httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lionel Fairon <lfai...@proof.be>
Subject Re: [users@httpd] IPTABLES and Apache ProxyPass
Date Mon, 18 May 2015 15:00:18 GMT
You should enable stateful packet inspection on both INPUT an OUTPUT, as the communications
between your reverse proxy and the origin server are not included in your rules: OUTPUT any,
but responses (received on INPUT) are only accepted if sent to... Port 80 or 443. Responses
are sent to the original source port (>1024)

Iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT



Envoyé de mon iPad

Le 18 May 2015 à 08:35, "Kevin Caliati" <kcaliati@gmail.com<mailto:kcaliati@gmail.com>>
a écrit :


Hi everyone,

I posted my issue on stackoverflow but nobody answer me.



I have a webserver secured with iptables :

iptables -L -v
Chain INPUT (policy DROP 67 packets, 8002 bytes)
 pkts bytes target     prot opt in     out     source               destination
   62  4648 ACCEPT     tcp  --  any    any     192.168.200.0/24     anywhere            tcp
dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     192.168.200.0/24     anywhere            tcp
dpt:ndmp
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp
dpt:http
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp
dpt:https
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 30 packets, 4600 bytes)
 pkts bytes target     prot opt in     out     source               destination


I also have some ProxyPass and ProxyPassReverse configurations in httpd.conf file.

If I stop iptables service, the ProxyPass configuration is working but when it's up it failed.

Which iptables configuration should I set ?


Mime
View raw message