Introduction: A machine with a dedicated line access to the Internet as a firewall, in the intranet segment has a WWW server
(Redhat 6.1,apache 1.3.9) expects this machine to provide WWW server and Apache based
File services. For the external world to publicly access the WWW server, or the field branch to download the required files.
Advantages: The internal WWW server and file service are completely separated from the outside world, not directly to the outside, through
The Apache service running on the firewall provides internal proxy access, enhances security, and
The Apache service running on the firewall uses the name-based virtual host technology to make the
The home page is not accessed. Conforms to the principle that the less the security is required to run a service as a firewall.
Implementation method: The Apache Server (192.168.11.2) on the intranet segment is the company home page for Internal
and external users public access, and set the/home/ftp/pub directory for the file storage area, with
http://download.yourdomain.com/pub/to visit.
The Apache reverse proxy technology is set on the firewall, which is accessed by the firewalls agent on the internal network segment.
Steps:
I. Apache server settings on the intranet segment
Apache uses the default configuration. The home directory is/home/httpd/html, the host domain name is sun.yourdomain.com,
And the alias Www.yourdomain.com, and the set srm.conf plus one line alias is defined as follows:
alias/pub/home/ftp/pub/
and changing the default application type definition is as follows:
DefaultType Application/octet-stream
Finally, add a definition to the/etc/httpd/conf/access.conf
Options Indexes
AllowOverride authconfig
Order Allow,deny
Allow from all
Note: The Options indexes allows lists of directories/files to be listed without the index.html file being found.
AllowOverride authconfig allows for basic user name and password authentication.
In this case, you need to put the htaccess in the/home/ftp/pub directory, which reads as follows:
-------
[Root@shopu pub]# more. htaccess
AuthName Branch Office public Software Download Area
AuthType Basic
authuserfile/etc/.usrpasswd
Require Valid-user
------
And then use #htpasswd-c/etc/.usrpasswd user1
Create separate external user names and passwords that allow access to file services under/pub.
Two. Reverse proxy configuration on the firewall:
Add the following line to/etc/httpd/conf/httpd.conf
Namevirtualhost 1.2.3.4
# 1.2.3.4 is a permanent IP address on the Internet for the external network card of the firewall
ServerName www.yourdomain.com
Errorlog/var/log/httpd/error_log
Transferlog/var/log/httpd/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://192.168.11.2/$1 [p,l]
ServerName download.yourdomain.com
Errorlog/var/log/httpd/download/error_log
Transferlog/var/log/httpd/download/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http://192.168.11.2/$1 [p,l]
Note: Set DNS on the firewall so that download.yourdomain.comwww.yourdomain.com points to
The external network card address of the firewall. Www.yourdomain.com Ask your company homepage, with
http://download.yourdomain.com/pub/... slightly ?/a>
You need to create a directory/var/log/httpd/download/directory on the Apache host in the intranet segment, or you will
Error. Alternatively, you can set the/home/httpd/html/index.html property on the firewall host to
750
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
