I’m configuring a reverse proxy in stages. Initially, I just wanted to see if the proxying would work, so In a virtual server, I set up a Proxy balancer://webfarm with a couple BalancerMembers inside and an lbmethod of byrequests. Then I used a:
ProxyPass / balancer://webfarm to make sure I could get to the content on the back end server and it all worked fine. If a file was accessible on the back-end, I would get it back. Then, to lock things down further, I removed the prefix-based ProxyPass line and replaced it with a series of: ProxyPassMatch "^/pagename$" balancer://webfarm/pagename.php lines for each page followed by a: ProxyPass / ! to send everything not explicitly allowed a 404. This all works fine. Checking my logs I saw favicon.ico was getting sent 404s on the proxy server, so I added a line to my config with the other allowed elements: ProxyPassMatch "^/favicon.ico$" balancer://webfarm/favicon.ico but after restarting Apache, I still get 404s. Thinking there may be something trailing or following that I can’t see, I tried: ProxyPassMatch "favicon.ico" balancer://webfarm/favicon.ico restarted and still 404s. The only way I can make it work is with ProxyPass /favicon.ico balancer://webfarm/favicon.ico which, while not the end of the world, is inconsistent with my overall lockdown strategy so I’m wondering if anyone can tell me where I went wrong. I haven’t gotten to the allow-list for my images yet, but I’m worried I’m going to have the same problem with them. Also, I know the ProxyPassMatch line is definitely matching for favicon.ico because even if I put the ProxyPass / that passes everything to the back-end server back into the config, if it’s below the ProxyPassMatch line for favicon.ico I still get a 404. Thanks, Scott
