From: Dave Lowenstein (dlowenst@mail.sdsu.edu)
Date: Wed Sep 11 2002 - 15:39:44 EDT
I posted this to the apache users list and haven't heard back. The
sunmanagers list is far better than any other list for getting real
answers to my questions anyway.
Here's my dilemma:
I'd like to allow people to access documents on a server which is behind a
firewall from my webserver. The other server allows access from my
webserver on port 80, but doesn't allow access from anyone else.
I set up the following on a test server:
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPass /proxy http://server.behind.firewall.com/
</IfModule>
I'm able to type in
my.server.com/proxy/document_on_server_behind_firewall.pdf
and get the document. I'm also able, however, to select my.server.com as a
proxy server in browser preferences, and bring up cnn.com using my
webserver as the proxy. It's a very screwed-up looking cnn.com (not all
the images load, the text is in large clumsy looking fonts) but
nevertheless the page comes up.
Can this be exploited? Is there a way to set it up so that I can proxy
through to these docs on the other server but not allow people to use my
server as a proxy server for anything else? I can't set up allow/deny
lists because the general public needs to be able to download these
documents from my webserver.
I thought that reverse proxying would keep people from using my server as
a proxy while allowing the docs to come over, but it didn't seem to
work. I did the exact same config as above but with "ProxyPassReverse"
Any help would be appreciated
Thanks,
Dave
Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:56 EDT