Dear all,I'm reverse proxying requests on Apache/2.4.18 (stock version on Ubuntu 16.04) via SSL to an application running on IIS 7.0. Somehow, despite ProxyPreserveHost, IIS app manages to sniff IP-address 10.1.2.3 specified in ProxyPass (see below) and breaks. If I replace 10.1.2.3 with myapp.com and put "10.1.2.3 myapp.com" in /etc/hosts everything works (but I don't like the solution).
Because of SSL the problem is somewhat hard to debug, can't just packet trace. I tried to replace IIS application with CGI script on different Apache, without SSL, and found that ProxyPreserveHost is not ignored (environment variable SERVER_NAME set correctly to myapp.com). I guess for SSL the ProxyPreserveHost is implemented partially, i.e. for Host header but not for SNI. Any ideas on how to investigate?
Here's the complete virtualhost configuration:
---
<VirtualHost *:443>
ServerName myapp.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/myapp.pem
SSLCertificateKeyFile /etc/ssl/private/myapp.key
SSLProxyEngine on
SSLProxyProtocol all
SSLProxyCipherSuite ALL
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location />
ProxyPreserveHost on
ProxyPass https://10.1.2.3/ connectiontimeout=300 timeout=300
ProxyPassReverse /
ProxyPassReverseCookieDomain myapp.com 10.1.2.3
</Location>
</VirtualHost>
---
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|