My webhost
is a solaris server has many IP addresses a few are listed below.
$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ipmp0: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.6 netmask ffffff00 broadcast 10.61.5.255
groupname ipmp0
ipmp0:1: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.142 netmask ffffff00 broadcast 10.61.5.255
ipmp0:2: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.143 netmask ffffff00 broadcast 10.61.5.255
ipmp0:3: flags=108001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,IPMP,PHYSRUNNING> mtu 1500 index 2
inet 10.61.15.144 netmask ffffff00 broadcast 10.61.5.255
.....
I have an apache instance on webhost that acts as proxy and forwards the request to remotehost
port 11130
The issue is that the firewall team as allowed connectivity only from this source IP 10.61.15.6
on webhost
to destination remotehost
port 11130
When i hit the remote application using apache frontend URL
https://mywebhost.mybank.com/remote/health.ping
It works only when the apache soure IP is 10.61.15.6
as the firewall is open and it fails if i keep retrying (refreshing) as the apache httpd source IP changes to others like 10.61.15.142
How can i enforce that the apache httpd https port 443 source IP is always 10.61.15.6
when it connects to any remote host port?
Apache httpd documentation is generally thorough, but you have to know your way around. It's organised by module, so in this case we want the page for mod_proxy.
Looking down that page, I believe the directive you are looking for is "ProxySourceAddress":
Set local IP address for outgoing proxy connections
...
This directive allows to set a specific local address to bind to when connecting to a backend server.
So within your top-level httpd.conf or a <VirtualHost>
block, you would write this:
ProxySourceAddress 10.61.15.6