A few weeks ago i wrote that i wanted to investigate setting up a reverse web proxy with mod_security. I have now finally found a little time to do so. What surprised me was how easy it actually is!
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
Allow from all
#Allow from .your_domain.com
# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
# use to disable proxy for a specific subdir
# ProxyPass /blog/wp-admin !
ProxyPass /blog http://internalserver/blog
ProxyPassReverse /blog http://internalserver/blog
# use to disable access to a specific subdir
Deny from all
Allow from 192.168.1.2
# use to force errors by the internal host to look like to be coming from the proxy host.
# disabled because it causes problems with WordPress.
This is the entire config for the proxy part. Next, enable mod_security. As far as i can see there is nothing special about ModSecurity and reverse proxies. So just enable it like you would on a webserver.
Some useful links for setting up reverse proxies using Apache:
Thats all for now!