3. Need help setting up apache/modsecurity reverse proxy - 403 forbidden?

Need help setting up apache/modsecurity reverse proxy - 403 forbidden?

  • T

    Hello all,

    I have installed the Apache with mod_security-dev package on my pfsense machine, and I'm trying to set it up as a reverse proxy to protect a web server. However, I could not find any documentation on how to set it up. I spent hours trying various settings, but so far I've only been able to get it to return "403 forbidden".

    Here's the setup I had BEFORE I installed the apache reverse proxy (which worked fine):

    The web server is connected to the LAN, with IP address 192.168.0.9. I want the web server to use the same public IP address as the pfSense machine, so I disabled webConfigurator on port 80. Then, I added a port forwarding rule to forward inbound port 80 on the WAN ip to 192.168.0.9, and a corresponding firewall rule was automatically added allowing traffic to 192.168.0.9 on port 80. In my DNS, I added a subdomain webserver.domain.com pointing to my pfSense WAN IP, and I was able to access http://webserver.domain.com as expected.

    Here's what I've tried doing to set up the reverse proxy:
    Presumably I don't need the port forwarding rule anymore, since the pfSense machine will be serving the website to visitors, so I removed the port forward rule and the firewall rule. Then, I added a new firewall rule allowing traffic to my WAN IP on port 80.

    Here are my apache reverse proxy settings:
    Daemon options tab:
    Global site E-mail administrator: default email address
    Server hostname: pfSense default hostname
    Default Bind to IP Address: WAN address
    Default Bind to port: 80
    All other boxes are empty.
    Backends/Balancers
    I have a single entry with the following settings:
    Enable: checked
    Balancer name: webserver
    Description: none
    Protocol: HTTP
    Internal servers:
    FDQN or IP        Port      Route ID      Weight      Ping
    192.168.0.9        80          1                    1
    (I really had no idea what to put in the internal servers section so I wouldn't be surprised if it's wrong)
    Locations tab:
    I have one entry with the following settings:
    Identifier: webserver
    gzip: yes
    Site path: /
    Balancer: webserver
    LB Method: byrequests
    Backend path: /
    ModSecurity: base
    Manipulations: blank
    Balancer options: blank
    Virtual Hosts tab:
    I have one entry with the following settings:
    Enable: checked
    Protocol: HTTP
    Server name: webserver.domain.com
    Inbound Interface: WAN address
    Port: 80
    Email address: blank
    Description: blank
    Location: webserver

    But like I said, I keep getting 403 forbidden when I try to visit the site. What am I doing wrong? I feel like I'm pretty close, but some minor setting is preventing it from working.

    This is the error that shows up in the apache error log:

    Client address: [my-ip] client denied by server configuration: /usr/pbi/proxy_mod_security-amd64/www/apache22
    0
  • C

    Hi, i have the same issue

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy