mod_proxy configuration issue

mod_proxy configuration issue

am 25.11.2009 12:11:38 von Bastien Semene

Hi List,

I'm new to mod_proxy and I think my problem is really a newbie problem
but I didn't find the answer in the doc or Google.

I set up a forward proxy but I can reach only web pages located on this
server (any vhost of this server), I can't reach web servers on the
local network or the Internet.

I set up the simpliest configuration as possible for a forward proxy :


ServerAdmin admin@domain.tld
ServerName proxy.domain.tld

ProxyRequests On
ProxyVia On


Order deny,allow
Deny from all
Allow from a.b.c.d x.y.z.a m.n.o


ErrorLog /var/log/httpd-fproxy-error.log
LogLevel Info

LogFormat "%v %h %l %u %t \"%r\" %>s %b" proxy_common
CustomLog /var/log/httpd-fproxy-access.log proxy_common


Apache is hosting others vhosts for repositories and a reverse proxy,
everything works fine there when I contact them directly.

If I try to reach "proxy.domain.tld" from a browser with this proxy
config, it works. I reach the default Apache page
(/usr/local/www/apache22/data/index.html).
If I try to reach another vhost on the same server, it works.
If I try to reach a web server on the local network it doesn't work,
error 503.
If I try to reach a web server on the Internet (Google) it doesn't work,
error 503.

For pages that works I have a correct message in access.log
For pages that doesn't work I don't have any message nor in
httpd-fproxy-error.log and httpd-fproxy-access.log

$apachectl -t is fine
$apachectl -S is fine
I can reach any webserver from the server with Lynx.
DNS are resolved through a local server, and resolutions are fine.
I have freshly installed nothing since mod_proxy was enabled for the
reverse proxy yet.

I review all the directives given in the basic example from the apache
doc. Everything seems fine

I'm using Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.7e-p1 DAV/2
SVN/1.5.2 PHP/5.2.6 with Suhosin-Patch configured
into a FreeBSD jail from 7.2-RELEASE-p2

Any advice or idea will be helpful,
Thanks,

--
Bastien Semene
Administrateur Réseau & Système

admin@cyanide-studio.com
+33 (0)1 47 86 30 80

Cyanide S.A.
5, Boulevard des Bouvets
92000 Nanterre - FRANCE


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: mod_proxy configuration issue

am 25.11.2009 12:42:01 von Emmanuel Bailleul

> -----Message d'origine-----
> De=A0: Bastien Semene [mailto:bsemene@cyanide-studio.com]
> Envoyé : mercredi 25 novembre 2009 12:12
> À : users@httpd.apache.org
> Objet=A0: [users@httpd] mod_proxy configuration issue
>=20
> Hi List,
>=20
> I'm new to mod_proxy and I think my problem is really a newbie problem
> but I didn't find the answer in the doc or Google.
>=20
> I set up a forward proxy but I can reach only web pages located on this
> server (any vhost of this server), I can't reach web servers on the
> local network or the Internet.
>=20
> I set up the simpliest configuration as possible for a forward proxy :
>=20
>
> ServerAdmin admin@domain.tld
> ServerName proxy.domain.tld
>=20
> ProxyRequests On
> ProxyVia On
>=20
>
> Order deny,allow
> Deny from all
> Allow from a.b.c.d x.y.z.a m.n.o
>
>=20
> ErrorLog /var/log/httpd-fproxy-error.log
> LogLevel Info
>=20
> LogFormat "%v %h %l %u %t \"%r\" %>s %b" proxy_common
> CustomLog /var/log/httpd-fproxy-access.log proxy_common
>
>=20
> Apache is hosting others vhosts for repositories and a reverse proxy,
> everything works fine there when I contact them directly.
>=20
> If I try to reach "proxy.domain.tld" from a browser with this proxy
> config, it works. I reach the default Apache page
> (/usr/local/www/apache22/data/index.html).
> If I try to reach another vhost on the same server, it works.
> If I try to reach a web server on the local network it doesn't work,
> error 503.
> If I try to reach a web server on the Internet (Google) it doesn't work,
> error 503.
>=20
> For pages that works I have a correct message in access.log
> For pages that doesn't work I don't have any message nor in
> httpd-fproxy-error.log and httpd-fproxy-access.log
>=20
> $apachectl -t is fine
> $apachectl -S is fine
> I can reach any webserver from the server with Lynx.
> DNS are resolved through a local server, and resolutions are fine.
> I have freshly installed nothing since mod_proxy was enabled for the
> reverse proxy yet.
>=20
> I review all the directives given in the basic example from the apache
> doc. Everything seems fine
>=20
> I'm using Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.7e-p1 DAV/2
> SVN/1.5.2 PHP/5.2.6 with Suhosin-Patch configured
> into a FreeBSD jail from 7.2-RELEASE-p2
>=20
> Any advice or idea will be helpful,
> Thanks,
>=20
> --
> Bastien Semene
> Administrateur R=E9seau & Syst=E8me
>=20
> admin@cyanide-studio.com
> +33 (0)1 47 86 30 80
>=20
> Cyanide S.A.
> 5, Boulevard des Bouvets
> 92000 Nanterre - FRANCE
>=20
>=20

