|
Yes we got the client to send all the traffic to the proxy but the proxy is not forwarding that to the backend server. It is trying serve up a page from the
Apache proxy. Basically what we are trying to do is to allow HTTPS connection from clients on the internet to a backend server through the Apache proxy. Is this possible and if so what changes do we need to make to get it working.
Nagu Sittampalam | Security Team Leader , IT Solutions Division | Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax: 02380 832973 | e-mail
Nagu.Sittampalam@xxxxxxxxxxxxxxxxxx | e-mail
Nagu.Sittampalam@xxxxxxxxxxxx | post
Capita ITS, 1st Floor, One Guildhall Square, Above Bar, Southampton, SO14 7FP From: Yehuda Katz [mailto:yehuda@xxxxxxxxxx]
In order to use forward proxy, your client must be configured for it - in which case your client will pass ALL of its traffic through the proxy. Have you done that? If that is not what you want, then what you are trying to do is not possible with Apache. - Y On Tue, Feb 11, 2014 at 11:29 AM, Sittampalam, Nagu <Nagu.Sittampalam@xxxxxxxxxxxxxxxxxx> wrote: It is forward proxy we are trying to setup now because reverse proxy does not work for our backend
application which is on IIS and required client certificate information to be passed to the backend. Can you see why the forward proxy configuration is not working? Nagu Sittampalam | Security Team Leader , IT Solutions Division | Southampton Strategic Services Partnership
| Landline: 02380 833012 | Fax: 02380 832973 | e-mail
Nagu.Sittampalam@xxxxxxxxxxxxxxxxxx | e-mail
Nagu.Sittampalam@xxxxxxxxxxxx | post Capita ITS, 1st Floor, One Guildhall Square, Above Bar, Southampton, SO14 7FP From: Yehuda
Katz [mailto:yehuda@xxxxxxxxxx]
Are you trying to set up a Forward Proxy or a Reverse Proxy (explanation:
http://www.jscape.com/blog/bid/87783/Forward-Proxy-vs-Reverse-Proxy)? Your configuration looks like a forward proxy but your email implies that you really want a reverse proxy. See this part of the HTTPD manual for more about reverse proxy setup: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse A reverse proxy is activated using the - Y On Tue, Feb 11, 2014 at 7:51 AM, Sittampalam, Nagu <Nagu.Sittampalam@xxxxxxxxxxxxxxxxxx> wrote: Hello
WE are trying to setup HTTPS tunnelling to a backend server through Apache proxy but we are finding the client connect but Apache does not send through the traffic the backend
server. The config we have on our Apache proxy virtual host is <VirtualHost
172.19.1.136:443> DocumentRoot "/usr/local/apache2221/htdocs/ibcm/" ServerName test.testdom.local ErrorLog logs/ibcm ServerAdmin
webmaster@testdom.local ProxyRequests On AllowConnect 443 SSLEngine on SSLHonorCipherOrder On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile "/etc/ssl/crt/ibcm.crt" SSLCertificateKeyFile "/etc/ssl/crt/testdom.key" SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.crt" <proxy *> Order deny,allow Deny from all </proxy> <ProxyMatch (webssl.testdom.com|192.168.50.100)> Order deny,allow Allow from all </ProxyMatch> </VirtualHost> Anybody know what we are not doing correctly. Also we found Apache would not start without us putting in the root certificate. Thought it would not need any certificate for tunnelling
so wonder if we have missed something. Nagu Sittampalam | Security Team Leader , IT Solutions Division | Southampton Strategic Services Partnership | Landline: 02380 833012 |
Fax: 02380 832973 | e-mail
Nagu.Sittampalam@xxxxxxxxxxxxxxxxxx | e-mail
Nagu.Sittampalam@xxxxxxxxxxxx | post Capita ITS, 1st Floor, One Guildhall Square, Above Bar, Southampton, SO14 7FP |
|