Ok, I can give you a documentation than can help you and others to (reverse)-proxy ntop. This one I gave to Luca Deri some weeks ago, as a contribution to the ntop project. I think Luca will be happy if I post it on the mailing list to help users. This doc is "as you see" I'm not an apache expert or so, but did much work to make ntop running on our University's server. I didn't find anything similar on internet and probably is the only working config you can find for ntop 3.2+apache2
This the text, hope you'll find it useful. - Giovanni - ### REVERSE-PROXY NTOP Sometimes can be useful having ntop running proxied. You don't need to open port 3000 (or another one you choose) , so with standard HTTPS service you can have ntop like any other service, happy on your web server. You can point to https://bumbum.com/ntop exactly just like https://bumbum.com/documents or whatever service or dir you commonly use. Security, access-lists, password request can be choosed by web server and ntop is working well, reverse-proxied behind apache2. This config covers APACHE2 and NTOP3.2: so the “new” apache (not 1.3) and the newest ntop. I believe that also older ntop are supported, but haven't tested them. This config was done on debian sarge, and this is a working configuration, not a should-be or guess. Many people connect every day to this ntop-machine through apache2 server and no errors were reported . We can say “works for us”, hope also for you. You need: - ntop 3.2 working on port 3000 with: -w127.0.0.1:3000 -W0 - working apache2 under ssl, on port 443 (else change this number in first two lines in the file below) - apache modules (probably not all are needed, but enabled on my config) : . mod_cgid . mod_headers . mod_security . mod_proxy . mod_proxy-http . mod_proxy-html . proxy_connect.load . proxy_html.load . mod_rewrite . mod_ssl . mod_userdir First part is generic for apache ssl-site, second part is ntop-specific. Of course you have to change some lines to fit your need. FILE /etc/apache2/sites-enables/ntop-ssl : #------------------- NameVirtualHost *:443 <VirtualHost *:443> ############################################################ ###### ALL TRAFFIC ON 443 ( HTTPS ) ############################################################ # change: address of web admin ServerAdmin [EMAIL PROTECTED] SSLEngine On # change: where is ssl certificate on your machine? SSLCertificateFile /etc/apache2/ssl/apache.pem # change: paths for logs (error and custom) ErrorLog /var/log/apache2/error.log # choose one LogLevel value: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On ### PATCH SUGGESTED BY NESSUS ABOUT TRACE ATTACKS RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] #### NTOP (PROXY REVERSE) ######## ProxyHTMLLogVerbose On LogLevel warn ProxyHTMLExtended On ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /ntop/ http://localhost:3000/ ProxyPassReverse /ntop/ http://localhost:3000/ <Location /ntop/> SetOutputFilter proxy-html ProxyHTMLURLMap / /ntop/ ProxyHTMLURLMap /ntop/plugins/ntop/ /ntop/plugins/ RequestHeader unset Accept-Encoding </Location> </VirtualHost> #---------------------------------- _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
