I maintain a website with apache at port 80 and jboss at 8080. Additionally, I have a wordpress blog served directly from apache. So all requests to www.mysite.com/blog gets served by apache and all requests to www.mysite.com/ gets served by jboss. To enable this, I defined the following proxypass setting.
<VirtualHost *:80>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /blog !
ProxyPass / http://localhost:8080/index.jsp retry=0
ProxyPassReverse / http://localhost:8080/index.jsp
ProxyPreserveHost on
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
Are these settings safe ? I was reading the apache documentation and they mentioned that
Warning Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
So I was not sure what else I need to do to make these settings safe,
ProxyRequests is it's own command - it allows arbitary proxy connects so the client can issue something like GET http://evil.com/something.html - you should be ok with ProxyPass..