httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: bug in mod_proxy(_connect)?
Date Thu, 06 Aug 2009 22:12:16 GMT


On 08/06/2009 07:50 PM, Tom Wilkie wrote:
> Hi
> 
> Bear with me, I'm new to this list.  I think I've found a bug in
> mod_proxy / mod_proxy_connect.
> 
> I'm running apache in both forward and reverse proxy mode.  The idea is
> :- reverse proxy gives people outside firewall access to websites on
> different VMs inside via one IP, and forward proxy is to allow them to
> log in via ssh.
> 
> A trimmed down conf file:
> 
> ======
> 
> NameVirtualHost *:443
> 
> SSLCertificateFile /etc/apache2/ssl/default-ssl
> 
> LogLevel debug
> ErrorLog /var/log/apache2/error.log
> CustomLog /var/log/apache2/access.log combined
> 
> <VirtualHost *:443>
>       SSLEngine on
>       ServerName proxy.domain.com
> 
>       ProxyRequests on
>       AllowCONNECT 22
>       ProxyVia on
> 
>       <Proxy *.domain.com>
>               AuthType Basic
>               AuthBasicProvider ldap
>               AuthName "Domain"
> 
>               AuthzLDAPAuthoritative   off
>               AuthLDAPURL
> "ldap://ldap.domain.com/ou=People,dc=domain,dc=com"
>               Require valid-user
>       </Proxy>
> </VirtualHost>
> 
> <VirtualHost *:443>
>       SSLEngine on
>       ServerName wiki.domain.com
>       ProxyPass / http://wiki.domain.com/
> 
>       <Location />
>                  AuthType Basic
>                  AuthBasicProvider ldap
>                  AuthName "Domain"
> 
>                  AuthzLDAPAuthoritative   off
>                  AuthLDAPURL
> "ldap://ldap.domain.com/ou=People,dc=domain,dc=com"
>                  Require valid-user
>       </Location>
> </VirtualHost>
> 
> =======
> 
> SSH connects fine if the second <VirtualHost> clause isn't there, but
> fails if it is:

Try reversing the order of the VirtualHosts in your config. The CONNECT
method always falls into the default virtual host.

Regards

RĂ¼diger


Mime
View raw message