httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bailleul <Emmanuel.Baill...@telindus.fr>
Subject RE: [users@httpd] Reverse proxy like DNAT, any chance? :)
Date Wed, 28 Oct 2009 12:29:38 GMT
> -----Message d'origine-----
> De : Carlos André [mailto:candrecn@gmail.com]
> Envoyé : mercredi 28 octobre 2009 13:06
> À : users@httpd.apache.org
> Objet : [users@httpd] Reverse proxy like DNAT, any chance? :)
> 
> Hi ppl,
> 
> Maybe it's look like a stupid question, but, is there any way to make
> apache acting as a "reverse proxy" send the original IP source to
> destination? Like iptables DNAT ?
> 
> Coz I need protect users/server (HTTPS) and webserver (IDS), but my
> SSL-out box (apache RP) send its own IP to apache webserver, not
> original source... then I cant just block SSL-out box IP (but I need a
> active response from Snort... even passive, a lot of alerts from
> SSL-out IP doesnt help so much).
> 
> There my conf: INTERNET---HTTPS---SSLOUTBOX---HTTP---IDS---WEBSERVER
> 
> Thanks :)
> 

Hi,

Would there be any chance your IDS extract the source address info from the "X-forwarded-for"
header instead of the source IP ?

Regards.

Emmanuel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message