Tuesday, February 05, 2008

Reverse Proxy with Apache

Sometimes, when we need to configure network devices within LAN (via http), we need to do it on site due to private addressing. While making the devices directly accessible from the Internet is a big no-no, there is another way to connect remotely and securely: Reverse HTTP Proxy (with Apache).

Apache has proxy-related modules to enable this operation. To get it working, you need to enable this modules:
- proxy
- proxy_http

Using Ubuntu 7.10, this modules can be loaded simply by typing:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /etc/init.d/apache2 restart

To forward any http request to your internal address, you need to add the destination url into your virtual host configuration, i.e:

sudo nano /etc/apache2/sites-available/yourvirtualhostconfig

then add this line:

ProxyPass /your-public-url/ http://your-private-address

enable your site by typing:

sudo a2ensite yourvirtualhostconfig
sudo /etc/init.d/apache2/restart

By default, in Ubuntu 7.10 all proxy access are denied. Therefore, you
need to white list your address into the proxy.conf file

sudo nano /etc/apache2/mods-available/proxy.conf

change the config to allow your source address i.e:

<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from 203.153.240.197
</Proxy>

Then reload the configurations

sudo a2enmod proxy
sudo /etc/init.d/apache2 restart

That's it folks. Enjoy working on your devices remotely, securely.
(It is not so secure as the traffic is not encrypted. What I mean by
secure, is that I can hide the private address from any port scan.
Therefore, what is deemed secure by me, is not necessarily secure by
your definition. This is MY blog, so no complain!!!)