mod_proxy.c configuration problem for a tomcat6-bridged situation

Hi everyone.

I successfully managed to configure a apache2 installation to show me a
tomcat6 (port 8080) on the port 80 of a certain domain.

However, to do this, I had to comment all the raws of the file:
/etc/apache2/mods-enabled/proxy.conf
So actually it's "allow from all"

I know that this is dangerous, so I'm asking help to you on how to
configure things, because I tryed everything but the bridge don't works.

====================================================
This is the bridge with the virtualhost:

ServerAdmin "webmaster@TOMCATWEBSITE.com"
ServerName www.TOMCATWEBSITE.com

ProxyPreserveHost On
ProxyPass / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverse / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverseCookieDomain www.TOMCATWEBSITE.com:8080
www.TOMCATWEBSITE.com
ProxyPassReverseCookiePath / /

LogLevel warn
CustomLog /var/log/apache2/TOMCATWEBSITE_access.log vhost_combined
ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log


RewriteEngine on
RewriteRule ^/TOMCATWEBSITE/(.*)$
http://www.TOMCATWEBSITE.com/$1 [L]

# AllowOverride None
deny from all



====================================================
That is the configuration that I tryed and it's not working:

AddDefaultCharset off
Order deny,allow
Deny from all
# Allow from www.TOMCATWEBSITE.com

====================================================


Thank you.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy.c configuration problem for a

T24gTW9uLCBKYW4gNCwgMjAxMCBhdCAxMjozOCBQTSwgQWx2aXNlIE5pY29s ZXR0aQo8bGlzdHNA
YWx2aXNlbmljb2xldHRpLmNvbT4gd3JvdGU6Cj4gPT09PT09PT09PT09PT09 PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PQo+IFRoYXQgaXMgdGhlIGNvbmZp Z3VyYXRpb24gdGhh
dCBJIHRyeWVkIGFuZCBpdCdzIG5vdCB3b3JraW5nOgo+IKAgoCCgIDxQcm94 eSAqPgo+IKAgoCCg
IKAgoCCgIKAgQWRkRGVmYXVsdENoYXJzZXQgb2ZmCj4goCCgIKAgoCCgIKAg oCBPcmRlciBkZW55
LGFsbG93Cj4goCCgIKAgoCCgIKAgoCBEZW55IGZyb20gYWxsCj4gIyCgIKAg oCCgIKAgoCBBbGxv
dyBmcm9tIHd3dy5UT01DQVRXRUJTSVRFLmNvbQo+IKAgoCCgIDwvUHJveHk+ Cj4gPT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQoK IkFsbG93IiByZXN0
cmljdHMgdGhlIGNsaWVudCwgb3IgYnJvd3NlciwgYWRkcmVzcy9ob3N0bmFt ZS4gIFlvdSBzZWVt
CnRvIGhhdmUgbGlzdGVkIHlvdXIgb3JpZ2luIChiYWNrZW5kKSBzZXJ2ZXIg aW5zdGVhZC4KCldo
YXQgd2VyZSB5b3UgdHJ5aW5nIHRvIHJlc3RyaWN0PwoKLS0gCkVyaWMgQ292 ZW5lcgpjb3ZlbmVy
QGdtYWlsLmNvbQo=

Re: mod_proxy.c configuration problem for a tomcat6-bridgedsituation

--------------000005020200050406060400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
I am trying to restrict everyone but that website ...

Actually that configuration you quoted is ALL commented so I don't have
any allow/deny.

If I put it like you wrote, the bridged website on tomcat goes on timeout.


So wich is the right way?

--------------000005020200050406060400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit








Eric Covener wrote:
cite="mid:1404e5911001040941h2d060f5q249aae94e06e64f0@mail.g mail.com"
type="cite">

On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti

 wrote:

  

====================================================

That is the configuration that I tryed and it's not working:

      <Proxy *>

              AddDefaultCharset off

              Order deny,allow

              Deny from all

#             Allow from 

      </Proxy>

====================================================

    

"Allow" restricts the client, or browser, address/hostname.  You seem

to have listed your origin (backend) server instead.



What were you trying to restrict?



  

Re: mod_proxy.c configuration problem for a tomcat6-bridgedsituation

--------------050806040805020305030904
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
Hi ...

This is my ACTUAL configuration:

ProxyRequests Off

AddDefaultCharset off

ProxyVia On

So I'm open like a californian beach.

I would like to restrict access to everything-but-mywebsite like the
example:


ProxyRequests Off

AddDefaultCharset off
Order deny,allow
Deny from all

Allow from www.TOMCATWEBSITE.com

ProxyVia On


But this is not making work the tomcat6-apache2 bridge.
So I need your help to understand the right configuration.

This is the TOMCATWEBSITE.COM virtual host conf:

ServerAdmin "webmaster@TOMCATWEBSITE.com"
ServerName www.TOMCATWEBSITE.com

ProxyPreserveHost On
ProxyPass / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverse / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverseCookieDomain www.TOMCATWEBSITE.com:8080
www.TOMCATWEBSITE.com
ProxyPassReverseCookiePath / /

LogLevel warn
CustomLog /var/log/apache2/TOMCATWEBSITE_access.log vhost_combined
ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log


RewriteEngine on
RewriteRule ^/TOMCATWEBSITE/(.*)$ http://www.TOMCATWEBSITE.com/$1
[L]

# AllowOverride None
deny from all




--------------050806040805020305030904
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit








Eric Covener wrote:
cite="mid:1404e5911001040941h2d060f5q249aae94e06e64f0@mail.g mail.com"
type="cite">

On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti

 wrote:

  

====================================================

That is the configuration that I tryed and it's not working:

      <Proxy *>

              AddDefaultCharset off

              Order deny,allow

              Deny from all

#             Allow from 

      </Proxy>

====================================================

    

"Allow" restricts the client, or browser, address/hostname.  You seem

to have listed your origin (backend) server instead.



What were you trying to restrict?



  

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all



                Allow from 

        </Proxy>

        ProxyVia On

</IfModule>

Re: mod_proxy.c configuration problem for a

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
wrote:
> I would like to restrict access to everything-but-mywebsite like the
> example:

>
>
> ProxyRequests Off
>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
>
> =A0 =A0 =A0 =A0 =A0 =A0 Allow from www.TOMCATWEBSITE.com
>
> ProxyVia On
>


That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy.c configuration problem for a tomcat6-bridgedsituation

--------------010700080707090409070005
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
> wrote:
>
>> I would like to restrict access to everything-but-mywebsite like the
>> example:
>>
>
>
>>
>> ProxyRequests Off
>>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>>
>> Allow from www.TOMCATWEBSITE.com
>>
>> ProxyVia On
>>
>
>
> That restricts access "from" an [client] address, not access "to" a
> backend [webserver] address.
>
> If you're running a reverse proxy only (ProxyRequests off), and you've
> told it to connect to a specific backend via ProxyPass, I don't see
> why you need furtherer configuration to restrict anything.
>
>
mhh ...

the point is that the original configuration in my webserver was:


ProxyRequests Off

AddDefaultCharset off
Order deny,allow
Deny from all

ProxyVia On



And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.
Also, in the header of that file I found written:
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

So I guess this is not good:

ProxyRequests Off

AddDefaultCharset off

ProxyVia On




Or is it ok?

--------------010700080707090409070005
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit







Eric Covener wrote:
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068@mail. gmail.com"
type="cite">

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti

 wrote:

  

I would like to restrict access to everything-but-mywebsite like the

example:

    

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all



                Allow from 

        </Proxy>

        ProxyVia On

</IfModule>

That restricts access "from" an [client] address, not access "to" a

backend [webserver] address.



If you're running a reverse proxy only (ProxyRequests off), and you've

told it to connect to a specific backend via ProxyPass, I don't see

why you need furtherer configuration to restrict anything.



  

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all

        </Proxy>

        ProxyVia On

</IfModule>

Re: mod_proxy.c configuration problem for a tomcat6-bridgedsituation

--------------010309010607020404080405
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alvise Nicoletti wrote:
> Eric Covener wrote:
>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>> wrote:
>>
>>> I would like to restrict access to everything-but-mywebsite like the
>>> example:
>>>
>>
>>
>>>
>>> ProxyRequests Off
>>>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>>
>>> Allow from www.TOMCATWEBSITE.com
>>>
>>> ProxyVia On
>>>
>>
>>
>> That restricts access "from" an [client] address, not access "to" a
>> backend [webserver] address.
>>
>> If you're running a reverse proxy only (ProxyRequests off), and you've
>> told it to connect to a specific backend via ProxyPass, I don't see
>> why you need furtherer configuration to restrict anything.
>>
>>
> mhh ...
>
> the point is that the original configuration in my webserver was:
>
> ProxyRequests Off
>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
>
> ProxyVia On
>
>
> And everthing was working, BUT, I had to remove everything to make the
> tomcat6-apache2 bridge work.
> Also, in the header of that file I found written:
> #turning ProxyRequests on and allowing proxying from all may allow
> #spammers to use your proxy to send email.
>
> So I guess this is not good:
>
> ProxyRequests Off
>
> AddDefaultCharset off
>
> ProxyVia On
>
>
>
>
> Or is it ok?

Do you guy confirm that leaving a webserver with mod_proxy.c enabled but
with no rules is a good thing?

So I relax up a bit ...

--------------010309010607020404080405
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit








Alvise Nicoletti wrote:

Eric Covener wrote:
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068@mail. gmail.com"
type="cite">

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti


 href="mailto:lists@alvisenicoletti.com"><lists@alvisenicoletti.com > wrote:

  

I would like to restrict access to everything-but-mywebsite like the

example:

    

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all



                Allow from 
 class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com

        </Proxy>

        ProxyVia On

</IfModule>

That restricts access "from" an [client] address, not access "to" a

backend [webserver] address.



If you're running a reverse proxy only (ProxyRequests off), and you've

told it to connect to a specific backend via ProxyPass, I don't see

why you need furtherer configuration to restrict anything.



  

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all

        </Proxy>

        ProxyVia On

</IfModule>

Re: mod_proxy.c configuration problem for a tomcat6-bridgedsituation

--------------070106020502080605070601
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alvise Nicoletti wrote:
> Alvise Nicoletti wrote:
>> Alvise Nicoletti wrote:
>>> Eric Covener wrote:
>>>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>>>> wrote:
>>>>
>>>>> I would like to restrict access to everything-but-mywebsite like the
>>>>> example:
>>>>>
>>>>
>>>>
>>>>>
>>>>> ProxyRequests Off
>>>>>
>>>>> AddDefaultCharset off
>>>>> Order deny,allow
>>>>> Deny from all
>>>>>
>>>>> Allow from www.TOMCATWEBSITE.com
>>>>>
>>>>> ProxyVia On
>>>>>
>>>>
>>>>
>>>> That restricts access "from" an [client] address, not access "to" a
>>>> backend [webserver] address.
>>>>
>>>> If you're running a reverse proxy only (ProxyRequests off), and you've
>>>> told it to connect to a specific backend via ProxyPass, I don't see
>>>> why you need furtherer configuration to restrict anything.
>>>>
>>>>
>>> mhh ...
>>>
>>> the point is that the original configuration in my webserver was:
>>>
>>> ProxyRequests Off
>>>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>>
>>> ProxyVia On
>>>
>>>
>>> And everthing was working, BUT, I had to remove everything to make
>>> the tomcat6-apache2 bridge work.
>>> Also, in the header of that file I found written:
>>> #turning ProxyRequests on and allowing proxying from all may
>>> allow
>>> #spammers to use your proxy to send email.
>>>
>>> So I guess this is not good:
>>>
>>> ProxyRequests Off
>>>
>>> AddDefaultCharset off
>>>
>>> ProxyVia On
>>>
>>>
>>>
>>>
>>> Or is it ok?
>>
>


mhh ....

> Do you guy confirm that leaving a webserver with mod_proxy.c enabled
> but with no rules is a good thing?
>
> So I relax up a bit ...

And what is this?

Connection attempts using mod_proxy:
65.183.2.75 -> http://lti-mail01.ltinetworks.com:25
: 1 Time(s)


--------------070106020502080605070601
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit







Alvise Nicoletti wrote:

Alvise Nicoletti wrote:

type="cite">
http-equiv="Content-Type">

Alvise Nicoletti wrote:

type="cite">
http-equiv="Content-Type">
Eric Covener wrote:
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068@mail. gmail.com"
type="cite">

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti


 href="mailto:lists@alvisenicoletti.com"><lists@alvisenicoletti.com > wrote:

  

I would like to restrict access to everything-but-mywebsite like the

example:

    

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all



                Allow from 
 class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com

        </Proxy>

        ProxyVia On

</IfModule>

That restricts access "from" an [client] address, not access "to" a

backend [webserver] address.



If you're running a reverse proxy only (ProxyRequests off), and you've

told it to connect to a specific backend via ProxyPass, I don't see

why you need furtherer configuration to restrict anything.



  

mhh ...



the point is that the original configuration in my webserver was:

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

                Order deny,allow

                Deny from all

        </Proxy>

        ProxyVia On

</IfModule>

And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.

Also, in the header of that file I found written:

        #turning ProxyRequests on and allowing proxying from all may
allow

        #spammers to use your proxy to send email.



So I guess this is not good:

<IfModule mod_proxy.c>

        ProxyRequests Off

        <Proxy *>

                AddDefaultCharset off

        </Proxy>

        ProxyVia On

</IfModule>







Or is it ok?

Do
you guy confirm that leaving a webserver with mod_proxy.c enabled
but with no rules is a good thing?



So I relax up a bit ...