On 2/16/07, Bruno Teixeira <brunoteixa@xxxxxxxxx> wrote:
I've been browsing the web for a solution to my problem, but all I can find are similar problems, no solutions... I am using a rewrite rule to rewrite "http://192.168.2.251/secure"; requests to "https://192.168.2.198/";. This works fine, but I don't the user to see the "198 IP", but to always the "251". To accomplish this, I thought I only had to add a "P flag" to the rewrite rule, but when I do so, I get a "403 Forbidden error". I have the proxy module loaded! I would really appreciate some input. Thank you for your time.
You're welcome.
I get this on the error log: [Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] client denied by server configuration: proxy:https://192.168.2.198 and this on the rewrite log: 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init rewrite engine with requested uri /secure 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite /secure -> https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing proxy-throughput with https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead with proxy request proxy:https://192.168.2.198 [OK]
What I see here is that a) your rewrite works, but b) your proxy config has some problems. The problem is that proxying to an https server requires a bit more than just adding a P to a rewrite statement. When proxing to https your apache server has to take on the role of an SSL client, which the standard out of the box apache hasn't been set up for. You need at least the following directives: SSLProxyEngine on SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/ And then in /usr/local/apache2/conf/ssl.crt/ (or whichever dir you configure here) you need to add at least the root certificate of the CA used to sign the SSL certificate you use on your https server. You can find out more about this by reading up on the SSLProxy directives in the manual. Krist -- krist.vanbesien@xxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|