Re: Strange behavior with directives ProxyRemote and NoProxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

I've tracked this down to the sources now. Did not find any obvious errors.

Following line numbers are those of version/tag 2.4.52.

However, it seems like in mod_proxy.c, lines 1402 to 1405, ´direct_connect´ is constantly set to TRUE, if and only if NoProxy is set to my local domain (e.g. ".mycompany.local"). It seems to be set to FALSE in all other cases.

Here are the log entries (shortened, date, pid:, tid: and client:) for some different domain values of NoProxy:

NoProxy ".mycompany.local"

[<date>] [proxy:trace2] proxy_util.c(2359): *: using default reverse proxy worker for https://www.geoportal-raumordnung-bw.de/ows/services... (no keepalive) [<date>] [proxy:debug] mod_proxy.c(1503): AH01143: Running scheme https handler (attempt 0) [<date>] [proxy:debug] proxy_util.c(2531): AH00942: https: has acquired connection for (*) [<date>] [proxy:debug] proxy_util.c(2587): AH00944: connecting https://www.geoportal-raumordnung-bw.de/ows/services... to www.geoportal-raumordnung-bw.de:443 [<date>] [proxy:debug] proxy_util.c(2810): AH00947: connected /ows/services... to www.geoportal-raumordnung-bw.de:443 [<date>] [proxy:trace2] proxy_util.c(3244): https: fam 2 socket created to connect to *
...
waiting for timeout ... ... ... ... ...
...
[<date>] [proxy:error] (110)Connection timed out: AH00957: https: attempt to connect to 5.9.89.16:443 (*) failed [<date>] [proxy_http:error] AH01114: HTTP: failed to make connection to backend: www.geoportal-raumordnung-bw.de [<date>] [proxy:debug] proxy_util.c(2546): AH00943: https: has released connection for (*)

Did not try to use the ProxyRemote proxy server. Why not? Domain "geoportal-raumordnung-bw.de" is NOT EQUAL to "mycompany.local", is it?



Setting NoProxy to anything else (including ".geoportal-raumordnung-bw.de"!) makes httpd use the ProxyRemote for ALL requests!


NoProxy ".geoportal-raumordnung-bw.de"

[<date>] [proxy:trace2] proxy_util.c(2359): *: using default reverse proxy worker for https://www.geoportal-raumordnung-bw.de/ows/services... (no keepalive) [<date>] [proxy:debug] mod_proxy.c(1453): AH01142: Trying to run scheme_handler against proxy [<date>] [proxy:debug] proxy_util.c(2531): AH00942: https: has acquired connection for (*) [<date>] [proxy:debug] proxy_util.c(2587): AH00944: connecting https://www.geoportal-raumordnung-bw.de/ows/services... to www.geoportal-raumordnung-bw.de:443 [<date>] [proxy:debug] proxy_util.c(2810): AH00947: connected /ows/services... to 10.5.20.100:8080 // the ProxyRemote! [<date>] [proxy:trace2] proxy_util.c(3244): https: fam 2 socket created to connect to * [<date>] [proxy:debug] proxy_util.c(3276): AH02824: https: connection established with 10.5.20.1:8080 (*) [<date>] [proxy:debug] proxy_util.c(2903): AH00948: CONNECT: sending the CONNECT request for www.geoportal-raumordnung-bw.de:443 to the remote proxy 10.5.20.100:8080 (10.5.20.100) [<date>] [proxy:debug] proxy_util.c(2959): AH00949: send_http_connect: response from the forward proxy: HTTP/1.0 200 Connection established\r\nProxy-Agent: Fortinet-Proxy/1.0\r\n\r\n [<date>] [proxy:trace1] proxy_util.c(3450): [remote 10.5.20.100:8080] https: set SNI to www.geoportal-raumordnung-bw.de for (10.5.20.100) [<date>] [proxy:debug] proxy_util.c(3462): AH00962: https: connection complete to 10.5.20.100:8080 (10.5.20.100) [<date>] [proxy:debug] proxy_util.c(2546): AH00943: *: has released connection for (*) [<date>] [proxy:debug] proxy_util.c(3386): [remote 10.5.20.100:8080] AH02642: proxy: connection shutdown


Both ´ap_proxy_is_domainname´ and ´proxy_match_domainname´ (the matcher function for domain names) in proxy_util.c seem to be correct.

No Idea what's going on here.

Debian/Ubuntu apply a bunch of patches to the apache2 package. Maybe they patch it to death...

Is there anything else I could be missing?

Regards,

Carsten

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux