Topic: PROB: External webserver redirecting to internal web server

[Hugo Sviercovich]

Well, i thought it was all done...

The facts:

I finally managed to have my external Apache web server (on E-smith box) redirecting http traffic to my internal network web server (NT box)... all done transparently (as i wanted) with the ProxyPass directive in Apache's configuration module.

ProxyPass transalates my external IP address (say 182.12.235.124)  to my internal network's IP (say 10.10.174.20) as it was the same server.

The Problem:

My site is meant to use NT security so, the page i'm publishing pops out the login and password NT messagebox. As you've probably seen it, it does show the Site label, the Login textbox, the password textbox, and also a "Domain" label

But.... the domain ip it shows is actually my internal web server's IP. I don't want that!! what i would want is to show my external ip instead (182.12.235.124).

Although i know it's technically correct for it to show the internal IP since my internal web server doesn't know anything about Apache, what i would want instead is to show the external IP... or at least to hide that "Domain" label. Is that possible?

I don't know if there's some kind of workaround with this prob.  Pleaaaase! i need urgent help with this.

Thanks fot your time and help in advance

Kind regards,

Hugo

[Bobby]

I would validate a user's right to the file by having them enter a username/password and matching it against a db, rather than using NT security.  

You can do this with ASP code within your web pages.

There may be other ways to accomplish what you are wanting, but this is an option.

Do you have documentation on how you get the reverse proxy  going?  I want to do the same thing, but have not found the doco on how to do it, yet....though I must admit I have not looked very hard, but the time is nearing that I will need this functionality.

~Bobby

[Hugo Sviercovich]

Hello there Bobby,

Thanks for taking your time to answer. Well... that's a nice advance on solving the problem, but i still need to follow the guidelines that the boss (G.O.D) =) has given me so still would want to use NT security. I'll push hard towards using db user validation... but until then i'll see what i could do.

Since you've taken the time to answer my question, i'll give you the hint you're looking for on reverse proxying.

I found out it was a mess to take that up and working since i didn't know much about e-smith architecture. I did this on my e-smith box:

1.- Create the following directory :

/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

#This is a new template you'll use for "expanding" the web server functionallity

2.- Create the following file on the directory you created:

76ProxyPass00

## The number of the file (76) i understand could be
## whichever between a range now i don't remember,
## but still you could use 76 and it'll be fine if you don't repeat it.

3.- Edit that file with the following lines:


ProxyPass  
ProxyPassReverse  


##for instance:

##
##ProxyPass /   http://10.10.174.42
##ProxyPassReverse /   http://10.10.174.42
##

##would redirect any http traffic from the web root of your external web server to ##the web root of your internal web server 10.10.174.42

##If you'd like to redirect to any other web servers just keep on adding lines to that ##file with the ProxyPass and ProxyPassReverse directives.

4.- Now that you have the configuration file set up it's time to make it work:

The way to make it work is to "expand" (that is the term e-smith uses) the template you've just created

type on the prompt:

/sbin/e-smith/expand-template   /etc/httpd/conf/httpd.conf

That command should have "integrated" the ProxyPassing to the Apache functionallity.

5.- Finally it's time to restart the web server:

/etc/rc.d/init.d/httpd-e-smith restart

------------------------------------------------------
And that's it!

Tell me if it worked for you, ok?

Anyway, a much more complete explanation could be found
on

http://www.mail-archive.com/devinfo%40lists.e-smith.org/

just look for "ProxyPass" and you'll get lots of information.

Hope that helped you out. By the way, if you find any other workaround (sorry for being rather pushy) to my problem, tell me, ok?

See you my friend

Regards

Hugo