RE: ProxyPass and Internal URLs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi 

Thanks for the quick response.

<snip>
It sounds like your ProxyPassReverse failed to do the right thing, and
a redirect leaked out. I assume for most users, "internaladdress1.com"
in the browser would be game over.
</snip>

Yes, internaladdress1.com is not routable or resolvable unless you are on the LAN, it is an independent and random address and domain. The browser trying to get there results in the 404.

<snip>
I assume you have NameVirtualHost 0.0.0.0:443 (your symptom doesn't
match this error, but it's a common error)

Can you paste apache2ctl (or apachectl/httpd) -S ?
</snip>

I am using SMEServer 7.4 distro and there is no apachectl on the volume. The output of httpd -S is here:

[root@server11 /]# /usr/sbin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server internaladdress1.com (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost internaladdress1.com (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost publicaddress1.com (/etc/httpd/conf/httpd.conf:701)
         port 443 namevhost publicaddress2.com (/etc/httpd/conf/httpd.conf:799)
         port 443 namevhost host1.publicaddress2.com (/etc/httpd/conf/httpd.conf:1103)
         port 443 namevhost host2.publicaddress2.com (/etc/httpd/conf/httpd.conf:1120)
*:80                   is a NameVirtualHost
         default server internaladdress1.com (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost internaladdress1.com (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost publicaddress1.com (/etc/httpd/conf/httpd.conf:654)
         port 80 namevhost publicaddress2.com (/etc/httpd/conf/httpd.conf:752)
         port 80 namevhost host1.publicaddress2.com (/etc/httpd/conf/httpd.conf:1097)
         port 80 namevhost host2.publicaddress2.com (/etc/httpd/conf/httpd.conf:1114)
Syntax OK
[root@server11 /]#

As you can see, I have everything on a private LAN and I enjoy the security benefits of reverse proxy. The publicaddress1 and publicaddress2 are both domains I own. Everything resolves to a fixed address I own and I use the Apache server to send the incoming requets to either an Exchange box (host1) or another SMEServer (host2), depending on the FQDN. Everything works except OSCommerce on another SMEServer 7.4 (host2).

OSCommerce requires that from the web the users and administrator can 'see' FQDN/oscommerce and FQDN/oscommerce/admin. I was hoping that PROXYPASS would allow everything from / to be proxy'd out, but looking at how Exchange is reverse proxy'd (each virtual directory is explicitly detailed), I added a few lines into the PROXYPASS statement to explicitly handle /oscommerce and /oscommerce/admin as well as / and it works!

I am not sure if this is a short comming of reverse proxy HTTPS (because it works fine in HTTP for any non-explicit virtual directory), or I have misread or misinterpreted the documentation.

I am okay with it as it is now, because ultimately, this means only explicit redirects work, which is a security feature for me, but perhaps somebody else wants to make this work if it is indeed a problem with code.

For reference, I did have to enable SSL proxy:

SSLProxyEngine on

before any of the PROXYPASS stuff would work in HTTPS.

Many thanks for all your help, I am very happy with the product and most definitely the support.

I am also happy this is resolved, unless somebody else is concerned that each Virtual Directoy needs to be explicit.

Gund
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux