Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?
Ok, a follow-up question... My only concern here is security. This is not and never will be a heavily used system, but it will serve as a gateway to a backend accounting system, so I'm not concerned with load balancing or any of the other features that come with a reverse proxy. My only concern is that it be as secure as possible. I know that a reverse proxy in and of itself doesn't add any real security (other than this will be running on linux, which I'm more comfortable exposing to the internet). So, with that in mind... I would appreciate any links to how to do this with security as the primary goal. Something more than just 'enable mod_security'. Also, I would be very open to paying a consultant to assist in setting this up, if I can be convinced they are legit and worth their asking price. Two things I'd want/need help with is testing to whittle down the http features to only those necessary to interact with our system, taking advantage of mod_secs 'continuous passive security assessment' feature, and anything else that makes sense. And thanks for the responses so far! */Charles/*/* */ On Mon May 07 2018 13:56:56 GMT-0400 (Eastern Standard Time), Yehuda Katz wrote: > Your application will still need to run on a Windows server with IIS, > but it can be behind your firewall. Your Apache HTTPD server would go > in your DMZ and would proxy connections between the clients on the > internet and the internal server. (Your firewall would need to allow > those connections.) > > - Y > > On Mon, May 7, 2018 at 1:44 PM Charles Marcus > mailto:cmar...@media-brokers.com>> wrote: > > Ok, thanks! > > But to be clear - I asked the Support people and was told, and I > quote: > > "The Webvantage, Client Portal and Mobile Server applications are > .Net IIS applications that require Microsoft Windows and IIS." > > So... was that just a typical response from a Windows support > person who doesn't really understand web servers? > > The software in question is described here: > > http://www.gotoadvantage.com/web-based-management-software > > I don't mind doing the work, I'd just rather not go down a rabbit > hole trying to do something that can/will never work. > > Thanks again, > > */Charles/*/* > > > */ > On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), > Yehuda Katz <mailto:yeh...@ymkatz.net> wrote: >> Certainly. I would start with the Reverse Proxy >> Guide: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html >> Come back here if you have any questions. >> >> - Y >> >> On Mon, May 7, 2018 at 1:32 PM Charles Marcus >> mailto:cmar...@media-brokers.com>> wrote: >> >> Hello all, >> >> I just want to know if this is even worth my time trying to >> figure out. >> >> We have an Accounting application (.ne/IIS on Windows Server >> 2008R2) on our LAN, but I need to provide a window to this >> through the internet, and I'd really, really like to not put >> a Windows Server on our DMZ facing the internet directly (if >> I have to, it will be a separate/standalone server that >> redirects/proxies to the Accounting server). >> >> first and foremost - is it even possible to setup an Apache >> server to do this? I loathe IIS, and also don't know much >> about it, but I'm also pretty much a noob when it comes to >> web servers in general. I do have some experience a while >> back with Apache, which is why I'm starting here. >> >> If it isn't, so be it, but if it is, is it very involved? >> >> Tia... >> >> */Charles/*/* >> */ >> >
Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?
Ok, will give this a shot, although I won't get any support from them for the reverse proxy - but hopefully won't need any. :) */Charles/*/* */ On Mon May 07 2018 13:56:56 GMT-0400 (Eastern Standard Time), Yehuda Katz wrote: > Your application will still need to run on a Windows server with IIS, > but it can be behind your firewall. Your Apache HTTPD server would go > in your DMZ and would proxy connections between the clients on the > internet and the internal server. (Your firewall would need to allow > those connections.) > > - Y > > On Mon, May 7, 2018 at 1:44 PM Charles Marcus > mailto:cmar...@media-brokers.com>> wrote: > > Ok, thanks! > > But to be clear - I asked the Support people and was told, and I > quote: > > "The Webvantage, Client Portal and Mobile Server applications are > .Net IIS applications that require Microsoft Windows and IIS." > > So... was that just a typical response from a Windows support > person who doesn't really understand web servers? > > The software in question is described here: > > http://www.gotoadvantage.com/web-based-management-software > > I don't mind doing the work, I'd just rather not go down a rabbit > hole trying to do something that can/will never work. > > Thanks again, > > */Charles/*/* > > > */ > On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), > Yehuda Katz <mailto:yeh...@ymkatz.net> wrote: >> Certainly. I would start with the Reverse Proxy >> Guide: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html >> Come back here if you have any questions. >> >> - Y >> >> On Mon, May 7, 2018 at 1:32 PM Charles Marcus >> mailto:cmar...@media-brokers.com>> wrote: >> >> Hello all, >> >> I just want to know if this is even worth my time trying to >> figure out. >> >> We have an Accounting application (.ne/IIS on Windows Server >> 2008R2) on our LAN, but I need to provide a window to this >> through the internet, and I'd really, really like to not put >> a Windows Server on our DMZ facing the internet directly (if >> I have to, it will be a separate/standalone server that >> redirects/proxies to the Accounting server). >> >> first and foremost - is it even possible to setup an Apache >> server to do this? I loathe IIS, and also don't know much >> about it, but I'm also pretty much a noob when it comes to >> web servers in general. I do have some experience a while >> back with Apache, which is why I'm starting here. >> >> If it isn't, so be it, but if it is, is it very involved? >> >> Tia... >> >> */Charles/*/* >> */ >> >
Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?
Ok, thanks! But to be clear - I asked the Support people and was told, and I quote: "The Webvantage, Client Portal and Mobile Server applications are .Net IIS applications that require Microsoft Windows and IIS." So... was that just a typical response from a Windows support person who doesn't really understand web servers? The software in question is described here: http://www.gotoadvantage.com/web-based-management-software I don't mind doing the work, I'd just rather not go down a rabbit hole trying to do something that can/will never work. Thanks again, */Charles/*/* */ On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), Yehuda Katz wrote: > Certainly. I would start with the Reverse Proxy > Guide: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html > Come back here if you have any questions. > > - Y > > On Mon, May 7, 2018 at 1:32 PM Charles Marcus > mailto:cmar...@media-brokers.com>> wrote: > > Hello all, > > I just want to know if this is even worth my time trying to figure > out. > > We have an Accounting application (.ne/IIS on Windows Server > 2008R2) on our LAN, but I need to provide a window to this through > the internet, and I'd really, really like to not put a Windows > Server on our DMZ facing the internet directly (if I have to, it > will be a separate/standalone server that redirects/proxies to the > Accounting server). > > first and foremost - is it even possible to setup an Apache server > to do this? I loathe IIS, and also don't know much about it, but > I'm also pretty much a noob when it comes to web servers in > general. I do have some experience a while back with Apache, which > is why I'm starting here. > > If it isn't, so be it, but if it is, is it very involved? > > Tia... > > */Charles/*/* > */ >
[users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?
Hello all, I just want to know if this is even worth my time trying to figure out. We have an Accounting application (.ne/IIS on Windows Server 2008R2) on our LAN, but I need to provide a window to this through the internet, and I'd really, really like to not put a Windows Server on our DMZ facing the internet directly (if I have to, it will be a separate/standalone server that redirects/proxies to the Accounting server). first and foremost - is it even possible to setup an Apache server to do this? I loathe IIS, and also don't know much about it, but I'm also pretty much a noob when it comes to web servers in general. I do have some experience a while back with Apache, which is why I'm starting here. If it isn't, so be it, but if it is, is it very involved? Tia... */Charles/*/* */
Re: [EMAIL PROTECTED] reverse proxy with ldap authentication
Please don't BCC mail lists... that is rude. [EMAIL PROTECTED], on 9/27/2007 2:28 AM, said the following: Hi all, I try to install a reverse proxy with ldap authentication : it works with ldap but not with ldaps. I've got this notice about LDAP and SSL in the log [Wed Sep 26 16:57:40 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK [Wed Sep 26 16:57:40 2007] [notice] LDAP: SSL support unavailable [Wed Sep 26 16:57:40 2007] [notice] Apache/2.0.52 (Red Hat) configured -- resuming normal operations Any help would be appreaciated. Thx Roberto - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Upgrade 2.0 to 2.2 on Gentoo - apache won't start...
Hello, I'm in a bit of a bind... the consultant I normally use is unavailable, and I did something dumb... I upgraded apache from 2.0.58 to 2.2.6 without him being available, and now it won't start... It was working fine before, so this is hopefully just a config issue, and I'd appreciate any help anyone can offer... First, my box: AMD Dual Opteron, Tyasn S2895 MB, 2GB RAM Gentoo, kernel 2.6.17 (yes, I'm planning on updating it soon) When I upgraded, it also updated PHP from 5.2.4_pre200708051230-r2 to 5.2.4_p20070914-r2, and installed apache-tools... I'm using SSL only, and vhosts. I did opt to use the new config files, so if someone could point me to a HowTo for setting up SSL and vhosts, maybe that would be enough... anyway... When I try to start it via the init script, I'm getting this error: * Starting apache2 ... apache2: Could not reliably determine the server's fully qualified domain name, using m.y.i.p for ServerName [Sun Sep 23 19:45:50 2007] [warn] NameVirtualHost m.y.i.p:443 has no VirtualHosts I have my hostname correctly set in /etc/hosts - remember, it was working fine before... netstat -tapn definitely shows it is NOT running... I only want SSL (443) running, and want any requests to port 80 redirected to 443. I do remember seeing something about SSL being started a bit differently... Anyway, any pointers would be much appreciated! Thanks, -- Charles - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]