Jump to content

User 999

Members
  • Posts

    3
  • Joined

  • Last visited

Posts posted by User 999

  1. Many Thanks. The errors from this morning are gone for now.

    By the way I changed your suggestion for

    ProxyRemote * hxxp://YOUR_MAIN_IP_ESET_PROXY_OR_WEB_PROXY:3128

    to

    ProxyRemote * hxxp://internalESETProtectMgmtServer.domain:2222

    because we don't have a second proxy or do I understand something wrong? So the current httpd.conf file looks like this:

    #<VirtualHost *:3128>
    	ProxyRequests On
    	ProxyRemote * hxxp://internalESETProtectMgmtServer.domain:2222
    #</VirtualHost>
    
    <VirtualHost *:3128>
        	ProxyRequests On
    	
    	ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=100 smax=10
    	ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On
    
    	LogLevel error
    	
    
    </VirtualHost>

     

    However, the remote test client still cannot replicate to the internal EPMS. Any idea? Our concept looks like this:

    KB7916FIg3-1.png

     

     

  2. Hello together,

    I'm new to ESET Protect and I'm having problems to configure the Apache HTTP proxy from ESET for our remote client (without vpn access). We are using ESET Protect Management server v9 on premises. The ESET Endpoint Security client policy includes the external FQDN example.com port 3128 as proxy and has checked the "use direct connection if proxy is unavailable option".

    We are using a Windows 2022 server in our DMZ and have installed the Apache HTTP proxy with the ESET installer program. The proxy should now forward the requests from the remote clients to the internal EPMS.

    The standard config of the httpd.conf seems to be not for action as a reverse proxy and so we found this https://help.eset.com/protect_install/90/en-US/http_proxy_installation_linux.html, but which is just a beginning.

    Our current httpd.conf looks like this, but the Apache log shows errors:


     

    #Configuration
    
    Listen 3128
    
    LoadModule access_compat_module modules/mod_access_compat.dll
    LoadModule auth_basic_module modules/mod_auth_basic.dll
    LoadModule authn_core_module modules/mod_authn_core.dll
    LoadModule authn_file_module modules/mod_authn_file.dll
    LoadModule authz_core_module modules/mod_authz_core.dll
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.dll
    LoadModule authz_host_module modules/mod_authz_host.dll
    LoadModule env_module modules/mod_env.dll
    LoadModule alias_module ..\modules\mod_alias.dll
    LoadModule ssl_module ..\modules\mod_ssl.dll
    LoadModule headers_module ..\modules\mod_headers.dll
    LoadModule proxy_module ..\modules\mod_proxy.dll
    LoadModule proxy_http_module  ..\modules\mod_proxy_http.dll
    LoadModule proxy_connect_module ..\modules\mod_proxy_connect.dll
    LoadModule cache_module ..\modules\mod_cache.dll
    LoadModule cache_disk_module ..\modules\mod_cache_disk.dll
    
    
    <Directory />
        AllowOverride none
        Require all denied
    </Directory>
    
    
    <Files ".ht*">
        Require all denied
    </Files>
    
    ErrorLog "logs/error.log"
    
    LogLevel warn
    
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    
    
    CacheEnable disk hxxp://
    CacheDirLevels 4
    CacheDirLength 2
    CacheDefaultExpire 3600
    CacheMaxFileSize 500000000
    CacheMaxExpire 604800
    CacheQuickHandler Off
    
    
    ProxyRequests Off
    ProxyVia On
    
    ThreadLimit 1500
    ThreadsPerChild 1500
    CacheLock on
    CacheLockMaxAge 10
    ProxyTimeOut 900
    
    MergeSlashes OFF
    
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
    </Proxy>
    
    
    SetEnv proxy-initial-not-pooled 1
    
    
    #Following 4 settings disable some performance optimizations, in order to avoid situation when service is running, but does not respond to any request on computers with specific configuration.
    #Comment out lines in order to improve performance, but test it first in non production environment.
    
    AcceptFilter https none
    AcceptFilter http none
    EnableSendfile Off
    EnableMMAP off
    
    
    <VirtualHost *:3128>
        ProxyRequests On
    </VirtualHost>
    
    <VirtualHost *:3128>
            ProxyRequests Off
            CacheEnable disk /
            SSLProxyEngine On
            SSLProxyVerify none
            SSLProxyCheckPeerCN off
            SSLProxyCheckPeerName off
            ProxyPreserveHost off
            
            ServerName example.com:3128
    
            ProxyPass / https://internalservername.domain:2222
            ProxyPassReverse / https://internalservername.domain:2222
    </VirtualHost>
    AllowCONNECT 2222 8883 53535
    
    
    # # revalidation setting for update.ver
    <FilesMatch "\.ver$">
        Header set Cache-Control "max-age=14400, no-cache, must-revalidate"
    </FilesMatch>
    
    #Configuration written

     

    Apache errors:

    [Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n configured -- resuming normal operations
    [Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00456: Server built: Mar 21 2022 09:33:11
    [Fri May 27 07:10:43.545726 2022] [core:notice] [pid 1232:tid 468] AH00094: Command line: 'C:\\Program Files\\Apache HTTP Proxy 2.4.53\\bin\\httpd.exe -d C:/Program Files/Apache HTTP Proxy 2.4.53'
    [Fri May 27 07:10:44.061350 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00418: Parent: Created child process 2828
    AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    [Fri May 27 07:10:46.311350 2022] [ssl:warn] [pid 2828:tid 484] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Fri May 27 07:10:46.561350 2022] [mpm_winnt:notice] [pid 2828:tid 484] AH00354: Child: Starting 1500 worker threads.
    [Fri May 27 07:15:02.103200 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57816] AH01102: error reading status line from remote server EPMSinternal.domain:2222
    [Fri May 27 07:15:02.103385 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57816] AH00898: Error reading from remote server returned by /
    [Fri May 27 07:15:03.132224 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57818] AH01102: error reading status line from remote server EPMSinternal.domain:2222
    [Fri May 27 07:15:03.132224 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57818] AH00898: Error reading from remote server returned by /

     

    Is there an offical guide for configurating the Apache HTTP proxy for this purpose?: https://support.eset.com/en/kb7916-advanced-scenarios-for-apache-http-proxy-with-eset-protect#dmz

     

     

×
×
  • Create New...