ProxyPass and ProxyPassReverse was the command used for reverse proxy between servers. People might be wondering why reverse proxy was used at the first place? Imagine I have two servers that I want it to be accessible from the people outside and the usual method used was by placing both servers in the DMZ.
Reverse Proxy To Bypass DMZ
Problem is the applications that I am putting in DMZ has lower end of Apache version which has certain known vulnerability and the security architect proposed that both server should not be in the DMZ.
So where should we place it? It would be inside the internal network and it will still works because there will be a proxy server placed in the DMZ.
The proxy server which has higher end of Apache version will act as middle man and pushing the communication from the world outside to the two server resides in internal network.
ProxyPass And ProxyPassReverse Sample Script
Reverse Proxy URL – https://oracle.proxy.com
Single Signon URL – https://oracle.sso.com
Applications URL – https://oracle.apps.com
The reverse proxy configuration should be deployed in the proxy server in DMZ and make sure the mod proxy was available before you add in the script as below.
#Add into Apache configuration ssl.conf
SSLProxyEngine was set on because the reverse proxy communication was in HTTPS mode which requires SSL.
#Add into Apache configuration httpd.conf
Allow from all
#Reverse Proxy Setting For Oracle Single Sign On
ProxyPass /sso https://oracle.sso.com/sso
ProxyPassReverse /sso https://oracle.sso.com/sso
ProxyPass /pls/orasso https://oracle.sso.com/pls/orasso
ProxyPassReverse /pls/orasso https://oracle.sso.com/pls/orasso
ProxyPass /osso_login_success https://oracle.sso.com/osso_login_success
ProxyPassReverse /osso_login_success https://oracle.sso.com/osso_login_success
ProxyPass /osso_logout_success https://oracle.sso.com/osso_logout_success
ProxyPassReverse /osso_logout_success https://oracle.sso.com/osso_logout_success
#Reverse Proxy Setting For Oracle Applications E-Business Suite
ProxyPass / https://oracle.apps.com/
ProxyPassReverse / https://oracle.apps.com/
Now when the user go into https://oracle.proxy.com, eventually they will be seeing the content of the page of https://oracle.apps.com/.
What if the user goes to https://oracle.proxy.com/sso? It will be goes to https://oracle.sso.com/sso as set in ProxyPass and ProxyPassReverse.
The beautiful thing about reverse proxy was the URL will be showing oracle.proxy.com all the time and this can masked the internal server name from the world outside.
Refer to 502 Bad Gateway Error which was related to the communication between proxy server and internal server.
Next» Oracle Java Memory Performance