Re: mod_ssl & mod_proxy

This is a multi-part message in MIME format.
--------------0B177E02EC5F90F57CF072AA
Content-Type: multipart/alternative;
boundary="------------56BCAF3394A481CDDCA2E07E"


--------------56BCAF3394A481CDDCA2E07E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


--------------56BCAF3394A481CDDCA2E07E
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



oh my God

i have the exactly the same problem ...

the only diference is that my autentication is on Ldap directory in
the internal net

when a click on link

nothing hapen

only the loop

and the apache dont get a request

im sniffing the interfaces but the request dont send ok.

any people can help us ???

thanks

Alexandre

HMajidy wrote:

 

This
is to report a problem with Apache with mod_ssl and mod_proxy, and to request
the community?s help in resolving it. style="mso-spacerun: yes">

 <?xml:namespace
prefix = o ns = "" />

Objective:
The objective is to set up Apache as a reverse proxy, to receive encrypted
HTTPS traffic over the Internet and to convert it to HTTP and direct it
to a web server through a firewall.

Problem:
Apache seems to be redirecting traffic to the virtual hosts on the local
filesystem correctly, but mod_proxy does not seem to send requests to remote
URL (as specified by ProxyRemote directive below). SSL does display correct
certificate from requesting browser.

Troubleshooting
Steps Taken: Experimenting with the target URL (IP and hosname) and various
proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able
to establish that proxy is doing anything at all.

Apache
has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically
linked in modules.

Here?s
the system configuration:

Linux
version 2.2.16-22smp

gcc
version egcs-2.91.66

Server
version: Apache/1.3.27 (Unix)

Compiled-in
modules:

http_core.c

mod_env.c

mod_log_config.c

mod_mime.c

mod_negotiation.c

mod_status.c

mod_include.c

mod_autoindex.c

mod_dir.c

mod_cgi.c

mod_asis.c

mod_imap.c

mod_actions.c

mod_userdir.c

mod_alias.c

mod_access.c

mod_auth.c

mod_proxy.c

mod_setenvif.c

mod_ssl.c

OpenSSL
0.9.6g 9 August 2002

httpd.conf

AddModule
mod_proxy.c

<IfModule
mod_proxy.c>

ProxyRequests
off

NoCache
*

AllowCONNECT
443,80

<Directory
/>

style="mso-spacerun: yes">Order
Allow,Deny

style="mso-spacerun: yes">Allow
from All

</Directory>

ProxyRemote
*

</IfModule>

NameVirtualHost
*

Listen
*:443

<VirtualHost
_default_:443>

style="mso-spacerun: yes">SSLEngine
on

style="mso-spacerun: yes">ServerName
www.mydomain.com

style="mso-spacerun: yes">DocumentRoot
/usr/local/apache/htdocs

style="mso-spacerun: yes">ErrorLog
logs/443-error_log

</VirtualHost>

Listen
*:80

<VirtualHost
*:80>

ServerAdmin
hamid@mydomain.com

DocumentRoot
/usr/local/apache/www

ServerName
www1.mydomain.com

ErrorLog
logs/80-error_log

</VirtualHost>

Can
anyone see a conflict or omission in this configuration? Does anyone have
these two modules working together in a reverse proxy scenario? Any help
or suggestions would be appreciated.

Regards,

Hamid.

PS.
Please reply to
as well as to this list.

mod_ssl & mod_proxy

This is a multi-part message in MIME format.

------=_NextPart_000_008E_01C29C46.CCBD5880
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

This is to report a problem with Apache with mod_ssl and mod_proxy, and to
request the community’s help in resolving it.



Objective: The objective is to set up Apache as a reverse proxy, to receive
encrypted HTTPS traffic over the Internet and to convert it to HTTP and
direct it to a web server through a firewall.



Problem: Apache seems to be redirecting traffic to the virtual hosts on the
local filesystem correctly, but mod_proxy does not seem to send requests to
remote URL (as specified by ProxyRemote directive below). SSL does display
correct certificate from requesting browser.



Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.

Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.



Here’s the system configuration:

Linux version 2.2.16-22smp

gcc version egcs-2.91.66

Server version: Apache/1.3.27 (Unix)

Compiled-in modules:

http_core.c

mod_env.c

mod_log_config.c

mod_mime.c

mod_negotiation.c

mod_status.c

mod_include.c

mod_autoindex.c

mod_dir.c

mod_cgi.c

mod_asis.c

mod_imap.c

mod_actions.c

mod_userdir.c

mod_alias.c

mod_access.c

mod_auth.c

mod_proxy.c

mod_setenvif.c

mod_ssl.c

OpenSSL 0.9.6g 9 August 2002



httpd.conf

AddModule mod_proxy.c



ProxyRequests off

NoCache *

AllowCONNECT 443,80



Order Allow,Deny

Allow from All



ProxyRemote * http://1.2.3.4:85



NameVirtualHost *

Listen *:443



SSLEngine on

ServerName www.mydomain.com

DocumentRoot /usr/local/apache/htdocs

ErrorLog logs/443-error_log



Listen *:80



ServerAdmin hamid@mydomain.com

DocumentRoot /usr/local/apache/www

ServerName www1.mydomain.com

ErrorLog logs/80-error_log





Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.



Regards,

Hamid.



PS. Please reply to hmajidy@attbi.com as well as to this list.


------=_NextPart_000_008E_01C29C46.CCBD5880
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">

Re: mod_ssl & mod_proxy

Hello...



On Thu, 2002-12-05 at 10:12, HMajidy wrote:
> This is to report a problem with Apache with mod_ssl and mod_proxy,
> and to request the community’s help in resolving it.
>
>
>
> Objective: The objective is to set up Apache as a reverse proxy, to
> receive encrypted HTTPS traffic over the Internet and to convert it to
> HTTP and direct it to a web server through a firewall.
>

>From what I see, you don't have a proxypass directive, ala:


ProxyPass /foo http://cruella.pricegrabber.com/foo
ProxyPassReverse /foo http://cruella.pricegrabber.com/foo


>
>
> Problem: Apache seems to be redirecting traffic to the virtual hosts
> on the local filesystem correctly, but mod_proxy does not seem to send
> requests to remote URL (as specified by ProxyRemote directive below).
> SSL does display correct certificate from requesting browser.
>
>
>
> Troubleshooting Steps Taken: Experimenting with the target URL (IP and
> hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass)
> I have not been able to establish that proxy is doing anything at all.
>
> Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well
> as statically linked in modules.
>
>
>
> Here’s the system configuration:
>
> Linux version 2.2.16-22smp
>
> gcc version egcs-2.91.66
>
> Server version: Apache/1.3.27 (Unix)
>
> Compiled-in modules:
>
> http_core.c
>
> mod_env.c
>
> mod_log_config.c
>
> mod_mime.c
>
> mod_negotiation.c
>
> mod_status.c
>
> mod_include.c
>
> mod_autoindex.c
>
> mod_dir.c
>
> mod_cgi.c
>
> mod_asis.c
>
> mod_imap.c
>
> mod_actions.c
>
> mod_userdir.c
>
> mod_alias.c
>
> mod_access.c
>
> mod_auth.c
>
> mod_proxy.c
>
> mod_setenvif.c
>
> mod_ssl.c
>
> OpenSSL 0.9.6g 9 August 2002
>
>
>
> httpd.conf
>
> AddModule mod_proxy.c
>
>
>
> ProxyRequests off
>
> NoCache *
>
> AllowCONNECT 443,80
>
>
>
> Order Allow,Deny
>
> Allow from All
>
>
>
> ProxyRemote * http://1.2.3.4:85
>
>
>
> NameVirtualHost *
>
> Listen *:443
>
>
>
> SSLEngine on
>
> ServerName www.mydomain.com
>
> DocumentRoot /usr/local/apache/htdocs
>
> ErrorLog logs/443-error_log
>
>
>
> Listen *:80
>
>
>
> ServerAdmin hamid@mydomain.com
>
> DocumentRoot /usr/local/apache/www
>
> ServerName www1.mydomain.com
>
> ErrorLog logs/80-error_log
>
>
>
>
>
> Can anyone see a conflict or omission in this configuration? Does
> anyone have these two modules working together in a reverse proxy
> scenario? Any help or suggestions would be appreciated.
>
>
>
> Regards,
>
> Hamid.
>
>
>
> PS. Please reply to hmajidy@attbi.com as well as to this list.
--
Christopher McCrory
Pricegrabber

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod_ssl & mod_proxy

Thanks for your reply. The behavior is the same with ProxyPass and ProxyPassReverse instead of ProxyRemote.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Christopher McCrory
Sent: Thursday, December 05, 2002 10:29 AM
To: modssl-users@modssl.org
Subject: Re: mod_ssl & mod_proxy


Hello...



On Thu, 2002-12-05 at 10:12, HMajidy wrote:
> This is to report a problem with Apache with mod_ssl and mod_proxy,
> and to request the community’s help in resolving it.
>
>
>
> Objective: The objective is to set up Apache as a reverse proxy, to
> receive encrypted HTTPS traffic over the Internet and to convert it to
> HTTP and direct it to a web server through a firewall.
>

>From what I see, you don't have a proxypass directive, ala:


ProxyPass /foo http://cruella.pricegrabber.com/foo
ProxyPassReverse /foo http://cruella.pricegrabber.com/foo


>
>
> Problem: Apache seems to be redirecting traffic to the virtual hosts
> on the local filesystem correctly, but mod_proxy does not seem to send
> requests to remote URL (as specified by ProxyRemote directive below).
> SSL does display correct certificate from requesting browser.
>
>
>
> Troubleshooting Steps Taken: Experimenting with the target URL (IP and
> hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass)
> I have not been able to establish that proxy is doing anything at all.
>
> Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well
> as statically linked in modules.
>
>
>
> Here’s the system configuration:
>
> Linux version 2.2.16-22smp
>
> gcc version egcs-2.91.66
>
> Server version: Apache/1.3.27 (Unix)
>
> Compiled-in modules:
>
> http_core.c
>
> mod_env.c
>
> mod_log_config.c
>
> mod_mime.c
>
> mod_negotiation.c
>
> mod_status.c
>
> mod_include.c
>
> mod_autoindex.c
>
> mod_dir.c
>
> mod_cgi.c
>
> mod_asis.c
>
> mod_imap.c
>
> mod_actions.c
>
> mod_userdir.c
>
> mod_alias.c
>
> mod_access.c
>
> mod_auth.c
>
> mod_proxy.c
>
> mod_setenvif.c
>
> mod_ssl.c
>
> OpenSSL 0.9.6g 9 August 2002
>
>
>
> httpd.conf
>
> AddModule mod_proxy.c
>
>
>
> ProxyRequests off
>
> NoCache *
>
> AllowCONNECT 443,80
>
>
>
> Order Allow,Deny
>
> Allow from All
>
>
>
> ProxyRemote * http://1.2.3.4:85
>
>
>
> NameVirtualHost *
>
> Listen *:443
>
>
>
> SSLEngine on
>
> ServerName www.mydomain.com
>
> DocumentRoot /usr/local/apache/htdocs
>
> ErrorLog logs/443-error_log
>
>
>
> Listen *:80
>
>
>
> ServerAdmin hamid@mydomain.com
>
> DocumentRoot /usr/local/apache/www
>
> ServerName www1.mydomain.com
>
> ErrorLog logs/80-error_log
>
>
>
>
>
> Can anyone see a conflict or omission in this configuration? Does
> anyone have these two modules working together in a reverse proxy
> scenario? Any help or suggestions would be appreciated.
>
>
>
> Regards,
>
> Hamid.
>
>
>
> PS. Please reply to hmajidy@attbi.com as well as to this list.
--
Christopher McCrory
Pricegrabber

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod_ssl & mod_proxy

This is a multi-part message in MIME format.

------=_NextPart_000_0096_01C29C4A.A076AC00
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Apache does get the requests in my case, as verified in log files created by
CustomLog /usr/local/apache/logs/referer_log referer
CustomLog /usr/local/apache/logs/agent_log agent in httpd.conf. BTW, my LDAP
authentication is handled by the internal (iPlanet) web server.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Alexandre
Sent: Thursday, December 05, 2002 8:53 AM
To: modssl-users@modssl.org
Subject: Re: mod_ssl & mod_proxy


oh my God
i have the exactly the same problem ...
the only diference is that my autentication is on Ldap directory in the
internal net
when a click on link http://host.myinternalnet.com
nothing hapen
only the loop
and the apache dont get a request
im sniffing the interfaces but the request dont send ok.

any people can help us ???

thanks

Alexandre

HMajidy wrote:


This is to report a problem with Apache with mod_ssl and mod_proxy, and
to request the community?s help in resolving it.
"urn:schemas-microsoft-com:office:office" />

Objective: The objective is to set up Apache as a reverse proxy, to
receive encrypted HTTPS traffic over the Internet and to convert it to HTTP
and direct it to a web server through a firewall.


Problem: Apache seems to be redirecting traffic to the virtual hosts on
the local filesystem correctly, but mod_proxy does not seem to send requests
to remote URL (as specified by ProxyRemote directive below). SSL does
display correct certificate from requesting browser.


Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.

Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.


Here?s the system configuration:

Linux version 2.2.16-22smp

gcc version egcs-2.91.66

Server version: Apache/1.3.27 (Unix)

Compiled-in modules:

http_core.c

mod_env.c

mod_log_config.c

mod_mime.c

mod_negotiation.c

mod_status.c

mod_include.c

mod_autoindex.c

mod_dir.c

mod_cgi.c

mod_asis.c

mod_imap.c

mod_actions.c

mod_userdir.c

mod_alias.c

mod_access.c

mod_auth.c

mod_proxy.c

mod_setenvif.c

mod_ssl.c

OpenSSL 0.9.6g 9 August 2002


httpd.conf

AddModule mod_proxy.c



ProxyRequests off

NoCache *

AllowCONNECT 443,80



Order Allow,Deny

Allow from All



ProxyRemote * http://1.2.3.4:85



NameVirtualHost *

Listen *:443



SSLEngine on

ServerName www.mydomain.com

DocumentRoot /usr/local/apache/htdocs

ErrorLog logs/443-error_log



Listen *:80



ServerAdmin hamid@mydomain.com

DocumentRoot /usr/local/apache/www

ServerName www1.mydomain.com

ErrorLog logs/80-error_log




Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.


Regards,

Hamid.


PS. Please reply to hmajidy@attbi.com as well as to this list.


------=_NextPart_000_0096_01C29C4A.A076AC00
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable



charset=3Dus-ascii">

face=3DTahoma=20
size=3D2>-----Original Message-----
From:=20
owner-modssl-users@modssl.org =
[mailto:owner-modssl-users@modssl.org]On=20
Behalf Of Alexandre
Sent: Thursday, December 05, 2002 =
8:53=20
AM
To: modssl-users@modssl.org
Subject: Re: =
mod_ssl &=20
mod_proxy

oh my God
i have the exactly the =
same=20
problem ...
the only diference is that my autentication is on Ldap =

directory in the internal net
when a click on link =
href=3D"http://host.myinternalnet.com">http://host.myinterna lnet.com =


nothing hapen
only the loop=20

and the apache dont get a request
im sniffing the interfaces =
but the=20
request dont send ok.=20

any people can help us ???=20

thanks=20

Alexandre=20

HMajidy wrote:=20

 =20

face=3D"Times New Roman">This is to report a problem =
with Apache=20
with mod_ssl and mod_proxy, and to request the community?s help in =
resolving=20
it.

face=3D"Times New Roman"> <?xml:namespace =
prefix =3D o ns=20
=3D " =
href=3D"urn:schemas-microsoft-com:office:office">urn:schemas -microsoft-co=
m:office:office"=20
/>=20

face=3D"Times New Roman">Objective: The objective is =
to set up=20
Apache as a reverse proxy, to receive encrypted HTTPS traffic over =
the=20
Internet and to convert it to HTTP and direct it to a web server =
through a=20
firewall.=20

face=3D"Times New Roman">Problem: Apache seems to be =
redirecting=20
traffic to the virtual hosts on the local filesystem correctly, but=20
mod_proxy does not seem to send requests to remote URL (as specified =
by=20
ProxyRemote directive below). SSL does display correct certificate =
from=20
requesting browser.=20

face=3D"Times New Roman">Troubleshooting Steps =
Taken:=20
Experimenting with the target URL (IP and hosname) and various proxy =

directives (ie ProxyPassReverse, ProxyPass) I have not been able to=20
establish that proxy is doing anything at all.=20

face=3D"Times New Roman">Apache has been recompiled =
with mod_ssl=20
and mod_proxy as DSOs as well as statically linked in =
modules.=20

face=3D"Times New Roman">Here?s the system=20
configuration:=20

face=3D"Times New Roman">Linux version=20
2.2.16-22smp=20

face=3D"Times New Roman">gcc version =
egcs-2.91.66=20

face=3D"Times New Roman">Server version: =
Apache/1.3.27=20
(Unix)=20

face=3D"Times New Roman">Compiled-in =
modules:=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>http_core.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_env.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_log_config.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_mime.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_negotiation.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_status.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_include.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_autoindex.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_dir.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_cgi.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_asis.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_imap.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_actions.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_userdir.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_alias.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_access.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_auth.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_proxy.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_setenvif.c=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>mod_ssl.c=20

face=3D"Times New Roman">OpenSSL 0.9.6g 9 August=20
2002=20

face=3D"Times New Roman">httpd.conf=20

face=3D"Times New Roman">AddModule =
mod_proxy.c=20

face=3D"Times New Roman"><IfModule=20
mod_proxy.c>=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ProxyRequests off=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>NoCache *=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>AllowCONNECT 443,80=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0><Directory />=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>Order Allow,Deny=20

style=3D"mso-spacerun: yes"> style=3D"mso-spacerun: yes"> Roman"> size=3D+0>Allow from All=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0></Directory>=20

face=3D"Times New Roman">ProxyRemote * href=3D"http://1.2.3.4:85">http://1.2.3.4:85=20

face=3D"Times New Roman"> size=3D+0></IfModule>=20

face=3D"Times New Roman">NameVirtualHost =
*=20

face=3D"Times New Roman">Listen *:443=20

face=3D"Times New Roman"><VirtualHost=20
_default_:443>=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>SSLEngine on=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ServerName www.mydomain.com=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>DocumentRoot /usr/local/apache/htdocs=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ErrorLog logs/443-error_log=20

face=3D"Times New Roman"> size=3D+0></VirtualHost>=20

face=3D"Times New Roman">Listen *:80=20

face=3D"Times New Roman"><VirtualHost =
*:80>=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ServerAdmin hamid@mydomain.com=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>DocumentRoot /usr/local/apache/www=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ServerName www1.mydomain.com=20

style=3D"mso-spacerun: yes"> Roman"> size=3D+0>ErrorLog logs/80-error_log=20

face=3D"Times New Roman"> size=3D+0></VirtualHost>=20

face=3D"Times New Roman">Can anyone see a conflict =
or omission=20
in this configuration? Does anyone have these two modules working =
together=20
in a reverse proxy scenario? Any help or suggestions would be=20
appreciated.=20

face=3D"Times New Roman">Regards,=20

face=3D"Times New Roman">Hamid.=20

face=3D"Times New Roman">PS. Please reply to href=3D"mailto:hmajidy@attbi.com">hmajidy@attbi.com as well as =
to this=20
list.