这个 proxypass 设置安全吗

发布于 2024-11-29 10:03:58 字数 888 浏览 1 评论 0原文

我维护一个网站，其中 apache 位于端口 80，jboss 位于 8080。此外，我还有一个直接由 apache 提供服务的 WordPress 博客。因此，对 www.mysite.com/blog 的所有请求均由 apache 提供服务，对 www.mysite.com/ 的所有请求均由 jboss 提供服务。为了启用此功能，我定义了以下 proxypass 设置。

<VirtualHost *:80>
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass /blog !
  ProxyPass / http://localhost:8080/index.jsp retry=0
  ProxyPassReverse / http://localhost:8080/index.jsp
  ProxyPreserveHost on

  LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
  TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>

这些设置安全吗？我正在阅读 apache 文档，他们提到了这一点

警告请勿使用 ProxyRequests 启用代理，除非您已确保您的服务器安全。开放的代理服务器对您来说都是危险的网络和整个互联网。

所以我不确定我还需要做什么来确保这些设置的安全，

原文

I maintain a website with apache at port 80 and jboss at 8080. Additionally, I have a wordpress blog served directly from apache. So all requests to www.mysite.com/blog gets served by apache and all requests to www.mysite.com/ gets served by jboss. To enable this, I defined the following proxypass setting.

<VirtualHost *:80>
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass /blog !
  ProxyPass / http://localhost:8080/index.jsp retry=0
  ProxyPassReverse / http://localhost:8080/index.jsp
  ProxyPreserveHost on

  LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
  TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>

Are these settings safe ? I was reading the apache documentation and they mentioned that

Warning Do not enable proxying with ProxyRequests until you have
secured your server. Open proxy servers are dangerous both to your
network and to the Internet at large.

So I was not sure what else I need to do to make these settings safe,

分享到QQ

分享到微博