Hi there,I didn't use AllowCONNECT. The problem was that I loaded the module with "a2enmod" and the default configuration is "deny from all". Anyway, it works now but, the address at the top changes to the redirected address... Shouldn' it always keep the original address? This is a problem, because in the future only the original IP address will be "external".
Thank you for your time. Bruno Teixeira Chirouze Olivier wrote:
Hi, I already had this but can't manage to find back the solution. I have two clues, thought: - you should have ProxyRequests Off to both of your virtualhosts (or at least, the first one). - I guess you did, but just in case, did you load module "proxy_http_module"? Last thing, I've recently found directive "AllowCONNECT", haven't had time to play with it, but that might be useful. (Might also need mod_proxy_connect). Please tell us if one of these helped! Olivier Olivier CHIROUZE I&0 Infrastructure Volvo Information Technology-----Original Message-----From: Bruno Teixeira [mailto:brunoteixa@xxxxxxxxx] Sent: 16 February 2007 13:17To: users@xxxxxxxxxxxxxxxx Subject: 403 Forbidden error with rewrite [P] flag Hi there, I've been browsing the web for a solution to my problem, but all I can find are similar problems, no solutions... I am using a rewrite rule to rewrite "http://192.168.2.251/secure"; requests to "https://192.168.2.198/";. This works fine, but I don't theuser to see the "198 IP", but to always the "251". To accomplish this, I thought I only had to add a "P flag" to the rewrite rule, but when I doso, I get a "403 Forbidden error". I have the proxy module loaded! I would really appreciate some input. Thank you for your time. I get this on the error log:[Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] client deniedby server configuration: proxy:https://192.168.2.198 and this on the rewrite log: 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000][192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init rewrite enginewith requested uri /secure 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000][192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite /secure ->https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000] [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing proxy-throughput with https://192.168.2.198 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000][192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead with proxyrequest proxy:https://192.168.2.198 [OK] Here are both of the Virtual hosts: <VirtualHost 192.168.2.251:80> ServerAdmin webmaster@localhost ServerName 192.168.2.251 DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # Uncomment this directive is you want to see apache2's# default start page (in /apache2-default) when you go to /RedirectMatch ^/$ /site </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log# Possible values include: debug, info, notice, warn, error, crit,# alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On RewriteEngine on RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^/secure(.*)$ https://192.168.2.198$1 [L]# RewriteRule ^/secure(.*)$ https://192.168.2.198$1 [L,P] this rulegives the error RewriteLog "/var/log/apache2/rewrite.log" RewriteLogLevel 2 Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> <VirtualHost 192.168.2.198:443> ServerAdmin webmaster@localhost ServerName 192.168.2.198 SSLEngine On SSLCertificateFile /etc/apache2/ssl/198.crt SSLCertificateKeyFile /etc/apache2/ssl/198.key DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all RedirectMatch ^/$ /site </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log# Possible values include: debug, info, notice, warn, error, crit,# alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> Bruno Teixeira ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|