Apache/PHP dynamic proxy?

I have an Apache server running on a Raspberry Pi (actually, Orange Pi, but it makes no difference). A VirtualHost is setup on a random port and this is opened in the router to allow access from the Internet (via a DDNS hostname).

When the index page is accessed (it being the only page on the server) it checks if a particular cookie is set and if it is, then it displays a link. This link is for an Arduino webserver that controls my electric gates. By having a VirtualHost proxy setup, I don't have to open this webserver on the router. For example:

# Public facing server
<VirtualHost *:55227>
	ServerName gate.example.com
	DocumentRoot "/var/www/html/public/"

ProxyRequests off
ProxyPreserveHost On

ProxyPass /gates http://192.168.0.229:48123/
ProxyPassReverse /gates http://192.168.0.229:48123/



</VirtualHost>

So if the cookie is valid, the following link will be displayed: gate.example.com:55227/gates?open=yes

However, if someone malicious got hold of the above link (and don't worry, I've changed the details :D) then the cookie security is worthless.

Is there any way to generate a unique, one time proxy in PHP on the fly or is there another way around this? The Arduino webserver is so basic that the security has to be done on the Pi server, or does it?

Aren't systems for making cookies secure very common?

It's a long time since I was playing with Ruby on Rails but I seem to remember that that was a very fundamental part of web programming.

...R

It's not about securing the cookie, per se, it's about allowing access to the Arduino server.

Not going to start learning another language, I struggle with the ones I already dabble in!

spandit:
Not going to start learning another language,

I didn't mean that you should learn another language. I'm sure the features of Rails can also be implemented with PHP - though perhaps with a little more effort.

...R

Robin2:
I didn't mean that you should learn another language. I'm sure the features of Rails can also be implemented with PHP - though perhaps with a little more effort.

...R

Ah, I see... I'll look up what advantages RonR has

spandit:
Ah, I see... I'll look up what advantages RonR has

That was not really what I meant. RoR will have a steep learning curve if you are coming from PHP - fine if you have other uses for RoR, but it would not make sense for one small project. If you can find a book called "Agile Web Development with Rails" it is worth a read - though it's a few years old now.

If you are interested in Ruby, but don't need the full Rails experience, I would suggest using the simpler Sinatra web framework.

More recently I have been using Python with the Bottle web framework. Together they are much the same as Ruby with Sinatra, Python has the advantage that it is more widely included with PC operating systems and is more familiar to people using Arduinos and RPis.

However it was when I was using RoR that I was aware of security stuff. I have not needed it for any of the recent stuff I have been doing so I have forgotten it all. I'm sure Google has a huge number of links for all web security issues.

...R

I've realised that the Arduino webserver isn't ever directly accessible from the outside world, only through the proxy directive. May be being too paranoid - it's not vital to protect from hackers. I doubt someone will be driving to my house and bothering to hack into the gate server.