Get A Low Power Unit

Author Topic: Need help setting up apache/modsecurity reverse proxy - 403 forbidden?  (Read 1798 times)

0 Members and 2 Guests are viewing this topic.

Offline tlng55

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Hello all,

I have installed the Apache with mod_security-dev package on my pfsense machine, and I'm trying to set it up as a reverse proxy to protect a web server. However, I could not find any documentation on how to set it up. I spent hours trying various settings, but so far I've only been able to get it to return "403 forbidden".

Here's the setup I had BEFORE I installed the apache reverse proxy (which worked fine):

The web server is connected to the LAN, with IP address I want the web server to use the same public IP address as the pfSense machine, so I disabled webConfigurator on port 80. Then, I added a port forwarding rule to forward inbound port 80 on the WAN ip to, and a corresponding firewall rule was automatically added allowing traffic to on port 80. In my DNS, I added a subdomain pointing to my pfSense WAN IP, and I was able to access as expected.

Here's what I've tried doing to set up the reverse proxy:
Presumably I don't need the port forwarding rule anymore, since the pfSense machine will be serving the website to visitors, so I removed the port forward rule and the firewall rule. Then, I added a new firewall rule allowing traffic to my WAN IP on port 80.

Here are my apache reverse proxy settings:
Daemon options tab:
Global site E-mail administrator: default email address
Server hostname: pfSense default hostname
Default Bind to IP Address: WAN address
Default Bind to port: 80
All other boxes are empty.
I have a single entry with the following settings:
Enable: checked
Balancer name: webserver
Description: none
Protocol: HTTP
Internal servers:
FDQN or IP         Port       Route ID       Weight      Ping        80          1                     1
(I really had no idea what to put in the internal servers section so I wouldn't be surprised if it's wrong)
Locations tab:
I have one entry with the following settings:
Identifier: webserver
gzip: yes
Site path: /
Balancer: webserver
LB Method: byrequests
Backend path: /
ModSecurity: base
Manipulations: blank
Balancer options: blank
Virtual Hosts tab:
I have one entry with the following settings:
Enable: checked
Protocol: HTTP
Server name:
Inbound Interface: WAN address
Port: 80
Email address: blank
Description: blank
Location: webserver

But like I said, I keep getting 403 forbidden when I try to visit the site. What am I doing wrong? I feel like I'm pretty close, but some minor setting is preventing it from working.

This is the error that shows up in the apache error log:
Code: [Select]
Client address: [my-ip] client denied by server configuration: /usr/pbi/proxy_mod_security-amd64/www/apache22
« Last Edit: January 01, 2015, 08:33:47 pm by tlng55 »

Offline cmenghi

  • Newbie
  • *
  • Posts: 24
  • Karma: +0/-0
    • View Profile
Re: Need help setting up apache/modsecurity reverse proxy - 403 forbidden?
« Reply #1 on: September 08, 2015, 06:47:11 am »
Hi, i have the same issue