Logo Background

ProxyPass And ProxyPassReverse Configuration

  • By on January 8, 2010 | No Comments

    ProxyPass and ProxyPassReverse was the command used for reverse proxy between servers. People might be wondering why reverse proxy was used at the first place? Imagine I have two servers that I want it to be accessible from the people outside and the usual method used was by placing both servers in the DMZ.

    Reverse Proxy To Bypass DMZ

    Problem is the applications that I am putting in DMZ has lower end of Apache version which has certain known vulnerability and the security architect proposed that both server should not be in the DMZ.

    So where should we place it? It would be inside the internal network and it will still works because there will be a proxy server placed in the DMZ.

    The proxy server which has higher end of Apache version will act as middle man and pushing the communication from the world outside to the two server resides in internal network.

    ProxyPass And ProxyPassReverse Sample Script

    Example scenario:
    Reverse Proxy URL – https://oracle.proxy.com
    Single Signon URL – https://oracle.sso.com
    Applications URL – https://oracle.apps.com

    The reverse proxy configuration should be deployed in the proxy server in DMZ and make sure the mod proxy was available before you add in the script as below.

    #Add into Apache configuration ssl.conf
    SSLProxyEngine on

    SSLProxyEngine was set on because the reverse proxy communication was in HTTPS mode which requires SSL.

    #Add into Apache configuration httpd.conf
    ProxyVia on
    ProxyRequests Off
    ProxyPreserveHost Off
    <Proxy *>
    Order deny,allow
    Allow from all
    RewriteEngine on
    #Reverse Proxy Setting For Oracle Single Sign On
    ProxyPass /sso https://oracle.sso.com/sso
    ProxyPassReverse /sso https://oracle.sso.com/sso
    ProxyPass /pls/orasso https://oracle.sso.com/pls/orasso
    ProxyPassReverse /pls/orasso https://oracle.sso.com/pls/orasso
    ProxyPass /osso_login_success https://oracle.sso.com/osso_login_success
    ProxyPassReverse /osso_login_success https://oracle.sso.com/osso_login_success
    ProxyPass /osso_logout_success https://oracle.sso.com/osso_logout_success
    ProxyPassReverse /osso_logout_success https://oracle.sso.com/osso_logout_success
    #Reverse Proxy Setting For Oracle Applications E-Business Suite
    ProxyPass / https://oracle.apps.com/
    ProxyPassReverse / https://oracle.apps.com/

    Now when the user go into https://oracle.proxy.com, eventually they will be seeing the content of the page of https://oracle.apps.com/.

    What if the user goes to https://oracle.proxy.com/sso? It will be goes to https://oracle.sso.com/sso as set in ProxyPass and ProxyPassReverse.

    The beautiful thing about reverse proxy was the URL will be showing oracle.proxy.com all the time and this can masked the internal server name from the world outside.

    Refer to 502 Bad Gateway Error which was related to the communication between proxy server and internal server.

    » Oracle Java Memory Performance
Leave a Comment