The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 17, 2019, 05:46:28 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Apache's mod_proxy setup  (Read 3398 times)
Bompa
Administrator
Lifer
*****
Offline Offline

Posts: 564


Where does this show?


View Profile
« on: November 22, 2011, 02:11:45 AM »

I have need to implement Apache's mod_proxy on my dedi.

From what I see in the docs:

ProxyRequests On
<Proxy *>
  Order Deny,Allow
  Deny from all
  Allow from my-ip-here
</Proxy>


It does seem to work, but when I check it with whatismyip.com, I
see the main IP of my dedi, but I want one of my other IPs.  So,
where the * is, I put the IP that I want to use as the proxy, but my
main IP is still be used.

What am I missing?

port to listen?

Anyone know?

Bompa
Logged

"The most beautiful and profound emotion we can experience is the sensation of the mystical..." - Albert Einstein
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: November 22, 2011, 08:19:30 AM »

Bomps - are you using this to essentially come inward, towards another one of your servers like a reverse proxy, or are you surfing the net via this machine like a f'reals outbound proxy?
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Bompa
Administrator
Lifer
*****
Offline Offline

Posts: 564


Where does this show?


View Profile
« Reply #2 on: November 22, 2011, 03:33:51 PM »

The latter. I put the IP into my browser settings and surf anonymously.


The apache docs call this a forward proxy.

« Last Edit: November 22, 2011, 03:35:43 PM by Bompa » Logged

"The most beautiful and profound emotion we can experience is the sensation of the mystical..." - Albert Einstein
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: November 22, 2011, 03:39:46 PM »

Ah.

The problem is that you'll only have one default gateway for your local network stack ... not the upstream gateway, but the first address on your machine. In other words, although requests may come in on any number of addresses your machine has on it, it will send requests on of it's primary one. There's a way of doing it, but unfortunately the guy I would go to passed away a little bit ago, so I am without resource there. I tried to get Apache to simply send responses on the IP that they came in on, mimicking many machines, rather than one with lots of addresses. Fought with it for a long time and finally conceded.

Even if you change the * to your "listening" address, requests will be sent out the root address of the machine.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Bompa
Administrator
Lifer
*****
Offline Offline

Posts: 564


Where does this show?


View Profile
« Reply #4 on: November 22, 2011, 11:45:54 PM »

Thanks for taking the time perk.

You're probably right about mod_proxy. The odd thing is I can bind my
perl code to any IP on my machine with this one line:

@LWP::Protocol::http::EXTRA_SOCK_OPTS = (LocalAddr => 'xxx.xxx.xxx.xxx');

So, if perl can do it...

Anyways, the reason I wanted to use mod_proxy was that it looked so
simple, just a few lines of code in httpd.conf and good to go, plus I was
hoping that it would be undetectable, but I'm not sure about that.

My challenge is that some hosts are employing proxy-detection techniques
on incoming IPs. Sometimes banning or refusing a connection, sometimes
putting the proxied IP on a lower service priority.  Not long ago, I did not
know it was possible to detect proxies, except for open public proxies.

It makes sense too doesn't it?  Like if you have something that 100,000
spammers want to scrape daily lol, not much bandwidth left for your real
visitors.  Also, a site like CL where the spammers and scammers want to
place their ad in all 50 states, renting proxies all around the country
won't help, they are all detectable.

So, squid and other proxy software will not cut the mustard as they are
very easily detected, (unless heavily modified which is probably over my skill set).

I will have to write my own perl proxy. I have seen a few perl proxies
already written so I can look at those. Then figure out how to make
sure it's not detectable.

thanks again,
Bomps




Logged

"The most beautiful and profound emotion we can experience is the sensation of the mystical..." - Albert Einstein
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #5 on: November 23, 2011, 09:31:17 AM »

A PIA, I agree. The binding you show is similar to the way I've seen it done in other things as well.

I think, given what you're probably up to, a custom proxy is your best bet. And changing signatures often wouldn't be a bad plan.

Good luck mate.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!