Hi! I have set up apache2-2.2.10-2.24.5 on SLES 11 SP1 as a forward proxy. (see conf file below) Then I set it as a proxy in Firefox on another PC and did some test. HTTP access works fine to all tested sites (local and public internet) on different ports (80, 7001 etc...) HTTPS works to port 433 ( https://www.google.com and so) but it fails for all other (tested) ports. For example: http://some.public.internet.site.org:8443 https://some-intranet-server:8081 The error reported by Firefox is a boilerplate error page: The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. Check the proxy settings to make sure that they are correct. Contact your network administrator to make sure the proxy server is working. I sniffed the traffic between firefox and apache in this case and it is: >From Firefox to proxy: CONNECT some.public.internet.site.org:8443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Proxy-Connection: keep-alive Connection: keep-alive Host: some.public.internet.site.org:8443 >From proxy to Firefox: HTTP/1.1 403 Forbidden Date: Fri, 31 Jul 2015 20:54:19 GMT Server: Apache/2.2.10 (Linux/SUSE) Vary: accept-language,accept-charset Accept-Ranges: bytes Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 Content-Language: en <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <title>Access forbidden!</title> <link rev="made" href="mailto:my_personal_address@xxxxxxxxxxx" /> <style type="text/css"><!--/*--><![CDATA[/*><!--*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p, address {margin-left: 3em;} span {font-size: smaller;} /*]]>*/--></style> </head> <body> <h1>Access forbidden!</h1> <p> You don't have permission to access the requested object. It is either read-protected or not readable by the server. </p> <p> If you think this is a server error, please contact the <a href="mailto:my_personal_address@xxxxxxxxxxx">webmaster</a>. </p> <h2>Error 403</h2> <address> <a href="/">some.public.internet.site.org</a><br /> <span> Fri Jul 31 22:54:19 2015<br /> Apache/2.2.10 (Linux/SUSE)</span> </address> </body> </html> It is an error page generated by apache (it has my email address I set in the config) Here is the debug log for: - failed SSL connection to port 8443 [Fri Jul 31 21:40:57 2015] [debug] mod_proxy_connect.c(68): proxy: CONNECT: canonicalising URL some.public.internet.site.org:8443 [Fri Jul 31 21:40:57 2015] [debug] proxy_util.c(1345): [client 10.49.9.212] proxy: *: found forward proxy worker for some.public.internet.site.org:8443 [Fri Jul 31 21:40:57 2015] [debug] mod_proxy.c(756): Running scheme some.public.internet.site.org handler (attempt 0) [Fri Jul 31 21:40:57 2015] [debug] mod_proxy_connect.c(104): proxy: CONNECT: serving URL some.public.internet.site.org:8443 [Fri Jul 31 21:40:57 2015] [debug] mod_proxy_connect.c(120): proxy: CONNECT: connecting some.public.internet.site.org:8443 to some.public.internet.site.org:8443 [Fri Jul 31 21:40:57 2015] [debug] mod_proxy_connect.c(137): proxy: CONNECT: connecting to remote proxy some.public.internet.site.org on port 8443 - failed SSL connection to port 8081 [Fri Jul 31 22:41:28 2015] [debug] mod_proxy_connect.c(68): proxy: CONNECT: canonicalising URL some-intranet-server:8081 [Fri Jul 31 22:41:28 2015] [debug] proxy_util.c(1498): [client 10.49.9.212] proxy: *: found forward proxy worker for some-intranet-server:8081 [Fri Jul 31 22:41:28 2015] [debug] mod_proxy.c(988): Running scheme some-intranet-server handler (attempt 0) [Fri Jul 31 22:41:28 2015] [debug] mod_proxy_connect.c(104): proxy: CONNECT: serving URL some-intranet-server:8081 [Fri Jul 31 22:41:28 2015] [debug] mod_proxy_connect.c(121): proxy: CONNECT: connecting some-intranet-server:8081 to some-intranet-server:8081 [Fri Jul 31 22:41:28 2015] [debug] mod_proxy_connect.c(144): proxy: CONNECT: connecting to remote proxy some-intranet-server on port 8081 - successful SSL connection to port 443 [Fri Jul 31 21:40:50 2015] [debug] mod_proxy_connect.c(68): proxy: CONNECT: canonicalising URL another.public.internet.site.org:443 [Fri Jul 31 21:40:50 2015] [debug] proxy_util.c(1345): [client 10.49.9.212] proxy: *: found forward proxy worker for another.public.internet.site.org:443 [Fri Jul 31 21:40:50 2015] [debug] mod_proxy.c(756): Running scheme another.public.internet.site.org handler (attempt 0) [Fri Jul 31 21:40:50 2015] [debug] mod_proxy_connect.c(104): proxy: CONNECT: serving URL another.public.internet.site.org:443 [Fri Jul 31 21:40:50 2015] [debug] mod_proxy_connect.c(120): proxy: CONNECT: connecting another.public.internet.site.org:443 to another.public.internet.site.org:443 [Fri Jul 31 21:40:50 2015] [debug] mod_proxy_connect.c(137): proxy: CONNECT: connecting to remote proxy another.public.internet.site.org on port 443 The proxy's response for a successful connection is: CONNECT another.public.internet.site.org:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Proxy-Connection: keep-alive Connection: keep-alive Host: another.public.internet.site.org:443 HTTP/1.0 200 Connection Established Proxy-agent: Apache/2.2.10 (Linux/SUSE) (then Firefox sets up an SSL channel to the remote server) Config: Loaded modules (besides the default) : proxy proxy_http headers proxy_connect Listen 8080 ServerAdmin my_personal_address@xxxxxxxxxxx <VirtualHost _default_:8080> ProxyRequests On SSLProxyEngine On # this does not make a difference ErrorLog /var/log/apache2/debug.log LogLevel debug <Proxy *> Order deny,allow Deny from all Allow from 127.0.0.1 192.168.3.55 # the PC running Firefox </Proxy> </VirtualHost> Is there something obvious I am missing? Both the firefox PC and the PC running apache2 have unrestricted access to all tested websites. The sites work from Firefox when no proxy is set. They are also accessible from the PC running apache. Kind regards, David Balažic --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx