Reverse proxying APEX with Apache

April 5, 2008  |  apex, linux, security

One of the measures to create a secure infrastructure is to build a DMZ. DMZ or demilitarized zone is a term based on military usage but more appropriately known as perimeter network or a demarcation zone. DMZ is a physical or logical subnetwork that contains and exposes an organization’s external services to a larger, untrusted network, usually the Internet. The main purpose of a DMZ is to add an additional layer of security. With a DMZ and intruder only has access to hardware in the DMZ, rather than the whole network.

So in my knowledge, the APEX server should be in the intranet and it only would accept http or https connections from an HTTP Server that would be in the firewalled DMZ.

 What I recommend is to use a supported and updated HTTP Server (usually Apache 2) and use it to reverse proxy the traffic the APEX server.

To reverse proxy the traffic I add these lines to the httpd.conf:

...
ProxyPass /apex http://myapexserver:8080/apex
ProxyPassReverse /apex http://myapexserver:8080/apex
ProxyPass /i http://myapexserver:8080/i
ProxyPassReverse /i http://myapexserver:8080/i
...

 

These statements say to APEX that whenever It receives a call to a Location started with “/apex” then it must redirect the call to the host “myapexserver”. The same also happens to the images Location “/i”

This configuration can also be used with the SSL (mod_ssl) that comes with Apache and would allow you to provide secure traffic between your servers and the internet users. Just add it to your ssl.conf file instead of httpd.conf.

 


3 Comments


  1. Hello,

    Have you ever tried that configuration with Single Sign-on enabled?

    Yours sincerely,

    Jonathan

  2. Caching factor server

    A caching factor server accelerates servicing requests by retrieving please saved from a prior to call for made by means of the yet patron or placid other clients. Caching proxies deter local copies of frequently requested resources, allowing large organizations to significantly restrict their upstream bandwidth routine and cost, while significantly increasing performance. Most ISPs and imposingly businesses have on the agenda c trick a caching proxy. Caching proxies were the first thoughtful of factor server.

    Some poorly-implemented caching proxies be struck by had downsides (e.g., an incompetence to squander narcotic addict authentication). Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems).

    Another urgent put into practice of the proxy server is to break down the components cost. An organism may contain uncountable systems on the same network or eye oversee of a unmarried server, prohibiting the potentiality of an special link to the Internet in compensation each system. In such a dispute, the individual systems can be connected to joined delegate server, and the proxy server connected to the main server.

Trackbacks

  1. Reverse proxy APEX with Nginx | Beyond Oracle
  2. Speed Up Traffic from APEX servers | Beyond Oracle

Leave a Reply