We have a a typical setup where a public web site server has a proxy running so that users can reach a lan web server. The problem is that users can access the proxy links directly while we need them to not be allowed to reach them unless they are logged into the public server.
We need two things.
1: A way to prevent direct access to the proxied server, perhaps by using some form of authentication on that server which prevents direct connections, allowing them only when initiated from the public web server.
2: Setting an expiring cookie from the public web server which terminates after X amount of time based on an idle session.
The point again is that users should never have direct access to the proxied server unless they have logged into the public web site and clicked on a link which gives them the required cookie and initiates the connection to the private server.
The servers are Centos7.
Again, need alternative to haproxy.
There is no remote access available, your task will be mainly to consult us using chat.
3 freelancers are bidding on average $102 for this job
Hi. Apache works fine as a reverse proxy and have some nice modules for form based authentication(mod_auth_form) and session handling(mod_session). I did something very similar last year, I'm sure I can help you.