Am Freitag 06 August 2010, 21:48:15 schrieb Joost de Heer:
> On 08/06/2010 09:16 PM, Florian Lindner wrote:
> > Hello!
> >
> > I want to set up an local ssl proxy. I have an certificate for
> > *.centershock.net and want domains like xgm.de to be accessible with SSL.
>
> You do realise that only the connection to the reverse proxy is encrypted?
> The connection from the proxy to the source server is still unencrypted.
Yes. Both hosts are always on the same machine and have the same IP.
> > I added an rewrite entry to my SSL virtual host:
> > RewriteEngine On
> > RewriteLog /var/log/apache2/sslproxy.log
> > RewriteLogLevel 6
> >
> > RewriteMap domains txt:/etc/apache2/sslproxy.map
> >
> > RewriteCond %{HTTP_HOST} ^(.*-.*)\..*\..* [NC]
> > RewriteRule ^(.+)$ http://${domains:%1}$1 [P,L]
> >
> > The sslproxy.map:
> > xgm-de xgm.de
>
> Looks fine
>
> > ProxyRequests On
>
> You have a reverse proxy, don't turn proxyrequests on.
Ok, I set it to Off.
>
> > <Proxy *>
> >
> > AddDefaultCharset off
> > Order deny,allow
> > Deny from all
> > Allow from centershock.net
> >
> > </Proxy>
>
> Does the IP address of the client have a PTR record?
Yes, points to shiva.centershock.net
> > Now I expect that I can access http://xgm.de/forum/ from
> > https://xgm.centershock.net/forum/ but all I get is a 403 error
> > everywhere.
>
> > The RewriteLog looks fine:
> And what does the errorlog say?
Ok, it is a permissions problem: client denied by server configuration:
Setting "Allow from all" makes it work. Clearly not an permanent option, is
it?
The proxy should work for any request from any client that matches the rules.
Thanks,
Florian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|