> On Tue, 15 Mar 2005 11:29:53 +0100 (CET), Vincent Blondel > <vincent@xxxxxxxxxxxx> wrote: >> We recently decided to set up a dmz in our infrastructure and I have >> chosen to use openbsd 3.6 with built in apache 1.3.29 ( compiled and >> hardened by the OpenBSD team ) with mod_proxy / mod_security and >> mod_rewrite. >> >> So before setting up all this in a real life world, I currently spend my >> time to let this configuration work in our developement lan. >> >> So let's immagine I get next infrastructure : >> >> reverse proxy real internal web server >> rproxy1.example.net -----> iweb1.example.net ( example.org ) >> 192.168.1.25:80 192.168.1.19:80 >> >> So, as you can see it, we just would like to forward all internet >> incoming >> traffic ( port 80 ) from our external web server ( rproxy1.example.net ) >> to our internal web server ( iweb1.example.net ). >> >> iweb1.example.net hosts example.net and example.org ( configured by >> VirtualHost ). iweb1 runs with FreeBSD 4.10 and apache 1.3.33. A last >> detail, we do not use any firewall in this configuration. This is just >> to >> make the configuration more easy. >> >> So I am trying a configuration but it doesn't work. Please find below >> the >> configuration > > There are a few problems here: > > 1. The OpenBSD version of apache is not really apache anymore. It is > a forked version with openbsd-specific changes. So it will be > difficult for us to help you on this list, since we know only about > the real apache and we don't know anything about the openbsd changes. > Normally OpenBSD developers didn't change anything about the syntax configuration from the Apache Foundation but there are well some security improvements bring by the OpenBSD Team but I don't think this is important in our case ??? > 2. "it doesn't work" is a very bad way to ask a question. We need to > know exactly what you tried, and exactly what happened, including > relevant excerpts from the error log, access log, and config files. > You are right so ... What I really tried is such as I said it my real webserver runs whith FreeBSD and hosts some domains and for each of them one or more hosts, for example : www.example.net ftp.example.net mail.example.net mirror.example.org ... so to test my configuration I manually added on my workstation in /etc/hosts 192.168.1.25 www.example.net ftp mail 192.168.1.25 mirror.example.org So I now send all my http packets to the proxy and not directly to the FreeBSD web server. ... and when I test to browse any website hosted on my real web server ( naturally now through my proxy OpenBSD machine because /etc/hosts ) I am always redirected to the first VirtualHost I defined on my real waeb server, so in this case www.example.net www.example.net | ftp.example.net |______> www.example.net mail.example.net | mirror.example.net | This naturally implies next error. When I try to browse http://mail.example.net/login/ I get an error saying /login/ doesn't exist because this directory only exists on mail.example.net :( > 3. Notice I said "relevant excerpts". Please don't dump your complete > config file here and except us to sift through it looking for the > important stuff. OK > > Sorry if this answer is not what you where looking for, but you need > to help us out a little if you want us to help you. > > Joshua. I hope this can be helpful for you ... and for me :) Vincent > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > -- Vincent Blondel homepage : http://jlang.dyndns.org registered LFS user : 7485 http://www.linuxfromscratch.org maintainer : http://oryx.xtra-net.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|