Hi all, Before asking in this mailing list I could not figure out any solution, I think any of the three proposed will solve the problem. I've already tried remap.config solution and it worked. Now, I will try reverse-proxy and proxy with SSL. My thanks to Sail GK, Leif Hedstrom, and Alan Carroll. You have saved me days of work.
James On Mon, Jun 19, 2017 at 11:33 AM, Alan Carroll < [email protected]> wrote: > ip_allow.config would also work to allow inbound connections only from > specific (client) IP addresses. Note that remap works for forward proxy > therefore a remap.config could force all requests to the target. > Alternatively, since ip_allow.config now supports outbound controls that > could be set to allow outbound connections to only that specific IP address. > > > > On Monday, June 19, 2017, 8:36:22 AM CDT, Leif Hedstrom <[email protected]> > wrote: > > > Why can't you run this as a reverse proxy? Have all your service names in > DNS point to the same IP running the proxy server, and add appropriate map > rules for each one to the respective service IP (which are 1918 ranges I > assume). You then want to require remap n the config she, which disables > ATS as an open forward proxy. > > In this scenario you likely want to enable the pristine host header > configuration as well. > > -- Leif > > On Jun 19, 2017, at 5:24 AM, salil GK <[email protected]> wrote: > > Hi James > > Yes traffic server has different mechanism to do authentication. Most > secure way is to make the port as ssl port > > CONFIG proxy.config.http.server_ports STRING 8445:ssl > > take a look at the following parameter on how to control client access > > CONFIG proxy.config.ssl.client.certification_level INT 2 > > origin server access can be controlled by writing/modifying plugin. for > authentication you may consider auth plugin > > Thanks > ~S > > > > > On 19 June 2017 at 16:02, James P <[email protected]> wrote: > > > > I have an application (C# software) that has been running on several > clients. This application access a webservice from another company (ABC, > for instance). However, in order to ensure protection, ABC company is now > forcing us to use a single IP to use its webservice. Therefore, all my C# > applications (in several different clients) needs to access using same IP. > > I have installed Apache Traffic Server as forward proxy and everything is > working fine. The problem is that it is working as an open proxy and I know > this is very risky. > > How can I keep this solution with Traffic Server and add some security? > > 1. Is it possible to use some form of authenticated requests in Traffic > Server? > 2. Is it possible to force the proxy to redirect all access the a > webservice.abc-company.com domain? Therefore, it would not be an open > proxy. > > Regards, > Jameshdx80 > > >
