ModSecurity: setting up a reverse proxy
A few weeks ago i wrote that i wanted to investigate setting up a reverse web proxy with mod_security. I have now finally found a little time to do so. What surprised me was how easy it actually is!
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow #spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *> Order deny,allow Allow from all #Allow from .your_domain.com
# Enable/disable the handling of HTTP/1.1 “Via:” headers. # (“Full” adds the server version; “Block” removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block ProxyVia Block
# use to disable proxy for a specific subdir # ProxyPass /blog/wp-admin ! ProxyPass /blog http://internalserver/blog ProxyPassReverse /blog http://internalserver/blog
# use to disable access to a specific subdir
<Location /blog/wp-admin> Order deny,allow Deny from all Allow from 192.168.1.2
# use to force errors by the internal host to look like to be coming from the proxy host.
# disabled because it causes problems with Wordpress.
#ProxyErrorOverride On
This is the entire config for the proxy part. Next, enable mod_security. As far as i can see there is nothing special about ModSecurity and reverse proxies. So just enable it like you would on a webserver. Some useful links for setting up reverse proxies using Apache:
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html http://www.apacheweek.com/features/reverseproxies
Thats all for now!