Hi,
I already had this but can't manage to find back the solution.
I have two clues, thought:
- you should have ProxyRequests Off to both of your virtualhosts (or at
least, the first one).
- I guess you did, but just in case, did you load module
"proxy_http_module"?
Last thing, I've recently found directive "AllowCONNECT", haven't had
time to play with it, but that might be useful. (Might also need
mod_proxy_connect).
Please tell us if one of these helped!
Olivier
Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology
> -----Original Message-----
> From: Bruno Teixeira [mailto:brunoteixa@xxxxxxxxx]
> Sent: 16 February 2007 13:17
> To: users@xxxxxxxxxxxxxxxx
> Subject: 403 Forbidden error with rewrite [P] flag
>
> Hi there,
>
> I've been browsing the web for a solution to my problem, but all I can
> find are similar problems, no solutions...
>
> I am using a rewrite rule to rewrite "http://192.168.2.251/secure";
> requests to "https://192.168.2.198/";. This works fine, but I don't the
> user to see the "198 IP", but to always the "251". To
> accomplish this, I
> thought I only had to add a "P flag" to the rewrite rule, but
> when I do
> so, I get a "403 Forbidden error". I have the proxy module loaded!
>
> I would really appreciate some input. Thank you for your time.
>
> I get this on the error log:
>
> [Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251]
> client denied
> by server configuration: proxy:https://192.168.2.198
>
> and this on the rewrite log:
>
> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init
> rewrite engine
> with requested uri /secure
> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite
> /secure ->
> https://192.168.2.198
> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing
> proxy-throughput with https://192.168.2.198
> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
> [192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead
> with proxy
> request proxy:https://192.168.2.198 [OK]
>
>
> Here are both of the Virtual hosts:
>
> <VirtualHost 192.168.2.251:80>
> ServerAdmin webmaster@localhost
> ServerName 192.168.2.251
> DocumentRoot /var/www/
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> # Uncomment this directive is you want to see apache2's
> # default start page (in /apache2-default) when
> you go to /
> RedirectMatch ^/$ /site
> </Directory>
>
> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
> <Directory "/usr/lib/cgi-bin">
> AllowOverride None
> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Order allow,deny
> Allow from all
> </Directory>
>
> ErrorLog /var/log/apache2/error.log
>
> # Possible values include: debug, info, notice, warn,
> error, crit,
> # alert, emerg.
> LogLevel warn
>
> CustomLog /var/log/apache2/access.log combined
> ServerSignature On
>
> RewriteEngine on
> RewriteCond %{SERVER_PORT} ^80$
> RewriteRule ^/secure(.*)$ https://192.168.2.198$1 [L]
> # RewriteRule ^/secure(.*)$ https://192.168.2.198$1
> [L,P] this rule
> gives the error
> RewriteLog "/var/log/apache2/rewrite.log"
> RewriteLogLevel 2
>
> Alias /doc/ "/usr/share/doc/"
> <Directory "/usr/share/doc/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride None
> Order deny,allow
> Deny from all
> Allow from 127.0.0.0/255.0.0.0 ::1/128
> </Directory>
> </VirtualHost>
>
>
> <VirtualHost 192.168.2.198:443>
> ServerAdmin webmaster@localhost
> ServerName 192.168.2.198
>
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/198.crt
> SSLCertificateKeyFile /etc/apache2/ssl/198.key
>
>
> DocumentRoot /var/www
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
> <Directory /var/www/>
> Options FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> RedirectMatch ^/$ /site
> </Directory>
>
> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
> <Directory "/usr/lib/cgi-bin">
> AllowOverride None
> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Order allow,deny
> Allow from all
> </Directory>
>
> ErrorLog /var/log/apache2/error.log
>
> # Possible values include: debug, info, notice,
> warn, error, crit,
> # alert, emerg.
> LogLevel warn
>
> CustomLog /var/log/apache2/access.log combined
> ServerSignature On
>
> Alias /doc/ "/usr/share/doc/"
> <Directory "/usr/share/doc/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride None
> Order deny,allow
> Deny from all
> Allow from 127.0.0.0/255.0.0.0 ::1/128
> </Directory>
>
> </VirtualHost>
>
>
> Bruno Teixeira
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|