httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Chen" <peter.c...@aicent.com>
Subject [users@httpd] about Apache HTTP Server reverse proxy
Date Fri, 08 Jan 2010 10:27:34 GMT
Hi, all

I want to use Apache HTTP Server as a reverse proxy server and use it to
implement the function of load balancing.

I made architecture of High Availability with Tomcat and Apache, here I
will describe it simply.

						USERS
 						 |
						INTERNET
 						 |
						Firewall
 						 |
						 BigIP(F5)
					  /      \
                        /         \
                     Apache        Apache
			  HTTP Server         HTTP Server --(in reverse
proxy mode)
                         \        /
                          \      /
                           Firewall
						/      \
                           /         \
                       Tomcat      Tomcat
                           \        /            
						\      /              
			DataBase(Master)    DataBase(Slave)

The BigIP is a product of F5, and I put it in front of Apache HTTP
Server, I use it to implement the function of load balancing for Apache
HTTP Server.

There are two firewalls, and I put two Apache HTTP Servers between them
to implement load balancing and reverse proxy.
Behind these two firewalls, I put two Tomcat servers as rare-end
servers.

I want to know does this architecture widely used? 

Could someone give me some instances of using this architecture? For
example, the company name, the project name?


I also worry about the security of reverse proxy mode.
For example, if a hacker want to destroy my system, he construct a
wicked HTTP request package to my system. After the Apache HTTP Server
received the HTTP request package, it will forward the package to
Tomcat. So, the Tomcat will be destroyed.

But I have read passages about reverse proxy, all of them say that
reverse proxy is very secure. If it works like I've just written, it's
not secure any more.

Am I right? Could you help me analyze it?

Thanks.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message