Hi,

Are you using NameVirtualHost and where in your config is the snippet you i=
ncluded located in the global conf file (i.e before all the others ?) ?
It is not clear to me how you can use a forward proxy defined as a name bas=
ed vhost in your config file ... unless it's the default one (?).
It is either not clear to me whether you did your tests in "proxy mode", i.=
e. defining your Apache's proxy explicitly in your browser.=20

Regards.

Emmanuel


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RE: mod_proxy configuration issue

am 25.11.2009 15:43:51 von Bastien Semene

--------------060500000101030709060903
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

The default vhost was the problem.
I renamed the vhost file so it is loaded first and it works like a charm
now.

Thanks a lot.

Emmanuel Bailleul a écrit :
>> -----Message d'origine-----
>> De : Bastien Semene [mailto:bsemene@cyanide-studio.com]
>> Envoyé : mercredi 25 novembre 2009 12:12
>> À : users@httpd.apache.org
>> Objet : [users@httpd] mod_proxy configuration issue
>>
>> Hi List,
>>
>> I'm new to mod_proxy and I think my problem is really a newbie problem
>> but I didn't find the answer in the doc or Google.
>>
>> I set up a forward proxy but I can reach only web pages located on this
>> server (any vhost of this server), I can't reach web servers on the
>> local network or the Internet.
>>
>> I set up the simpliest configuration as possible for a forward proxy :
>>
>>
>> ServerAdmin admin@domain.tld
>> ServerName proxy.domain.tld
>>
>> ProxyRequests On
>> ProxyVia On
>>
>>
>> Order deny,allow
>> Deny from all
>> Allow from a.b.c.d x.y.z.a m.n.o
>>
>>
>> ErrorLog /var/log/httpd-fproxy-error.log
>> LogLevel Info
>>
>> LogFormat "%v %h %l %u %t \"%r\" %>s %b" proxy_common
>> CustomLog /var/log/httpd-fproxy-access.log proxy_common
>>
>>
>> Apache is hosting others vhosts for repositories and a reverse proxy,
>> everything works fine there when I contact them directly.
>>
>> If I try to reach "proxy.domain.tld" from a browser with this proxy
>> config, it works. I reach the default Apache page
>> (/usr/local/www/apache22/data/index.html).
>> If I try to reach another vhost on the same server, it works.
>> If I try to reach a web server on the local network it doesn't work,
>> error 503.
>> If I try to reach a web server on the Internet (Google) it doesn't work,
>> error 503.
>>
>> For pages that works I have a correct message in access.log
>> For pages that doesn't work I don't have any message nor in
>> httpd-fproxy-error.log and httpd-fproxy-access.log
>>
>> $apachectl -t is fine
>> $apachectl -S is fine
>> I can reach any webserver from the server with Lynx.
>> DNS are resolved through a local server, and resolutions are fine.
>> I have freshly installed nothing since mod_proxy was enabled for the
>> reverse proxy yet.
>>
>> I review all the directives given in the basic example from the apache
>> doc. Everything seems fine
>>
>> I'm using Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.7e-p1 DAV/2
>> SVN/1.5.2 PHP/5.2.6 with Suhosin-Patch configured
>> into a FreeBSD jail from 7.2-RELEASE-p2
>>
>> Any advice or idea will be helpful,
>> Thanks,
>>
>> --
>> Bastien Semene
>> Administrateur Réseau & Système
>>
>> admin@cyanide-studio.com
>> +33 (0)1 47 86 30 80
>>
>> Cyanide S.A.
>> 5, Boulevard des Bouvets
>> 92000 Nanterre - FRANCE
>>
>>
>>
>
> Hi,
>
> Are you using NameVirtualHost and where in your config is the snippet you included located in the global conf file (i.e before all the others ?) ?
> It is not clear to me how you can use a forward proxy defined as a name based vhost in your config file ... unless it's the default one (?).
> It is either not clear to me whether you did your tests in "proxy mode", i.e. defining your Apache's proxy explicitly in your browser.
>
> Regards.
>
> Emmanuel
>
>
>

--
Bastien Semene
Administrateur Réseau & Système

admin@cyanide-studio.com
+33 (0)1 47 86 30 80

Cyanide S.A.
5, Boulevard des Bouvets
92000 Nanterre - FRANCE


--------------060500000101030709060903
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit







The default vhost was the problem.

I renamed the vhost file so it is loaded first and it works like a
charm now.



Thanks a lot.



Emmanuel Bailleul a écrit :
cite="mid:%3C6DE93D6C829BAD4E8F3CDDABB8492B091A74AC220B@TFR1 EXCMS1.telindus.intra%3E"
type="cite">


-----Message d'origine-----

De : Bastien Semene []

Envoyé : mercredi 25 novembre 2009 12:12

À : 

Objet : [users@httpd] mod_proxy configuration issue



Hi List,



I'm new to mod_proxy and I think my problem is really a newbie problem

but I didn't find the answer in the doc or Google.



I set up a forward proxy but I can reach only web pages located on this

server (any vhost of this server), I can't reach web servers on the

local network or the Internet.



I set up the simpliest configuration as possible for a forward proxy :



<VirtualHost *:80>

        ServerAdmin 

        ServerName proxy.domain.tld



        ProxyRequests On

        ProxyVia On



        <Proxy *>

                Order deny,allow

                Deny from all

                Allow from a.b.c.d x.y.z.a m.n.o

        </Proxy>



        ErrorLog /var/log/httpd-fproxy-error.log

        LogLevel Info



        LogFormat "%v %h %l %u %t \"%r\" %>s %b" proxy_common

        CustomLog /var/log/httpd-fproxy-access.log proxy_common

</VirtualHost>



Apache is hosting others vhosts for repositories and a reverse proxy,

everything works fine there when I contact them directly.



If I try to reach "proxy.domain.tld" from a browser with this proxy

config, it works. I reach the default Apache page

(/usr/local/www/apache22/data/index.html).

If I try to reach another vhost on the same server, it works.

If I try to reach a web server on the local network it doesn't work,

error 503.

If I try to reach a web server on the Internet (Google) it doesn't work,

error 503.



For pages that works I have a correct message in access.log

For pages that doesn't work I don't have any message nor in

httpd-fproxy-error.log and httpd-fproxy-access.log



$apachectl -t is fine

$apachectl -S is fine

I can reach any webserver from the server with Lynx.

DNS are resolved through a local server, and resolutions are fine.

I have freshly installed nothing since mod_proxy was enabled for the

reverse proxy yet.



I review all the directives given in the basic example from the apache

doc. Everything seems fine



I'm using Apache/2.2.9 (FreeBSD) mod_ssl/2.2.9 OpenSSL/0.9.7e-p1 DAV/2

SVN/1.5.2 PHP/5.2.6 with Suhosin-Patch configured

into a FreeBSD jail from 7.2-RELEASE-p2



Any advice or idea will be helpful,

Thanks,



--

Bastien Semene

Administrateur Réseau & Système





+33 (0)1 47 86 30 80



Cyanide S.A.

5, Boulevard des Bouvets

92000 Nanterre - FRANCE





    




Hi,



Are you using NameVirtualHost and where in your config is the snippet you included located in the global conf file (i.e before all the others ?) ?

It is not clear to me how you can use a forward proxy defined as a name based vhost in your config file ... unless it's the default one (?).

It is either not clear to me whether you did your tests in "proxy mode", i.e. defining your Apache's proxy explicitly in your browser. 



Regards.



Emmanuel





  




-- 

Bastien Semene

Administrateur Réseau & Système





+33 (0)1 47 86 30 80



Cyanide S.A.

5, Boulevard des Bouvets

92000 Nanterre - FRANCE




--------------060500000101030709060903--