I use it as an alternative to port forwarding. Using Apache, I can proxy requests to a back end machine without allowing direct connectivity. You can't use 90% of the IIS exploits that come out because Apache chokes on them. A (non-security related) benefit is that I can also run multiple servers on different FQDN's from one IP too. I do mail relay with qmail too... this is my home network, so the geek factor is really more compelling than any real security concerns :) adrian adrianat_private -----Original Message----- From: Moore, James [mailto:James.Mooreat_private] Sent: Thursday, January 13, 2000 8:00 AM To: Adrian Brinton; firewall-wizardsat_private Subject: RE: reverse proxy using apache Just outta' cusiosity: what does this provide in terms of security? Jim Moore 256.461.4381 ----------- PGP PUBLIC KEY FINGERPRINT ------------ 1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B --------------------------------------------------- > -----Original Message----- > From: Adrian Brinton [SMTP:adrianat_private] > Sent: Tuesday, January 11, 2000 12:43 AM > To: 'Scott Saxen'; firewall-wizardsat_private > Subject: RE: reverse proxy using apache > > I'm not sure if this is what you're looking for, but I use apache as a > proxy server using the ProxyPass directive. I have the apache box on a > dsl line and a NAT'ed network behind (this could be a DMZ if I had some > time and another few computers). When an outside user connects, they see > the apache box. Apache proxys them out to an IIS server (or whatever you > want) on the NAT'ed network. The user sees nothing... it looks like > they're hitting the IIS (or whatever) server directly. Works for SSL too > (between the user and the proxy, in my case), you just have to add SSL > support to apache. Below are the relevant lines of the httpd.conf file.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:31 PDT