Interface for Reverse Proxy {now $500}

  • All,
    I've seen posts on here saying reverse proxy can be configured through LightPPD.

    However, it would appear there is no UI for this.

    Anyone interested in this?

    Ideally it would allow you to specify an interface (i.e. WAN), a destination IP Address, and a protocol (i.e. HTTP or HTTPS).

    It would need to support authentication on the webservers (i.e. when Outlook WebMail pops up a dialog client side)

    Plus other stuff I've probably not thought of :)


  • Please add a pricetag for that feature. Witout a pricetag it's not a bounty and doesn't belog here.

  • Hoba,
    I read the forum guidelines, and as I didn't have a price in mind, I didn't list one.  Is my understanding incorrect?

    I've quoted from the guidelines below

    Here you can start a thread requesting a specific feature for a given amount of money. If you don't have a price in mind or aren't sure of the level of effort required for your desired feature, you can make a post without a specific price. Typically bounties are posted in US Dollars, but you can post in any currency you desire. Please be specific about the functionality you desire.


  • Ok, it's sit and wait then  ;)

  • Hoba,
    I had to chuckle about this.  If I'm adhering to forum rules, then what was the point of your original response?  I assume that as an administrator you know the rules to the various forums? :) :) :)

    I'm curious to see what it would take someone to build this, and then work towards raising the funds


  • No offense, just ignore me  ;)

  • Hehe.. not that anyone DOES seem interested.

    I would have thought this was a fairly straightforward mod for someone with the right skills?

  • Typically someone with the right skills is able to charge a premium for those skills.  Also, those people tend to have their time pretty heavily in demand.  You'll notice that the spamd project has a bounty of $1000 just to fix the existing package.  In terms of complexity, the spamd package is probably similar to creating a Varnish package, so its not a simply, easy-to-implement job like you might believe.  Although many of us believe that Varnish is a superior piece of software, I doubt you'll find many people interested in doing the work without a set dollar amount and a very complete and detailed specification for what the project would look like.

  • Sumicron,
    all good comments with one exception - I never assumed that this was easy.

    I'll consider placing a $$ value on this bounty and see what happens


  • Want a killer feature that no one but f5 and Secure Computing (that I can find) are offering?

    Do a reverse proxy with Apache and integrate it with mod_security.  This allows for intrusion detection on HTTPS, which Snort can't do.

    This is a requirement  for PCI (Credit Card Industry Regulations) that many people would be interested in.

    I'd offer a bounty but I don't have the time to wait on it since the deadline is 6/30.

  • Varnish would be a better solution IMHO.

  • Another option for reverse proxy is Nginx. It is a very fast web server running many large Russian websites. It can also be a proxy server.  Below are some of my notes I have been collecting about Nginx. License is a BSD style license.

    HTTP Server and Reverse Proxy


    Reverse Proxy Example Config (can be used for load balancing, add https to web sites)


    I'm not sure which is better Varnish or Nginx just wanted to share another BSD licensed tool that could provide this functionality.

  • I would be willing to kick in $500 for Apache mod_proxy, mod_rewrite, plus mod_security to use as a Web Application Firewall (WAF).  It would need the ability to terminate the SSL/HTTPS on the firewall so that http traffic could be process by mod_security.  I think there is a great SSL proxy app called "Pound" available that does SSL Proxy.

    Let me know if this is doable.


  • Sorry for the possible stupid question, but im assuming anyone can grab up a bounty? If thats the case, I may be interested in this project =]

    I am currently working with pfsense in a test environment to try to replace our current setup at work.

    Now as far as questions about the bounty, I'm assuming you would want this proxy to work with different back-end servers. i.e. :

    Use pfsense as central WAF (web appliance firewall) that would check content, and if ok pass on to appropriate site. Im assuming this would be configured through pfsense, i.e. point site1 to .10 ip, site2 .11 and site3 .12.

    Let me know if that makes sense!