Hi,
Forgot to update Apache details..
Server version: Apache/2.0.52
Server built: Jan 30 2007 09:56:16
OS : RHEL4 Update 4
Apache : Using Redhat RPM..
Regards,
Lokesh
-----Original Message-----
From: Lokesh K B Reddy
Sent: Tuesday, June 26, 2007 9:54 AM
To: 'users@xxxxxxxxxxxxxxxx'
Cc: 'Owen.Boyle@xxxxxxx'
Subject: RE: mod_proxy for rpc over https
Hi,
Still RPC over HTTPS is not working after adding AllowCONNECT
443. Here is my configuration, with this OWA (Outlook Web Access) is
working fine , only problem with RPC over HTTPS.
<VirtualHost 158.218.128.115:443>
ServerName exchange.sensata.com:443
# This secures the server from being used as a third party
# proxy server
ProxyRequests Off
# Allows the proxying of a SSL connection
AllowCONNECT 443 80 593 60001 60002 60003 60004
SSLProxyEngine On
ProxyVia On
# Header Stuff
AddDefaultCharset UTF-8
RequestHeader unset Accept-Encoding
#RequestHeader set Front-End-Https "On"
HostnameLookups Off
UseCanonicalName Off
# Proxy Preserving the hostname
ProxyPreserveHost On
# SSL Stuff
SSLProtocol All
SSLEngine On
DocumentRoot /opt/www/exchange
# Configuration of RPC over HTTPS #
###
ProxyPass / https://myexch.roof.com/
ProxyPassReverse / https://myexch.roof.com/
CacheDisable *
###
# SSL Certificate #
SSLCertificateFile /opt/www/exchange/exchange.cer
SSLCertificateKeyFile /opt/www/exchange/exchange.key
# Extras Stuff #
###
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
###
# Log file
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" com
CustomLog /opt/www/logs/exchange/access_log combined
env=!dontlog
ErrorLog /opt/www/logs/exchange/error_log
</VirtualHost>
158.218.128.115 --> My Virtual IP address.
Myexch.roof.com --> My F5 Load Balancer
Here is the design structure :
Exterbal IP --> Apache:443(DMZ) --> F5 Load Balancer:443(internal
network)-SSL Offloading --> Exchange Front-end server:80
Here is the website , I say BUG info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
http://issues.apache.org/bugzilla/show_bug.cgi?id=40029
Error Logs :
[Mon Jun 25 17:43:11 2007] [error] (104)Connection reset by peer: proxy:
pass request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun
25 17:45:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:48:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com)
Access Logs :
158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 503 - "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 104 628 "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:06 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 200 128 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 200 128 "-" "MSRPC"
mailbox.roof.com --> My Mailbox server.
Please guide me , how to go further..
Thanks in advance,..
Regards,
Lokesh
-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx]
Sent: Tuesday, June 26, 2007 2:11 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: mod_proxy for rpc over https
> -----Original Message-----
> From: Lokesh K B Reddy [mailto:LokeshR@xxxxxx]
> Sent: Monday, June 25, 2007 11:33 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: mod_proxy for rpc over https
>
> Hi,
>
> Is there any BUG in mod_proxy for RPC over HTTPS,using Apache
> reverse proxy outlook web access is working fine but rpc over https is
> not working .Is there any diffrence configuration is required to setup
> rpc over https using apache reverse proxy .
Try http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect
If that's not it, post back with *lots* more detail about your exact
setup (apache version, OS etc.) and exact description of what "not
working" means (ie, include error_log data).
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
> Please help me out..
>
>
> Regards,
>
>
>
> Lokesh
>
> DISCLAIMER:
> --------------------------------------------------------------
> ---------------------------------------------------------
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> It shall not attach any liability on the originator or HCL or its
> affiliates. Any views or opinions presented in this email are solely
> those of the author and may not necessarily reflect the opinions of
> HCL or its affiliates.
> Any form of reproduction, dissemination, copying, disclosure,
> modification, distribution and / or publication of this message
> without the prior written consent of the author of this e-mail is
> strictly prohibited. If you have received this email in error please
> delete it and notify the sender immediately. Before opening any mail
> and attachments please check them for viruses and defect.
>
> --------------------------------------------------------------
> ---------------------------------------------------------
>
>
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|