I have configured a reverse proxy and is working ok for one internal server, for example our mail server.
Now, I like to know if it is possible to configure a reverse proxy for only one server /application (in this case our web intranet).
Our problem is Intranet call another aplication inside same intranet server and another internal servers, and the only way that I know to publish this resources is make a reverse proxy in our dmz apache for all apllications servers, but I like that from our DMZ reverse apache only intranet will be called, and other applications will be called by intranet server, and not reverse proxy.
I like to configure with this system for security reason, and only allow external access to one server.
I have configured With Debian Squeeze and apache 2.2
It is possible? How?
I'll try to give more information about my environment and what I'm trying to do.
I have a server in a dmz that has a domain published DNS Records https://intranet.domain.com with apache 2 configured as reverse proxy of a local intranet server (https://local_ip/intranet/)
config in dmz apache:
<Proxy /intranet/>
ProxyHTMLLogVerbose On
ProxyHTMLURLMap ttps://local_ip/intranet/ /intranet/
ProxyHTMLURLMap / /intranet/
#
ProxyPass ttps://local_ip/intranet/
ProxyPassReverse ttps://local_ip/intranet/
</Proxy>
local intranet server has some other application called with relative paths
ttps://local_ip/app1 as (/app1)
ttps://local_ip/app2 as (/app2)
ttps://local_ip/app3 as (/app3)
and also other application locates on other server and called from intranet server with absolute paths, for example:
ttps://server4/app4
ttps://server5/app5
At this moment I can visit our intranet from external source (Internet) with https://intranet.domain.com/intranet/ but if I want to allow to visit other applications called from intranet server I have to configure every application to reverse proxy and allow comunication between dmz/reverse-proxy server and local_ip, server4, server5 … and we like to allow only between dmz/reverse-proxy and local_ip (intranet server), because other applications only are called from intranet and we want to restrict ips that can visit others servers that are different of intranet server
If I configure every application app4, app5, app1, app2, app3 and /intranet in reverse proxy this works, but this requires to configure all aplication to reverse proxy and with connectivity from dmz
now works….
Internet<--->dmz/reverse-proxy<------>https://local_ip/intranet
<--------------------->/app1
<--------------------->/app2
<--------------------->/app3
<--------------------------------->https://server4/app4
<--------------------------------->https://server5/app5
I like to configure with this structure:
Internet<--->dmz/reverse-proxy<------>https://local_ip/intranet
<----->/app1
<----->/app2
<----->/app3
<----->https://server4/app4
<----->https://server5/app5
The reason for this configuration is to restrict direct access from external access to internal server, and only allow direct access to intranet server from proxy.
It is possible? How can I do this?
Last question, how can I hide urls when you are visitin intranet or other internal application from itnernet and only show https://intranet.domain.com as fixed url?
Best Answer
If I understand you correctly, which I'm not sure I do to be honest, then yes you can.
You don't mention how you are doing the reverse proxying, but if you are not already doing so, my advice would be to use mod re-write.
Imaging you have the following: Internal server called private.mydomain.com, which hosts an app, lets call it myApp, that you want to make available to the public via your world-facing web server. This app is at http://private.mydomain.com/myapp.
Your public server is called www, and you want to make the app visible to the world at www.mydomain.com/myapp
You would use Modrewrite on the public server something like this:
(if you want to reverse proxy HTTPS URLs you also need
SSLProxyEngine On)