User 999 0 Posted May 27, 2022 Share Posted May 27, 2022 Hello together, I'm new to ESET Protect and I'm having problems to configure the Apache HTTP proxy from ESET for our remote client (without vpn access). We are using ESET Protect Management server v9 on premises. The ESET Endpoint Security client policy includes the external FQDN example.com port 3128 as proxy and has checked the "use direct connection if proxy is unavailable option". We are using a Windows 2022 server in our DMZ and have installed the Apache HTTP proxy with the ESET installer program. The proxy should now forward the requests from the remote clients to the internal EPMS. The standard config of the httpd.conf seems to be not for action as a reverse proxy and so we found this https://help.eset.com/protect_install/90/en-US/http_proxy_installation_linux.html, but which is just a beginning. Our current httpd.conf looks like this, but the Apache log shows errors: #Configuration Listen 3128 LoadModule access_compat_module modules/mod_access_compat.dll LoadModule auth_basic_module modules/mod_auth_basic.dll LoadModule authn_core_module modules/mod_authn_core.dll LoadModule authn_file_module modules/mod_authn_file.dll LoadModule authz_core_module modules/mod_authz_core.dll LoadModule authz_groupfile_module modules/mod_authz_groupfile.dll LoadModule authz_host_module modules/mod_authz_host.dll LoadModule env_module modules/mod_env.dll LoadModule alias_module ..\modules\mod_alias.dll LoadModule ssl_module ..\modules\mod_ssl.dll LoadModule headers_module ..\modules\mod_headers.dll LoadModule proxy_module ..\modules\mod_proxy.dll LoadModule proxy_http_module ..\modules\mod_proxy_http.dll LoadModule proxy_connect_module ..\modules\mod_proxy_connect.dll LoadModule cache_module ..\modules\mod_cache.dll LoadModule cache_disk_module ..\modules\mod_cache_disk.dll <Directory /> AllowOverride none Require all denied </Directory> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error.log" LogLevel warn SSLRandomSeed startup builtin SSLRandomSeed connect builtin CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 500000000 CacheMaxExpire 604800 CacheQuickHandler Off ProxyRequests Off ProxyVia On ThreadLimit 1500 ThreadsPerChild 1500 CacheLock on CacheLockMaxAge 10 ProxyTimeOut 900 MergeSlashes OFF <Proxy *> Order deny,allow Deny from all Allow from all </Proxy> SetEnv proxy-initial-not-pooled 1 #Following 4 settings disable some performance optimizations, in order to avoid situation when service is running, but does not respond to any request on computers with specific configuration. #Comment out lines in order to improve performance, but test it first in non production environment. AcceptFilter https none AcceptFilter http none EnableSendfile Off EnableMMAP off <VirtualHost *:3128> ProxyRequests On </VirtualHost> <VirtualHost *:3128> ProxyRequests Off CacheEnable disk / SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off ProxyPreserveHost off ServerName example.com:3128 ProxyPass / https://internalservername.domain:2222 ProxyPassReverse / https://internalservername.domain:2222 </VirtualHost> AllowCONNECT 2222 8883 53535 # # revalidation setting for update.ver <FilesMatch "\.ver$"> Header set Cache-Control "max-age=14400, no-cache, must-revalidate" </FilesMatch> #Configuration written Apache errors: [Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n configured -- resuming normal operations [Fri May 27 07:10:43.545726 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00456: Server built: Mar 21 2022 09:33:11 [Fri May 27 07:10:43.545726 2022] [core:notice] [pid 1232:tid 468] AH00094: Command line: 'C:\\Program Files\\Apache HTTP Proxy 2.4.53\\bin\\httpd.exe -d C:/Program Files/Apache HTTP Proxy 2.4.53' [Fri May 27 07:10:44.061350 2022] [mpm_winnt:notice] [pid 1232:tid 468] AH00418: Parent: Created child process 2828 AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message [Fri May 27 07:10:46.311350 2022] [ssl:warn] [pid 2828:tid 484] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] [Fri May 27 07:10:46.561350 2022] [mpm_winnt:notice] [pid 2828:tid 484] AH00354: Child: Starting 1500 worker threads. [Fri May 27 07:15:02.103200 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57816] AH01102: error reading status line from remote server EPMSinternal.domain:2222 [Fri May 27 07:15:02.103385 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57816] AH00898: Error reading from remote server returned by / [Fri May 27 07:15:03.132224 2022] [proxy_http:error] [pid 2828:tid 12804] (70014)End of file found: [client client-ip:57818] AH01102: error reading status line from remote server EPMSinternal.domain:2222 [Fri May 27 07:15:03.132224 2022] [proxy:error] [pid 2828:tid 12804] [client client-ip:57818] AH00898: Error reading from remote server returned by / Is there an offical guide for configurating the Apache HTTP proxy for this purpose?: https://support.eset.com/en/kb7916-advanced-scenarios-for-apache-http-proxy-with-eset-protect#dmz Link to comment Share on other sites More sharing options...
hari.senen 3 Posted May 27, 2022 Share Posted May 27, 2022 change ProxyPass / https://internalservername.domain:2222 ProxyPassReverse / https://internalservername.domain:2222 to ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=100 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On use proxy remote when you want to forward request from branch site to main site change from <VirtualHost *:3128> ProxyRequests On </VirtualHost> to <VirtualHost *:3128> ProxyRequests On ProxyRemote * hxxp://YOUR_MAIN_IP_ESET_PROXY_OR_WEB_PROXY:3128 </VirtualHost> Link to comment Share on other sites More sharing options...
User 999 0 Posted May 27, 2022 Author Share Posted May 27, 2022 Many Thanks. The errors from this morning are gone for now. By the way I changed your suggestion for ProxyRemote * hxxp://YOUR_MAIN_IP_ESET_PROXY_OR_WEB_PROXY:3128 to ProxyRemote * hxxp://internalESETProtectMgmtServer.domain:2222 because we don't have a second proxy or do I understand something wrong? So the current httpd.conf file looks like this: #<VirtualHost *:3128> ProxyRequests On ProxyRemote * hxxp://internalESETProtectMgmtServer.domain:2222 #</VirtualHost> <VirtualHost *:3128> ProxyRequests On ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=100 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On LogLevel error </VirtualHost> However, the remote test client still cannot replicate to the internal EPMS. Any idea? Our concept looks like this: Link to comment Share on other sites More sharing options...
hari.senen 3 Posted May 31, 2022 Share Posted May 31, 2022 remove this command ProxyRemote * hxxp://internalESETProtectMgmtServer.domain:2222 since it's DMZ setup then you must forward port from you firewall network Link to comment Share on other sites More sharing options...
Solution User 999 0 Posted June 3, 2022 Author Solution Share Posted June 3, 2022 Hello together, I found a solution for the issue. I restored the orignal httpd.conf from installation archive and followed this help ESET help article: https://help.eset.com/protect_install/90/en-US/apache_configuration.html#s-configuration-of-apache-http-proxy-for-replication-agent-server Link to comment Share on other sites More sharing options...
Recommended Posts