Hello together,
I'm new to ESET Protect and I'm having problems to configure the Apache HTTP proxy from ESET for our remote client (without vpn access). We are using ESET Protect Management server v9 on premises. The ESET Endpoint Security client policy includes the external FQDN example.com port 3128 as proxy and has checked the "use direct connection if proxy is unavailable option".
We are using a Windows 2022 server in our DMZ and have installed the Apache HTTP proxy with the ESET installer program. The proxy should now forward the requests from the remote clients to the internal EPMS.
The standard config of the httpd.conf seems to be not for action as a reverse proxy and so we found this https://help.eset.com/protect_install/90/en-US/http_proxy_installation_linux.html, but which is just a beginning.
Our current httpd.conf looks like this, but the Apache log shows errors:
#Configuration
Listen 3128
LoadModule access_compat_module modules/mod_access_compat.dll
LoadModule auth_basic_module modules/mod_auth_basic.dll
LoadModule authn_core_module modules/mod_authn_core.dll
LoadModule authn_file_module modules/mod_authn_file.dll
LoadModule authz_core_module modules/mod_authz_core.dll
LoadModule authz_groupfile_module modules/mod_authz_groupfile.dll
LoadModule authz_host_module modules/mod_authz_host.dll
LoadModule env_module modules/mod_env.dll
LoadModule alias_module ..\modules\mod_alias.dll
LoadModule ssl_module ..\modules\mod_ssl.dll
LoadModule headers_module ..\modules\mod_headers.dll
LoadModule proxy_module ..\modules\mod_proxy.dll
LoadModule proxy_http_module ..\modules\mod_proxy_http.dll
LoadModule proxy_connect_module ..\modules\mod_proxy_connect.dll
LoadModule cache_module ..\modules\mod_cache.dll
LoadModule cache_disk_module ..\modules\mod_cache_disk.dll
<Directory />
AllowOverride none
Require all denied
</Directory>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error.log"
LogLevel warn
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
CacheEnable disk hxxp://
CacheDirLevels 4
CacheDirLength 2
CacheDefaultExpire 3600
CacheMaxFileSize 500000000
CacheMaxExpire 604800
CacheQuickHandler Off
ProxyRequests Off
ProxyVia On
ThreadLimit 1500
ThreadsPerChild 1500
CacheLock on
CacheLockMaxAge 10
ProxyTimeOut 900
MergeSlashes OFF
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
SetEnv proxy-initial-not-pooled 1
#Following 4 settings disable some performance optimizations, in order to avoid situation when service is running, but does not respond to any request on computers with specific configuration.
#Comment out lines in order to improve performance, but test it first in non production environment.
AcceptFilter https none
AcceptFilter http none
EnableSendfile Off
EnableMMAP off
<VirtualHost *:3128>
ProxyRequests On
</VirtualHost>
<VirtualHost *:3128>
ProxyRequests Off
CacheEnable disk /
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPreserveHost off
ServerName example.com:3128
ProxyPass / https://internalservername.domain:2222
ProxyPassReverse / https://internalservername.domain:2222
</VirtualHost>
AllowCONNECT 2222 8883 53535
# # revalidation setting for update.ver
<FilesMatch "\.ver$">
Header set Cache-Control "max-age=14400, no-cache, must-revalidate"
</FilesMatch>
#Configuration written
Apache errors:
[Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n configured -- resuming normal operations
[Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00456: Server built: Mar 21 2022 09:33:11
[Fri May 27 07:10:43.545726 2022] [core:notice] [pid 1232:tid 468] AH00094: Command line: 'C:\\Program Files\\Apache HTTP Proxy 2.4.53\\bin\\httpd.exe -d C:/Program Files/Apache HTTP Proxy 2.4.53'
[Fri May 27 07:10:44.061350 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00418: Parent: Created child process 2828
AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
[Fri May 27 07:10:46.311350 2022] [ssl:warn] [pid 2828:tid 484] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 27 07:10:46.561350 2022] [mpm_winnt:notice] [pid 2828:tid 484] AH00354: Child: Starting 1500 worker threads.
[Fri May 27 07:15:02.103200 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57816] AH01102: error reading status line from remote server EPMSinternal.domain:2222
[Fri May 27 07:15:02.103385 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57816] AH00898: Error reading from remote server returned by /
[Fri May 27 07:15:03.132224 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57818] AH01102: error reading status line from remote server EPMSinternal.domain:2222
[Fri May 27 07:15:03.132224 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57818] AH00898: Error reading from remote server returned by /
Is there an offical guide for configurating the Apache HTTP proxy for this purpose?: https://support.eset.com/en/kb7916-advanced-scenarios-for-apache-http-proxy-with-eset-protect#dmz