Use Apache reverse proxy to set up external WWW and file servers. Introduction: A machine uses a leased line to access the Internet as a firewall. there is a WWW Server (Redhat6.1, Apache1.3.9) in the internal network segment. We hope this machine can provide external WWW servers and is based on introduction: A machine uses a leased line to access the Internet as a firewall and has a WWW server in the internal network segment.
(Redhat 6.1, Apache 1.3.9) we hope this machine can provide external WWW Servers and
File service. For the external world to access the WWW server, or the foreign branch to download the required files.
Advantage: The internal WWW server and file service are completely separated from the external world and are not directly connected to the external world.
The Apache service running on the firewall provides internal proxy access, enhancing security.
The Apache service running on the firewall uses the name-based virtual host technology
The home page will not be accessed. Meets the requirements of the firewall to run services less and more secure.
Implementation Method: The Apache server (192.168.11.2) in the intranet segment stores the company homepage for internal
And external users for public access, and set the/home/ftp/pub directory as the file storage area,
Http://download.yourdomain.com/pub/.
Configure apache reverse proxy technology on the firewall to allow the Firewall to access the intranet segments.
Steps:
1. Apache server settings on the intranet segment
Apache adopts the default configuration. The main directory is/home/httpd/html, and the host domain name is sun.yourdomain.com,
And the alias www.yourdomain.com, and the definition of setting srm. conf and adding a line of alias is as follows:
Alias/pub/home/ftp/pub/
The default application type is defined as follows:
DefaultType application/octet-stream
Add a definition in/etc/httpd/conf/access. conf.
Options Indexes
AllowOverride AuthConfig
Order allow, deny
Allow from all
Note: Options indexesallows you to list directories and files without finding the index.html file.
AllowOverride AuthConfig allows you to perform basic user name and password verification.
In this case, you need to put. htaccess in the/home/ftp/pub Directory. the content is as follows:
-------
[Root @ shopu pub] # more. htaccess
AuthName Branch Office Public Software Download Area
AuthType Basic
AuthUserFile/etc/. usrpasswd
Require valid-user
------
Then use # htpasswd-c/etc/. usrpasswd user1
Create different external usernames and passwords that are allowed to access the file service in/pub.
II. reverse proxy configuration on the firewall:
Add the following line to/etc/httpd/conf/httpd. conf.
NameVirtualHost 1.2.3.4
#1.2.3.4 is the permanent IP address on the Internet of the firewall's external Nic
Servername www.yourdomain.com
Errorlog/var/log/httpd/error_log
Transferlog/var/log/httpd/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http: // 192.168.11.2/$1 [P, L]
Servername download.yourdomain.com
Errorlog/var/log/httpd/download/error_log
Transferlog/var/log/httpd/download/access_log
Rewriteengine on
Proxyrequests off
Usecanonicalname off
Rewriterule ^/(. *) $ http: // 192.168.11.2/$1 [P, L]
Note: Set the DNS on the firewall so that download.yourdomain.comwww.yourdomain.com points
The external Nic address of the firewall. Www.yourdomain.com
Http://download.yourdomain.com/pub/...participating in the promotion? /A>
You need to create the/var/log/httpd/download/directory on the apache host of the intranet segment. otherwise
Error. In addition, you can set the/home/httpd/html/index.html attribute on the firewall host
750
Listen (Redhat6.1, Apache1.3.9) Hope this machine can provide external WWW server and based on...