There should be a mod_ssl RPM available for the Apache RPM which enables mod_ssl. [root@myhost ~]# yum search apache | grep ssl mod_ssl.i386 : SSL/TLS module for the Apache HTTP server >---- Original Message ---- >From: o haya <ohaya@xxxxxxxxx> >To: users@xxxxxxxxxxxxxxxx >Sent: Thu, Feb 10, 2011, 3:24 PM >Subject: Problem solved was Re: [users@httpd] Problem configuring proxy (forbidden error locally) > >Hi, > >We figured out the problem. > >As mentioned earlier, we were using the Redhat Apache 2.0.52 (httpd) RPM. > >Apparently, that doesn't come with mod_ssl support (either built-in or DSO), but we had the ProxyPass/ProxyPassReverse directives pointing to SSO/https URLs, i.e., the Apache2 had no support for SSL at all. > >We modified the ProxyPass/ProxyPassReverse directives to point to non-SSL URLs, and that eliminated the 403/Forbidden errors. > >So, the bottom line was that pointing the ProxyPass/ProxyPassReverse to SSL URLs, when the Apache didn't have SSL support, causes Apache2 to respond with 403/Forbidden responses... > >Thanks, >Jim > > > > >--- On Wed, 2/9/11, o haya <ohaya@xxxxxxxxx> wrote: > >> From: o haya <ohaya@xxxxxxxxx> >> Subject: Re: Problem configuring proxy (forbidden error locally) >> To: users@xxxxxxxxxxxxxxxx >> Date: Wednesday, February 9, 2011, 11:09 PM >> Hi, >> >> BTW, to help guide me on what to look for, my understanding >> is that there are basically two things that can cause Apache >> to provide the 403/Forbidden response: >> >> - Linux permissions >> - Something in the Apache .conf files that sets a "deny" >> >> For the former, and assuming the we don't have any local >> resources in the <VirtualHost>s (i.e., no >> <DocumentRoot>), and only a bunch of >> ProxyPass/ProxyPassReverse directives, I think that the >> <VirtualHost> would "inherit" the <DocumentRoot> >> from the server configuration, so what we'd have to do is to >> look at where the <DocumentRoot> is pointing to, and >> confirm that the user and group specified in the User and >> Group directives in the Apache .conf files have >> read/write/execute perms on that and all of its parent >> directories. >> >> Is that correct? >> >> For the latter, we need to look for all "deny", and check >> that none of them apply to the <Location> directives >> in the <VirtualHost> sections. >> >> Is that correct? >> >> Thanks, >> Jim >> >> >> --- On Wed, 2/9/11, o haya <ohaya@xxxxxxxxx> >> wrote: >> >> > From: o haya <ohaya@xxxxxxxxx> >> > Subject: Re: Problem configuring proxy >> (forbidden error locally) >> > To: users@xxxxxxxxxxxxxxxx >> > Date: Wednesday, February 9, 2011, 10:23 PM >> > Eric, >> > >> > Sorry for that. The system is at work, so I'll have >> > to get that tomorrow. >> > >> > Jim >> > >> > >> > --- On Wed, 2/9/11, Eric Covener <covener@xxxxxxxxx> >> > wrote: >> > >> > > From: Eric Covener <covener@xxxxxxxxx> >> > > Subject: Re: Problem configuring >> proxy >> > (forbidden error locally) >> > > To: users@xxxxxxxxxxxxxxxx >> > > Date: Wednesday, February 9, 2011, 9:58 PM >> > > On Wed, Feb 9, 2011 at 8:26 PM, o >> > > haya <ohaya@xxxxxxxxx> >> > > wrote: >> > > > >> > > > Hi Eric and Igor, >> > > > The Apache proxy logs show "403" errors. >> > > >> > > Don't paraphrase the logs. Include them verbatim >> in >> > your >> > > response. >> > > >> > > >> > >> --------------------------------------------------------------------- >> > > The official User-To-User support forum of the >> Apache >> > HTTP >> > > Server Project. >> > > See <URL:http://httpd.apache.org/userslist.html> for more >> > > info. >> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> > > ÂÂÂ"ÂÂÂfrom the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > >> > > >> > >> > >> > >> > >> > >> --------------------------------------------------------------------- >> > The official User-To-User support forum of the Apache >> HTTP >> > Server Project. >> > See <URL:http://httpd.apache.org/userslist.html> for more >> > info. >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> > ÂÂÂ"ÂÂÂfrom the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > >> > >> >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >> Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more >> info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> ÂÂÂ"ÂÂÂfrom the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP Server Project. >See <URL:http://httpd.apache.org/userslist.html> for more info. >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|