Problem solved was Re: [users@httpd] Problem configuring proxy (forbidden error locally)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

We figured out the problem.

As mentioned earlier, we were using the Redhat Apache 2.0.52 (httpd) RPM.

Apparently, that doesn't come with mod_ssl support (either built-in or DSO), but we had the ProxyPass/ProxyPassReverse directives pointing to SSO/https URLs, i.e., the Apache2 had no support for SSL at all.

We modified the ProxyPass/ProxyPassReverse directives to point to non-SSL URLs, and that eliminated the 403/Forbidden errors.

So, the bottom line was that pointing the ProxyPass/ProxyPassReverse to SSL URLs, when the Apache didn't have SSL support, causes Apache2 to respond with 403/Forbidden responses...

Thanks,
Jim




--- On Wed, 2/9/11, o haya <ohaya@xxxxxxxxx> wrote:

> From: o haya <ohaya@xxxxxxxxx>
> Subject: Re:  Problem configuring proxy (forbidden error locally)
> To: users@xxxxxxxxxxxxxxxx
> Date: Wednesday, February 9, 2011, 11:09 PM
> Hi,
> 
> BTW, to help guide me on what to look for, my understanding
> is that there are basically two things that can cause Apache
> to provide the 403/Forbidden response:
> 
> - Linux permissions
> - Something in the Apache .conf files that sets a "deny"
> 
> For the former, and assuming the we don't have any local
> resources in the <VirtualHost>s (i.e., no
> <DocumentRoot>), and only a bunch of
> ProxyPass/ProxyPassReverse directives, I think that the
> <VirtualHost> would "inherit" the <DocumentRoot>
> from the server configuration, so what we'd have to do is to
> look at where the <DocumentRoot> is pointing to, and
> confirm that the user and group specified in the User and
> Group directives in the Apache .conf files have
> read/write/execute perms on that and all of its parent
> directories.
> 
> Is that correct?
> 
> For the latter, we need to look for all "deny", and check
> that none of them apply to the <Location> directives
> in the <VirtualHost> sections.
> 
> Is that correct?
> 
> Thanks,
> Jim
> 
> 
> --- On Wed, 2/9/11, o haya <ohaya@xxxxxxxxx>
> wrote:
> 
> > From: o haya <ohaya@xxxxxxxxx>
> > Subject: Re:  Problem configuring proxy
> (forbidden error locally)
> > To: users@xxxxxxxxxxxxxxxx
> > Date: Wednesday, February 9, 2011, 10:23 PM
> > Eric,
> > 
> > Sorry for that.  The system is at work, so I'll have
> > to get that tomorrow.
> > 
> > Jim
> > 
> > 
> > --- On Wed, 2/9/11, Eric Covener <covener@xxxxxxxxx>
> > wrote:
> > 
> > > From: Eric Covener <covener@xxxxxxxxx>
> > > Subject: Re:  Problem configuring
> proxy
> > (forbidden error locally)
> > > To: users@xxxxxxxxxxxxxxxx
> > > Date: Wednesday, February 9, 2011, 9:58 PM
> > > On Wed, Feb 9, 2011 at 8:26 PM, o
> > > haya <ohaya@xxxxxxxxx>
> > > wrote:
> > > >
> > > > Hi Eric and Igor,
> > > > The Apache proxy logs show "403" errors.
> > > 
> > > Don't paraphrase the logs. Include them verbatim
> in
> > your
> > > response.
> > > 
> > >
> >
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the
> Apache
> > HTTP
> > > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more
> > > info.
> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > 
> > > 
> > 
> > 
> > 
> > 
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 


      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux