Introduction: A machine with a dedicated line to the Internet as a firewall, on the internal network segment has a WWW server
(Redhat 6.1,apache 1.3.9) Hope this machine can provide the WWW server and Apache-based
of file services. For the external world Public access to the WWW server, or the foreign branch to download the required files.
Advantage: The internal WWW server and file service are completely separated from the outside world, not directly connected to the outside, through
The Apache service running on the firewall provides internal proxy access, enhances security, and
The Apache service running on the firewall uses the name-based virtual host technology to make the firewall
The home page will not be accessed. Conforms to the guideline that the firewall requires fewer services to run, and more security.
Implementation method: The Apache Server (192.168.11.2) on the internal network segment stores the company homepage for internal
and external user public access, and set the/home/ftp/pub directory as the file storage area, with
http://download.yourdomain.com/pub/to visit.
The Apache reverse proxy technology is set up on the firewall, which is proxied to the internal network segment.
Steps:
I. Apache server settings on the internal network segment
Apache uses the default configuration. The main directory is/home/httpd/html, the host domain name is sun.yourdomain.com,
And the alias Www.yourdomain.com, and the set srm.conf plus one line alias is defined as follows:
alias/pub/home/ftp/pub/
and change the default application type definition as follows:
DefaultType Application/octet-stream
Finally, add a definition to the/etc/httpd/conf/access.conf
Options Indexes
AllowOverride authconfig
Order Allow,deny
Allow from all
Note: The Options indexes allows lists of directories/files to be allowed in the case where the index.html file cannot be found.
AllowOverride authconfig allows for basic user name and password verification.
In this case, you need to put the. htaccess in the/home/ftp/pub directory, as follows:
-------
[Root@shopu pub]# more. htaccess
AuthName Branch Office public software Download area
AuthType Basic
authuserfile/etc/.usrpasswd
Require Valid-user
------
Then use #htpasswd-c/etc/.usrpasswd user1
Create separate external user names and passwords that allow access to the file service under/pub.
Two. Reverse proxy configuration on the firewall:
Add the following line to/etc/httpd/conf/httpd.conf
Namevirtualhost 1.2.3.4
# 1.2.3.4 is a permanent IP address on the Internet of the firewall external NIC
ServerName www.yourdomain.com
Errorlog/var/log/httpd/error_log
Transferlog/var/log/httpd/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://192.168.11.2/$1 [p,l]
ServerName download.yourdomain.com
Errorlog/var/log/httpd/download/error_log
Transferlog/var/log/httpd/download/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://192.168.11.2/$1 [p,l]
Note: Set up DNS on the firewall so that download.yourdomain.comwww.yourdomain.com all point to
The external network adapter address of the firewall. Www.yourdomain.com Ask your company homepage, with
http://download.yourdomain.com/pub/... A little?/a>
You need to create the directory/var/log/httpd/download/directory on the Apache host on the Internal network segment, or you will
Error. Alternatively, you can set the properties of the/home/httpd/html/index.html on the firewall host to
750
http://www.bkjia.com/PHPjc/314738.html www.bkjia.com true http://www.bkjia.com/PHPjc/314738.html techarticle Introduction: A machine with a dedicated line access to the Internet as a firewall, on the internal network segment has a WWW server (redhat6.1,apache1.3.9) hope this machine can provide the WWW server and based on ...