creating a proxy

--0015174c144c14333504720c8c82
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

hi all,

I would like to enable a proxy on my server with port forwarding.
The idea is to connect to my server through putty with ssh tunnel forwarding
localhost:80 to myproxyserver.com:80
I have enabled proxy module with a2enmod proxy command and setup a
virtualhost
my virtualhost (/etc/apache2/sites-available/myproxyserver) has been enabled
and is as follow

NameVirtualHost *:80

ServerAdmin webmaster@localhost
ServerName myproxyserver.com
ProxyRequests On
ProxyVia On


Order deny,allow
Deny from all
Allow from localhost




when I set up proxy to 127.0.0.1 on firefox and try to access to a web site,
I get the following

Forbidden

You don't have permission to access / on this server.

how can I fix that ?


thanks


etienne

--0015174c144c14333504720c8c82
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

hi all,

I would like to enable a proxy on my server with port forwar=
ding.
The idea is to connect to my server through putty with ssh tunnel =
forwarding localhost:80 to myproxys=
erver.com:80

I have enabled proxy module with a2enmod proxy command and setup a virtualh=
ost
my virtualhost (/etc/apache2/sites-available/myproxyserver) has been=
enabled and is as follow

NameVirtualHost *:80
<VirtualHost *:=
80>

      =A0 ServerAdmin webmaster@localhost
      =
=A0 ServerName r>      =A0 ProxyRequests On
      =A0 ProxyVia =
On

      =A0 <Proxy *>
      =A0 Or=
der deny,allow

      =A0 Deny from all
=A0 =A0 =A0 =A0 Allow from localhost=

      
      =A0 </Proxy>
</Vir=
tualHost>

when I set up proxy to 127.0.0.1 on firefox and try to =
access to a web site, I get the following

Forbidden

You don't have permission to access /
on this server.

how can I fix that ?

thanks

r>

etienne

RE: creating a proxy

------_=_NextPart_001_01CA265F.75A2E85B
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I don't quite understand what you're trying to do ... "to connect to my
server through putty with ssh tunnel" and then later on you try to
browse "a web site". Are you tying to set up apache as a proxy server
(for outbound requests) and port-forwarding for inbound requests?





________________________________

From: Etienne [mailto:etienne@gnulinux.fr]
Sent: 26 August 2009 15:49
To: users@httpd.apache.org
Subject: [users@httpd] creating a proxy



hi all,

I would like to enable a proxy on my server with port forwarding.
The idea is to connect to my server through putty with ssh tunnel
forwarding localhost:80 to myproxyserver.com:80
I have enabled proxy module with a2enmod proxy command and setup a
virtualhost
my virtualhost (/etc/apache2/sites-available/myproxyserver) has been
enabled and is as follow

NameVirtualHost *:80

ServerAdmin webmaster@localhost
ServerName myproxyserver.com
ProxyRequests On
ProxyVia On


Order deny,allow
Deny from all
Allow from localhost




when I set up proxy to 127.0.0.1 on firefox and try to access to a web
site, I get the following


Forbidden


You don't have permission to access / on this server.

how can I fix that ?



thanks



etienne








************************************************************ **********
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this
message (or responsible for delivery of the message to such
person), you must not copy, distribute or take any action in
reliance to it.
In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately
if you or your employer do not consent to Internet email for
messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official
business of Minorplanet Systems plc shall be understood as
neither given nor endorsed by it. Minorplanet Systems plc, Registration n=
o: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
************************************************************ **********

------_=_NextPart_001_01CA265F.75A2E85B
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" xmlns=3D"http://ww=
w.w3.org/TR/REC-html40">


>

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"Pers=
onName"/>

Re: creating a proxy

On Wed, 2009-08-26 at 16:48 +0200, Etienne wrote:
> hi all,
>
> I would like to enable a proxy on my server with port forwarding.
> The idea is to connect to my server through putty with ssh tunnel
> forwarding localhost:80 to myproxyserver.com:80
> I have enabled proxy module with a2enmod proxy command and setup a
> virtualhost
> my virtualhost (/etc/apache2/sites-available/myproxyserver) has been
> enabled and is as follow
>
> NameVirtualHost *:80
>
> ServerAdmin webmaster@localhost
> ServerName myproxyserver.com
> ProxyRequests On
> ProxyVia On
>
>
> Order deny,allow
> Deny from all
> Allow from localhost
>
>
>
>
> when I set up proxy to 127.0.0.1 on firefox and try to access to a web
> site, I get the following
>
>
> Forbidden
> You don't have permission to access / on this server.
>
> how can I fix that ?
>
>
> thanks
>
>
> etienne
>
>

Simplest way is to forget trying to get apache to do that for you, and
just let SSH do it for you, seeing as you can SSH to that box ok.

ssh -D 3128

and then setup firefox to use 127.0.0.1:3128 as a SOCKS proxy.

The reason apache is probably not working is that it never uses that
vhost for the request. Does it work if you don't use vhosts?

Cheers

Tom


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: creating a proxy

------_=_NextPart_001_01CA2660.5FFE8F13
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Bah, silly me, I clicked send before I could provide these links which
may help with setting Apache as a (forward or outbound) proxy server:-



http://www.devshed.com/c/a/Administration/Using-Apache-As-A- Proxy-Server
/



and from the Apache docs:-


Forward and Reverse Proxies


Apache can be configured in both a forward and reverse proxy mode.

An ordinary forward proxy is an intermediate server that sits between
the client and the origin server. In order to get content from the
origin server, the client sends a request to the proxy naming the origin
server as the target and the proxy then requests the content from the
origin server and returns it to the client. The client must be specially
configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to
internal clients that are otherwise restricted by a firewall. The
forward proxy can also use caching (as provided by mod_cache
) to reduce
network usage.

The forward proxy is activated using the ProxyRequests

directive. Because forward proxys allow clients to access arbitrary
sites through your server and to hide their true origin, it is essential
that you secure your server
so that
only authorized clients can access the proxy before activating a forward
proxy.

[snip]



http://httpd.apache.org/docs/2.0/mod/mod_proxy.html



I hope these help, personally I use Smoothwall (www.smoothwall.org
) for outbound proxy and inbound
port-forwarding.







________________________________

From: Richard Peacock [mailto:richard.peacock@minorplanet.com]
Sent: 26 August 2009 16:11
To: users@httpd.apache.org
Subject: RE: [users@httpd] creating a proxy



I don't quite understand what you're trying to do ... "to connect to my
server through putty with ssh tunnel" and then later on you try to
browse "a web site". Are you tying to set up apache as a proxy server
(for outbound requests) and port-forwarding for inbound requests?





________________________________

From: Etienne [mailto:etienne@gnulinux.fr]
Sent: 26 August 2009 15:49
To: users@httpd.apache.org
Subject: [users@httpd] creating a proxy



hi all,

I would like to enable a proxy on my server with port forwarding.
The idea is to connect to my server through putty with ssh tunnel
forwarding localhost:80 to myproxyserver.com:80
I have enabled proxy module with a2enmod proxy command and setup a
virtualhost
my virtualhost (/etc/apache2/sites-available/myproxyserver) has been
enabled and is as follow

NameVirtualHost *:80

ServerAdmin webmaster@localhost
ServerName myproxyserver.com
ProxyRequests On
ProxyVia On


Order deny,allow
Deny from all
Allow from localhost




when I set up proxy to 127.0.0.1 on firefox and try to access to a web
site, I get the following


Forbidden


You don't have permission to access / on this server.

how can I fix that ?



thanks



etienne






************************************************************ **********
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this
message (or responsible for delivery of the message to such
person), you must not copy, distribute or take any action in
reliance to it.
In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately
if you or your employer do not consent to Internet email for
messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official
business of Minorplanet Systems plc shall be understood as
neither given nor endorsed by it.

Minorplanet Systems plc, Registration no: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
************************************************************ **********







************************************************************ **********
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this
message (or responsible for delivery of the message to such
person), you must not copy, distribute or take any action in
reliance to it.
In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately
if you or your employer do not consent to Internet email for
messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official
business of Minorplanet Systems plc shall be understood as
neither given nor endorsed by it. Minorplanet Systems plc, Registration n=
o: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
************************************************************ **********

------_=_NextPart_001_01CA2660.5FFE8F13
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" xmlns=3D"http://ww=
w.w3.org/TR/REC-html40">


i">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"Post=
alCode"/>
s"
name=3D"City"/>
s"
name=3D"Street"/>
s"
name=3D"place"/>
s"
name=3D"address"/>
s"
name=3D"PersonName"/>

Re: creating a proxy

--0015174c1820d0f87d04720cf722
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

I would like to bypass firewall for web browsing by tunneling my http
requests from my client to my proxy server through ssh

port forwarding is part of ssh protocole and fully supported by putty
see
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.ht ml#config-ssh-p=
ortfwd

etienne

2009/8/26 Richard Peacock

> I don=92t quite understand what you=92re trying to do =85 =93to connect =
to my
> server through putty with ssh tunnel=94 and then later on you try to brow=
se =93a
> web site=94. Are you tying to set up apache as a proxy server (for outbo=
und
> requests) and port-forwarding for inbound requests?
>
>
>
>
> ------------------------------
>
> *From:* Etienne [mailto:etienne@gnulinux.fr]
> *Sent:* 26 August 2009 15:49
> *To:* users@httpd.apache.org
> *Subject:* [users@httpd] creating a proxy
>
>
>
> hi all,
>
> I would like to enable a proxy on my server with port forwarding.
> The idea is to connect to my server through putty with ssh tunnel
> forwarding localhost:80 to myproxyserver.com:80
> I have enabled proxy module with a2enmod proxy command and setup a
> virtualhost
> my virtualhost (/etc/apache2/sites-available/myproxyserver) has been
> enabled and is as follow
>
> NameVirtualHost *:80
>
> ServerAdmin webmaster@localhost
> ServerName myproxyserver.com
> ProxyRequests On
> ProxyVia On
>
>
> Order deny,allow
> Deny from all
> Allow from localhost
>
>
>
>
> when I set up proxy to 127.0.0.1 on firefox and try to access to a web
> site, I get the following
> *Forbidden*
>
> You don't have permission to access / on this server.
>
> how can I fix that ?
>
>
>
> thanks
>
>
>
> etienne
>
>
>
>
>
> ************************************************************ **********
> Privileged/Confidential Information may be contained in this
> message. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such
> person), you must not copy, distribute or take any action in
> reliance to it.
> In such case, you should destroy this message and kindly
> notify the sender by reply email. Please advise immediately
> if you or your employer do not consent to Internet email for
> messages of this kind. Opinions, conclusions and other
> information in this message that do not relate to the official
> business of Minorplanet Systems plc shall be understood as
> neither given nor endorsed by it.
> Minorplanet Systems plc, Registration no: 3372097
> Minorplanet Limited, Registration no: 4072786
> Greenwich House, 223 North Street, Leeds, LS7 2AA
> VAT #: 698 1438 86
> ************************************************************ **********
>
>
>

--0015174c1820d0f87d04720cf722
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

I would like to bypass firewall for web browsing by tunneling my http reque=
sts from my client to my proxy server through ssh

port forwarding is=
part of ssh protocole and fully supported by putty
see //the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.html#co nfig-ssh-portfw=
d">http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4 .html#config-ss=
h-portfwd


etienne

Re: creating a proxy

--0015174bde3c4415e704720d1131
Content-Type: text/plain; charset=ISO-8859-1

yes, I want to do that. However my client is a windows XP machine. thus I
have to use putty

apparently this port forwarding is working well

I have a silly question : how can I configure apache to work as a proxy
without cancelling my current web hosting ?

I am only using virtual hosts for hosting and not sure to understand what is
the other way of doing ;-)

thanks

etienne


2009/8/26 Tom Evans

>
>
> Simplest way is to forget trying to get apache to do that for you, and
> just let SSH do it for you, seeing as you can SSH to that box ok.
>
> ssh -D 3128
>
> and then setup firefox to use 127.0.0.1:3128 as a SOCKS proxy.
>
> The reason apache is probably not working is that it never uses that
> vhost for the request. Does it work if you don't use vhosts?
>
> Cheers
>
> Tom
>
>
>

--0015174bde3c4415e704720d1131
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

yes, I want to do that. However my client is a windows XP machine. thus I h=
ave to use putty

apparently this port forwarding is working well
=

I have a silly question : how can I configure apache to work as a proxy=
without cancelling my current web hosting ?


I am only using virtual hosts for hosting and not sure to understand wh=
at is the other way of doing ;-)

thanks

etienne


iv class=3D"gmail_quote">2009/8/26 Tom Evans < =3D"http://tevans.uk">tevans.uk@googl=
email.com>

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<=
div class=3D"h5">

Simplest way is to forget trying to get apache to do that for y=
ou, and

just let SSH do it for you, seeing as you can SSH to that box ok.



ssh -D 3128 <yourproxybox>



and then setup firefox to use blank">127.0.0.1:3128 as a SOCKS proxy.



The reason apache is probably not working is that it never uses that

vhost for the request. Does it work if you don't use vhosts?



Cheers



Tom

Re: unsubscribe

--000e0cd17e825da03004720f9fb9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

unsubscribe

On Wed, Aug 26, 2009 at 2:25 PM, Michael Johnson wrote:

> unsubscribe
>

--000e0cd17e825da03004720f9fb9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

unsubscribe

Re: unsubscribe

At 11:25 AM 8/26/2009, you wrote:
>unsubscribe

As the headers say:

list-unsubscribe:


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: unsubscribe

At 11:28 AM 8/26/2009, you wrote:
>unsubscribe

As the headers to every message say:

list-unsubscribe:


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: creating a proxy

Etienne,

I am not quite sure that anyone here really understand what you are
trying to do, nor if your usage of the words "proxy" and "hosting"
really matches the usual technical meanings of these words.

I have a suspicion that your situation might be as follows :

- you are working on a workstation located in some organisation's
internal network
- this workstation does not have direct access to Internet HTTP servers.
In order to access an external HTTP server, you have to go through a
corporate firewall/proxy.
- that firewall/proxy does not allow you to connect to all the websites
you want to connect to, or it records the connections, which you do not
like.
- so you are trying to figure out, using putty's port forwarding, if you
can somehow bypass the corporation's HTTP proxy, by using another port
than 80 to get out, and still access the external HTTP server on it's
port 80.

If the above matches your situation, I feel that I must point out to you
that
- there may be very good reasons why such a scheme is in place.
Protecting the organisation against break-ins by viruses and other
nasties may be one of them.
- by doing so, you may be violating organisation rules, and expose
yourself to bad personal consequences

If the above is not your situation, then please provide some clearer
explanations of what you are trying to achieve, and someone might be
able to help you.
Although in principle, I don't think it has much to do with Apache.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: creating a proxy

hi andre

sorry for this late reply.
Your analysis is not correct. I am not trying to bypass a corporate
proxy . I work independently and I have no restriction to my web
access either at work or at home.

In fact I had the opposite problem to solve during my vacations:
trying to access my server from an hotel with a web based SSH gateway
but this is another story.

During my search, I found the following article and I tried to improve
my understanding of apache by reproducing what is described in it.
(http://www.math.polytechnique.fr/spip.php?rubrique78)

Apparently the laboratory subscribed to on-line periodicals which use
IP address to grant access to their customers.
To provide remote access to their employees, the laboratory uses SSH +
proxy : the laboratory IP address is provided to the periodical's
server.

I am not sure however that the laboratory was using apache for that
and I did not succeed to do it myself.

I obtained the same result by setting up a SOCKS proxy as described in
the following article
http://embraceubuntu.com/2006/12/08/ssh-tunnel-socks-proxy-f orwarding-secur=
e-browsing/

It has nothing to do with apache but it is quite useful to secure
browsing from a public hotspot.

thanks

etienne


2009/8/26 Andr=E9 Warnier :
> Etienne,
>
> I am not quite sure that anyone here really understand what you are tryin=
g
> to do, nor if your usage of the words "proxy" and "hosting" really matche=
s
> the usual technical meanings of these words.
>
> I have a suspicion that your situation might be as follows :
>
> - you are working on a workstation located in some organisation's interna=
l
> network
> - this workstation does not have direct access to Internet HTTP servers. =
=A0In
> order to access an external HTTP server, you have to go through a corpora=
te
> firewall/proxy.
> - that firewall/proxy does not allow you to connect to all the websites y=
ou
> want to connect to, or it records the connections, which you do not like.
> - so you are trying to figure out, using putty's port forwarding, if you =
can
> somehow bypass the corporation's HTTP proxy, by using another port than 8=
0
> to get out, and still access the external HTTP server on it's port 80.
>
> If the above matches your situation, I feel that I must point out to you
> that
> - there may be very good reasons why such a scheme is in place. Protectin=
g
> the organisation against break-ins by viruses and other nasties may be on=
e
> of them.
> - by doing so, you may be violating organisation rules, and expose yourse=
lf
> to bad personal consequences
>
> If the above is not your situation, then please provide some clearer
> explanations of what you are trying to achieve, and someone might be able=
to
> help you.
> Although in principle, I don't think it has much to do with Apache.
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> =A0" =A0 from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org