Configure HTTP Reverse Proxy Server with Caching Using CentOS VM.
Install http on CentOS VM
#yum install httpd
Enable http/https on firewall
- Execute the following commands on the virtual machine:
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload
# firewall-cmd --list-all
Add reverse http proxy with caching
- Execute the following commands on the virtual machine:
Creat and edit file /etc/httpd/conf.d/default-site.conf
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://192.168.10.88/
ProxyPassReverse / http://192.168.10.88/
CacheQuickHandler off
CacheLock on
CacheLockPath /tmp/mod_cache-lock
CacheLockMaxAge 5
CacheIgnoreHeaders Set-Cookie
<Location />
CacheEnable disk
CacheHeader on
CacheDefaultExpire 600
CacheMaxExpire 86400
CacheLastModifiedFactor 0.5
ExpiresActive on
ExpiresDefault "access plus 5 minutes"
Header merge Cache-Control public
FileETag All
</Location>
</VirtualHost>
Enable Cache:
# mkdir -p /etc/systemd/system/httpd.service.requires
# ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires
Edit and add the following lines to file /etc/httpd/conf/httpd.conf
CacheRoot /var/cache/httpd/proxy
CacheDirLevels 2
CacheDirLength 1
Check Apache config:
Run the following command to test the cache server:
# apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Restart server:
# systemctl restart httpd
Test the reverse http proxy
$ curl http://192.168.10.131
You should get the same output:
<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>
At the same time, run tshark on the host of the victim machine, you will see that the reverse proxy are not redirect every query to the victim's website.