Secure Reverse Proxy

Papers:

Original Howto: HOWTO: Reverse Proxy with Apache, including SSL and RSA SecurID Authentication

Paper published at SANS: An Additional Layer of Defense for Microsoft Outlook Web Access

The links above provide details on how to setup a reverse proxy server using Apache on Red Hat Linux and only one network interface. It goes into further detail on how to include both SSL and SecurID to encrypt and authenticate connections. The original howto covers the basic install and general setup for most applications.

The second paper, re-written for SANS, goes into much greater detail on how to deploy such a server and specificly how to use the reverse proxy to secure access to a Microsoft Outlook Web Access (OWA) server. It covers everything in the howto but in greater detail and also includes other configurations such as proper Iptables settings.

These papers can be used in whole or in part, depending on how you want to set up the reverse proxy.

With each release of Red Hat, Apache, mod_ssl and so on, I have been updating the documentation after testing the new versions of software. I will probably stop doing this as it appears to work with each new version. However, I will update the documentation with any major changes that may occur, such as with the new version of RSA’s Web Agent for Apache. I will also include changes anyone submits for additions or corrections to the current HOWTO.

I hope these papers help.

Contact me at {sawall -[at]- gmail -[dot]- com}