ModSecurity: further improvements to the reverse proxy

People can reach my webserver in three ways: by my domain inliniac.net, by the hostname connected to my dsl, and by my ipaddress. What i now wanted is setup the proxy in such a way, that only people visiting inliniac.net would be proxied to the webserver.

Blocking requests that are IP based instead of name based have an important advantage. IP based requests are mostly used by scantools and other forms of malicious traffic that just attempt connecting to port 80 on large IP-ranges. So this way one should be able to keep a lot of crap like worm traffic out.

Implementing this turned out to be a little more complicated than i thought. Essentially the only way i got it working was by creating three virtual hosts and put the proxy configuration in the virtual host for inliniac.net. The other two virtual hosts just deny access, so visiting them gives a 403.

Willam Metcalf told me that the server signature rewrite function from ModSecurity does not hide the original server signature in all cases. In normal 200 and 300 series responses, the original signature is still in the header. Enabling the ‘header’ module and adding this to your config, helps:

Header set Server “Apache”

This way people will know you run Apache, but won’t know which version.

2 thoughts on “ModSecurity: further improvements to the reverse proxy

  1. This solution doesn’t work with a dynamic IP, I’ll look for a solution and I’ll post it once I got it !

  2. Ok check this one:
    #Only allow access through theses hostnames
    SecFilterSelective HTTP_HOST “fqdn1” pass,nolog,skipnext:2
    SecFilterSelective HTTP_HOST “fqdn2” pass,nolog,skipnext:1
    SecFilterSelective HTTP_HOST “^.” deny,log

    Working in all situation dynamic IP as well 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s