/etc/nginx/sites-enabled/default:
server {
listen 80;
root /usr/share/nginx/www;
location / {
proxy_pass http://[apache-host]/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
/etc/apache2/mods-enabled/rpaf.conf:
<IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips [nginx-ip]
RPAFheader X-Real-IP
</IfModule>
/etc/apache2/sites-enabled/000-default:
<VirtualHost *:80>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from [nginx-ip]
</Directory>
</VirtualHost>
In the above case, I should get a deny from any host except [nginx-host].
Instead, proxied requests are allowed. In the apache log, it shows the
original client ip and 200 success.
If I change the apache config
allow from [nginx-ip]
to
allow from [client-ip]
then direct requests are allowed, and proxied requests are denied.
Note that I have separate servers. I never tried this with both servers
on the same host. Perhaps that has something to do with it.
John
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
