Configure HTTP Reverse Proxy Server with Caching Using CentOS VM.

Enable http/https on firewall

  • Execute the following commands on the virtual machine:
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload
# firewall-cmd --list-all

Add reverse http proxy with caching

  • Execute the following commands on the virtual machine:

Creat and edit file /etc/httpd/conf.d/default-site.conf

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://192.168.10.88/
    ProxyPassReverse / http://192.168.10.88/

    CacheQuickHandler off

    CacheLock on
    CacheLockPath /tmp/mod_cache-lock
    CacheLockMaxAge 5

    CacheIgnoreHeaders Set-Cookie

    <Location />
        CacheEnable disk
        CacheHeader on

        CacheDefaultExpire 600
        CacheMaxExpire 86400
        CacheLastModifiedFactor 0.5

        ExpiresActive on
        ExpiresDefault "access plus 5 minutes"

        Header merge Cache-Control public
        FileETag All
    </Location>
</VirtualHost>

Enable Cache:

# mkdir -p /etc/systemd/system/httpd.service.requires
# ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires

Edit and add the following lines to file /etc/httpd/conf/httpd.conf

CacheRoot /var/cache/httpd/proxy
CacheDirLevels 2
CacheDirLength 1

Check Apache config:

Run the following command to test the cache server:

# apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Restart server:

# systemctl restart httpd

Test the reverse http proxy

$ curl http://192.168.10.131

You should get the same output:

<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>

                _                  _       _ _        _     _      ____
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | |  __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
                            |_|


Warning: Never expose this VM to an untrusted network!

Contact: msfdev[at]metasploit.com

Login with msfadmin/msfadmin to get started


</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>

At the same time, run tshark on the host of the victim machine, you will see that the reverse proxy are not redirect every query to the victim's website.

results matching ""

    No results matching ""