How to configure firewalld (or polarproxy) as reverse proxy for one domain

AlexEv1337

Member
Joined
Dec 20, 2020
Messages
35
Reaction score
3
Credits
395
Hi, I want to configure firewalld (sorry no need additional proxy as apache, nginx or squid, I need configure redirect by firewalld or my existing reversy proxy). I have running reverse proxy polarproxy in machine 192.168.0.106 (192.168.0.1/24).

I want to redirect all inbound request to domain xxxxxx.com from proxy-machine to machine 192.168.0.102 (where working local clone xxxxxx.com, this site use not only port 80). Any other request to other domain need to going free to gateway of this network 192.168.0.1 and to inet.

What firewalld command I need? Or maybe config of polarproxy support this rules?
 


You can do that by configuring masquerading with firewalld since you know the source and can find out the destination by doing a lookup of the domain(s).
 
Last edited:
Thank. But I need masquerading only for one domain. I don't understand how to do it. Usually masquerading is use as show another IP (in my opinion), maybe this is shallow view. Maybe I don't understand...
Common idea is debugging project worked with strong cryptography. I don't see what exactly request send my frontend to backend. TSL 1.2 is mandatory for this project (domain name and certificates processing manually in frontend and this is huge part of code and this code impossible to comment). Therefore I have selected polarproxy to decrypt request from fronend to backend. I have this backend locally and machine with polarproxy in the middle between backend and frontend. But I can not tune redirect all request from this domain to my local server.
 
I have no idea what you are trying to accomplish but here's an idea and I have never heard of polar proxy. Why don't you setup a proxy server which your clients machines use to access the internet. You can then see to what domains your clients are making requests to and then if it matches you can configure your proxy server to forward the client's request to that polar proxy where you can then decrypt the traffic or whatever. Isn't it just easier to have a proxy setup and automatically retrieve a list of domains that are known to serve malware and have those domains blacklisted in your proxy configuration.
 

Members online


Top