Post: Use Apache reverse proxy to set up external WWW and file servers

Introduction: A machine uses a leased line to access the Internet as a firewall and has a WWW server (RedHat 6.1, Apache 1.3.9) in the internal network segment) we hope this machine can provide external www servers and APACHE-based file services. For the external world to access the WWW server, or the foreign branch to download the required files.

Advantage: the internal WWW server and file service are completely separated from the external world and are not directly connected to the external world. The apache service running on the firewall provides internal proxy access, enhancing security, at the same time, the apache service running on the firewall uses the name-based virtual host technology, so that the home page on the firewall will not be accessed. Meets the requirements of the firewall to run services less and more secure.

Implementation Method: the Apache server (192.168.11.2) in the Intranet segment stores the company homepage for public access by internal and external users, set the/home/FTP/pub directory as the file storage area, and use http://download.yourdomain.com/pub/to prepare the file. Configure Apache reverse proxy technology on the firewall to allow the firewall to access the Intranet segments.

Steps:
1. Apache server settings on the Intranet segment
Apache adopts the default configuration. The main directory is/home/httpd/html, the host domain name is sun.yourdomain.com, And the alias is www.yourdomain.com. The definition of setting SRM. conf and adding an alias is as follows:
Alias/pub/home/FTP/pub/

The default application type is defined as follows:
Defaulttype application/octet-stream

Add a definition in/etc/httpd/CONF/access. conf.

Options Indexes
AllowOverride authconfig
Order allow, deny
Allow from all

Note: Options indexesallows you to list directories and files without finding the index.html file. AllowOverride authconfig allows you to perform basic user name and password verification. In this case, you need to put. htaccess in the/home/FTP/pub directory. The content is as follows:
-------
[Root @ shopu pub] # More. htaccess
Authname Branch Office Public Software Download Area
Authtype basic
Authuserfile/etc/. usrpasswd
Require valid-user
------
Then use # htpasswd-C/etc/. usrpasswd user1
Create different external usernames and passwords that are allowed to access the file service in/pub.

Ii. reverse proxy configuration on the firewall:
Add the following line to/etc/httpd/CONF/httpd. conf.
Namevirtualhost 1.2.3.4

#1.2.3.4 is the permanent IP address on the Internet of the firewall's external Nic

Servername www.yourdomain.com
Errorlog/var/log/httpd/error_log
Transferlog/var/log/httpd/access_log
Rewriteengine on
Proxyrequests off
UseCanonicalName off
Rewriterule ^/(. *) $ http: // 192.168.11.2/$1 [P, L]

Servername download.yourdomain.com
Errorlog/var/log/httpd/download/error_log
Transferlog/var/log/httpd/download/access_log
Rewriteengine on
Proxyrequests off
UseCanonicalName off
Rewriterule ^/(. *) $ http: // 192.168.11.2/$1 [P, L]

Note: Set the DNS on the firewall so that both download.yourdomain.com and www.yourdomain.com point to the external NIC address of the firewall. Use www.yourdomain.com to protect your company homepage, and use http://download.yourdomain.com/pub/to download your public file.

You need to create the directory/var/log/httpd/download/on the Apache host in the Intranet segment; otherwise, an error will occur. In addition, you can set the/home/httpd/html/index.html attribute on the firewall host to 750 to block access, in case external users can access the Apache homepage on the firewall.