httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Hall-Kenney <James.Hall-Ken...@sytec.co.nz>
Subject [users@httpd] mod proxy - source IP address in a Virtual Server environment.
Date Tue, 24 Sep 2002 09:43:47 GMT
Hi all,

I have a Redhat Linux server running Apache 1.3.22 from the Redhat patched
RPM.  The primary function of the server is as a reverse proxy system.  

This server has multiple instances of chrooted httpd with mod_ssl, all
listening on different virtual IP's ie only 1 physical interface.  Each
instance represents a different proxied application owned by a separate
business unit.  Individual IP addresses are required as we are running SSL
on the rev proxy for all these applications.

The reverse proxy functionality works well, the problem we are experiencing
relates to the IP address the server is using to communicate to the proxied
"back end" servers.

The back end servers that the Apache host is reverse proxying are all behind
firewalls.  We would like to be able to limit the reverse proxy IP address
for "Application A" to have only access to the backend server for
"Application A" at the firewall.

The problem we are having is that all traffic is sourced from the primary
address of the interface, not the Virtual IP that the reverse proxy
responded on.

I appreciate that this is more an IP stack behavioural issue, but when I
have had similar issues to this in the past with applications such as BIND,
Weblogic Proxy, Squid etc, the application had a configuration directive to
override this behaviour and dictate the source address.  Is there any way to
do something similar in Apache with mod_proxy?

Any help greatly appreciated.

Regards

James

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message