如何指定本地IP作为apache的httpd源IP
How to specify a local IP as apache's httpd source IP
我的 webhost 是一个 solaris 服务器,有很多 IP 地址,下面列出了一些。
$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ipmp0: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.6 netmask ffffff00 broadcast 10.61.5.255
groupname ipmp0
ipmp0:1: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.142 netmask ffffff00 broadcast 10.61.5.255
ipmp0:2: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.143 netmask ffffff00 broadcast 10.61.5.255
ipmp0:3: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.144 netmask ffffff00 broadcast 10.61.5.255
.....
我在 webhost 上有一个 apache 实例充当代理并将请求转发到 remotehost 端口 11130
问题是防火墙团队只允许从 webhost 上的源 IP 10.61.15.6 连接到目标 remotehost 端口 11130
当我使用 apache 前端访问远程应用程序时 URL
https://mywebhost.mybank.com/remote/health.ping
它仅在 apache 源 IP 为 10.61.15.6 时有效,因为防火墙已打开,如果我继续重试(刷新)它会失败,因为 apache httpd 源 IP 更改为其他 IP,如 10.61.15.142
当 apache httpd https 端口 443 源 IP 连接到任何远程主机端口时,我如何强制它始终是 10.61.15.6?
Apache httpd 文档通常很详尽,但您必须了解自己的方法。它是按模块组织的,所以在本例中我们需要 the page for mod_proxy.
查看该页面,我相信您正在寻找的指令是 "ProxySourceAddress":
Set local IP address for outgoing proxy connections
...
This directive allows to set a specific local address to bind to when connecting to a backend server.
因此在您的顶级 httpd.conf 或 <VirtualHost> 块中,您可以这样写:
ProxySourceAddress 10.61.15.6
我的 webhost 是一个 solaris 服务器,有很多 IP 地址,下面列出了一些。
$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ipmp0: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.6 netmask ffffff00 broadcast 10.61.5.255
groupname ipmp0
ipmp0:1: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.142 netmask ffffff00 broadcast 10.61.5.255
ipmp0:2: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.143 netmask ffffff00 broadcast 10.61.5.255
ipmp0:3: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.144 netmask ffffff00 broadcast 10.61.5.255
.....
我在 webhost 上有一个 apache 实例充当代理并将请求转发到 remotehost 端口 11130
问题是防火墙团队只允许从 webhost 上的源 IP 10.61.15.6 连接到目标 remotehost 端口 11130
当我使用 apache 前端访问远程应用程序时 URL
https://mywebhost.mybank.com/remote/health.ping
它仅在 apache 源 IP 为 10.61.15.6 时有效,因为防火墙已打开,如果我继续重试(刷新)它会失败,因为 apache httpd 源 IP 更改为其他 IP,如 10.61.15.142
当 apache httpd https 端口 443 源 IP 连接到任何远程主机端口时,我如何强制它始终是 10.61.15.6?
Apache httpd 文档通常很详尽,但您必须了解自己的方法。它是按模块组织的,所以在本例中我们需要 the page for mod_proxy.
查看该页面,我相信您正在寻找的指令是 "ProxySourceAddress":
Set local IP address for outgoing proxy connections
...
This directive allows to set a specific local address to bind to when connecting to a backend server.
因此在您的顶级 httpd.conf 或 <VirtualHost> 块中,您可以这样写:
ProxySourceAddress 10.61.15.6