In Reverse Proxy mode, the proxy directs incoming requests from other servers to the client without providing the origin details. To set up a reverse proxy using the Barracuda NG Firewall, configure the listening port and reverse proxy settings.
In this article:
Before You Begin
To set up a reverse proxy, first complete the following:
- Install the Barracuda NG Firewall hotfix 521 on your system.
- Verify that you activated the HTTP Proxy service in reverse proxy mode. For instructions, see How to Set Up and Configure the HTTP Proxy.
Configure the Listening Port
In the settings for the HTTP Proxy, use TCP listening port 80.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > HTTP Proxy > HTTP Proxy Settings.
- In the left menu, select IP Configuration.
- Click Lock.
- In the TCP Listening Port field, enter
80
. Verify that you have port 80 available for your reverse proxy. - When you change the listening port, you must also change the port used in host firewall rule OP-SRV-PX. By default, the rule uses TCP 3128. If you want to use HTTP, change TCP 3128 to HTTP. If you want to use HTTP and HTTPS, change TCP 3128 to HTTP+S. For more information on configuring host firewall rules, see Host Firewall.
- Click Send Changes and Activate.
Configure Reverse Proxy Settings
To configure the reverse proxy settings:
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > HTTP Proxy > HTTP Proxy Settings.
- In the left menu, select Reverse Proxy Settings.
- Click Lock.
- Specify your Reverse Proxy Settings. For more information on these settings, see the following Reverse Proxy Settings section.
- Click Send Changes and Activate.
Reverse Proxy Settings
The following table provides more detailed descriptions of the Reverse Proxy Settings:
Setting | Description |
---|---|
Backend Web Site | The website that should be reversed respectively accelerated. If there is no host header, enter your primary domain (for example, mydomain.com). |
Use SSL | Select yes from the Use SSL list to provide HTTPS and HTTP support for the reverse proxy. Import your certificate and key by clicking Ex/Import for SSL Certificate and SSL Private Key. Switch to Advanced View and click on SSL Settings in the left menu to configure SSL cipher settings. When set to Disallow Weak Ciphers (default), the following cipherstring is used: !aNULL:ALL:!EXPORT:!LOW:!MEDIUM:!RC2:!3DES:!DSS:!SEED:!RC4:!PSK:@STRENGTH |
Backend IP Addresses | In this table, add the IP addresses of your back-end servers. You must add the IP address of at least one back-end server. |
Round Robin | Unless you want to use domain or URL-based mapping, you can enable round robin load balancing between multiple back-end servers by selecting yes from the Round Robin list. |
Additional Backend Domains | In this table, you can add additional domains for domain-based virtual hosts. |
Domain to Backend Mapping | To map either a domain or a specific URL to a back-end server, click +, enter a descriptive name for the map (for example, DOMA04), and click OK.
|