what should be in the proxy directive

Hi there,

I set up an apache on a debian lenny.
I do have a virtual host that uses the redirect module.

Now all access to that virtual host is blocked.
only when I alter the config file of the proxy module to allow access from
everywhere I can access the site:

#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off


AddDefaultCharset off
Order deny,allow
Deny from all
Allow from wv.opensourcevista.net
Allow from all <------- this I belive is bad


# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via:
headers)
# Set to one of: Off | On | Full | Block

ProxyVia On


now this is for sure wrong.
So could somebody please give me a hint what should be in the stanza?

thanks a lot
robert

here is the virtual host stanza I am using:


ServerName wv.opensourcevista.net
ServerAdmin robert@redcor.ch

DocumentRoot /var/www/
ErrorLog /var/log/apache2/wv_error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug

CustomLog /var/log/apache2/wv_access.log combined


# don't loose time with IP address lookups
HostnameLookups Off

# needed for named virtual hosts
UseCanonicalName Off

# configures the footer on server-generated documents
ServerSignature On

RewriteEngine On

# use #RewriteLog to debug problems with your rewrite rules
# disable it after you found the error our your harddisk will be filled
*very fast*
#RewriteLog "/var/log/apache2/rewrite_log"
#RewriteLogLevel 2

RewriteRule /(.*)/$
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80 /wv/VirtualHostRoot/$1
[L,P]
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80 /wv/VirtualHostRoot/$1
[L,P]



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: what should be in the proxy directive

On 29 Dec 2009, at 10:38, robert rottermann wrote:

> Hi there,
>
> I set up an apache on a debian lenny.
> I do have a virtual host that uses the redirect module.

Ugly!

> Now all access to that virtual host is blocked.
> only when I alter the config file of the proxy module to allow access from
> everywhere I can access the site:

That's what you (usually) want for a reverse proxy.

>

Drop . It only serves to confuse, if you're editing your config
"by hand" (as opposed to purely with tools like debian's a2enmod).

> now this is for sure wrong.
> So could somebody please give me a hint what should be in the stanza?

You're confusing forward and reverse proxies. Forward proxies are
dangerous and need to be restricted, but you've correctly set
ProxyRequests Off, so you don't have a forward proxy. Reverse
proxies are, to all intents and purposes, equivalent to origin servers.

But put all your proxy directives inside the .
And is usually a bad idea: use instead.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: what should be in the proxy directive

Am 29.12.2009 12:48, schrieb Nick Kew:
>
> On 29 Dec 2009, at 10:38, robert rottermann wrote:
>
>> Hi there,
>>
>> I set up an apache on a debian lenny.
>> I do have a virtual host that uses the redirect module.
>
> Ugly!
>
>> Now all access to that virtual host is blocked.
>> only when I alter the config file of the proxy module to allow access from
>> everywhere I can access the site:
>
> That's what you (usually) want for a reverse proxy.
>
>>
>
> Drop . It only serves to confuse, if you're editing your config
> "by hand" (as opposed to purely with tools like debian's a2enmod).
>
>> now this is for sure wrong.
>> So could somebody please give me a hint what should be in the stanza?
>
> You're confusing forward and reverse proxies. Forward proxies are
> dangerous and need to be restricted, but you've correctly set
> ProxyRequests Off, so you don't have a forward proxy. Reverse
> proxies are, to all intents and purposes, equivalent to origin servers.
>
> But put all your proxy directives inside the .
> And is usually a bad idea: use instead.
>
thanks a lot,
I never used such an proxy directive and was wondering whether I was always
creating an open proxy.
now the only thing I had to do, was to delete the config file provided by debian..

by the way: why is using the redirect module ugly?

thanks again
robert


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org