Hi krist,thank you very much for your sugestion. It wasn't the only problem with my configuration - I also had "deny from all" in the proxy.conf file - but with the SSLProxy On directive the rewrite now works.
But I still have a problem: the original address isn't kept in the address bar... this is a problem because the proxy is the only external IP address. How can I keep the original address in the browser's address bar? Isn't this possible with the rewrite [P]? I have read that it is possible with an "old fashion" reverse proxy, doesn't the [P] do the same?
Thank you for your time Bruno Teixeira Krist van Besien wrote:
On 2/16/07, Bruno Teixeira <brunoteixa@xxxxxxxxx> wrote:I've been browsing the web for a solution to my problem, but all I can find are similar problems, no solutions... I am using a rewrite rule to rewrite "http://192.168.2.251/secure"; requests to "https://192.168.2.198/";. This works fine, but I don't the user to see the "198 IP", but to always the "251". To accomplish this, I thought I only had to add a "P flag" to the rewrite rule, but when I do so, I get a "403 Forbidden error". I have the proxy module loaded! I would really appreciate some input. Thank you for your time.You're welcome.I get this on the error log: [Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] client denied by server configuration: proxy:https://192.168.2.198 and this on the rewrite log: 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init rewrite engine with requested uri /secure 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite /secure -> https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing proxy-throughput with https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead with proxy request proxy:https://192.168.2.198 [OK]What I see here is that a) your rewrite works, but b) your proxy config has some problems. The problem is that proxying to an https server requires a bit more than just adding a P to a rewrite statement. When proxing to https your apache server has to take on the role of an SSL client, which the standard out of the box apache hasn't been set up for. You need at least the following directives: SSLProxyEngine on SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/ And then in /usr/local/apache2/conf/ssl.crt/ (or whichever dir you configure here) you need to add at least the root certificate of the CA used to sign the SSL certificate you use on your https server. You can find out more about this by reading up on the SSLProxy directives in the manual. Krist
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|