the diffrent parts of our Web-Service. Like box2 runs NT, box3 runs Solaris. As far as I know Squid does only a Proxy the other way round. Maybe I can do this even with a kind of redirecting, therefor we mostly have generated JPEG's, they woun't be cached anyway. Franziskus
-----Original Message----- From: Kurt Seifried [mailto:listuser@seifried.org] Sent: Donnerstag, 13. September 2001 10:43 To: Franziskus Scharpff; suse-security@suse.com Subject: Re: [suse-security] reverse Proxy [was: http proxy]
Hello,
might be off topic, but I'm searching for a reliable Reverse-Proxy for Our Web-Servers.
A more correct term is HTTP accelerator (couldn't figure out your email initially =).
As far as I know does Apache do the Job, but only for HTTP 1.0. Are there any other Solutions ? Or is the mod_proxy meanwhile updated ?
Squid will pass HTTP 1.1 headers, Apache too. mod_proxy is updated in 1.2.
Any Security-Hole's ?
Yup. Misconfiguration is easy. I may be able to use your proxy to attack your internal network for example. Or anonymize my web surfing. If you do it be very restrictive and use firewalling on the accelerator machine to enforce what it should do (i.e. only talk to port 80 on internal www server).
Thank you for your help.
Franziskus
Kurt Seifried, kurt@seifried.org PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/