httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob De Langhe" <rob.delan...@telindus.be>
Subject [users@httpd] reverse proxy OK for some targets, not for others
Date Tue, 18 May 2004 07:29:48 GMT
Hi,

I have bizarre phenomenon : I configured Apache2 as reverse HTTPS proxy to certain distant
targets, using Virtualhosts directives.

This works fine for certain targets, but not for others, altough the directives in my httpd.conf
are identical (see below).
The errors I get for the targets that do not work, are like

[Tue May 18 07:15:41 2004] [error] [client IP_ADDR_BROWSER] [mod_auth_ldap.c] - do we have
anonymous access? no user found for: admin
[Tue May 18 07:15:41 2004] [error] [client IP_ADDR_BROWSER] [mod_auth_ldap.c] - do we have
anonymous access? no user found for: admin
[Tue May 18 07:15:45 2004] [error] [client IP_ADDR_BROWSER] [mod_auth_ldap.c] - do we have
anonymous access? no user found for: admin
[Tue May 18 07:15:45 2004] [error] [client IP_ADDR_BROWSER] [mod_auth_ldap.c] - do we have
anonymous access? no user found for: admin
[Tue May 18 07:15:45 2004] [error] [client IP_ADDR_BROWSER] [mod_auth_ldap.c] - do we have
anonymous access? no user found for: admin
...

(sorry, but had to mimic the IP-address of the browser with "IP_ADDR_BROWSER")

Extract of httpd.conf (again, had to mimic the IP-addresses of the target, distant servers):
- targets "a0603001n001", "a0603003n003", "a0603005n005" and "a0603006n006" work fine
- targets "a0603002n002" and "a0603004n004" give me the above authentication error. If we
connect directly to those machines with a web-browser, all works ok. So it must have something
to do with the intermediate reverse proxy. But since the directives are identical (see below),
I can't figure out what could be wrong.

 
ServerName  ta06030011
SSLCertificateFile      /usr/local/apache2.rproxy/conf/ta06030011.cert
SSLCertificateKeyFile   /usr/local/apache2.rproxy/conf/ta06030011.key
<Location />
      Options     None
      AuthType    Basic
      UID_Attr    uid
      AuthName    "our-rproxy authentication"
      Base_DN     "dc=my,dc=company,dc=com"
      LDAP_Server ldap1.my.company.com
      Order allow,deny
      LDAP_Port   389
      Allow from all
      Require     valid-user
</Location>
<VirtualHost *>
      SSLProxyEngine    on
      ServerName  a0603001n001.my.company.com
      ErrorLog    logs/error_log.a0603001n001
      CustomLog   logs/access_log.a0603001n001 common
      ServerAlias a0603001n001
      ServerAlias https://a0603001n001
      ServerAlias https://a0603001n001.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET1/
      ProxyPassReverse  / https://IP_ADDR_TARGET1/
</VirtualHost>
<VirtualHost *>
      SSLProxyEngine    on
      ServerName  a0603002n002.my.company.com
      ErrorLog    logs/error_log.a0603002n002
      CustomLog   logs/access_log.a0603002n002 common
      ServerAlias a0603002n002
      ServerAlias https://a0603002n002
      ServerAlias https://a0603002n002.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET2/
      ProxyPassReverse  / https://IP_ADDR_TARGET2/
</VirtualHost>
<VirtualHost *>
      SSLProxyEngine    on
      ServerName  a0603003n003.my.company.com
      ErrorLog    logs/error_log.a0603003n003
      CustomLog   logs/access_log.a0603003n003 common
      ServerAlias a0603003n003
      ServerAlias https://a0603003n003
      ServerAlias https://a0603003n003.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET3/
      ProxyPassReverse  / https://IP_ADDR_TARGET3/
</VirtualHost>
<VirtualHost *>
      ErrorLog    logs/error_log.a0603004n004
      ServerName  a0603004n004.my.company.com
      SSLProxyEngine    on
      CustomLog   logs/access_log.a0603004n004 common
      ServerAlias a0603004n004
      ServerAlias https://a0603004n004
      ServerAlias https://a0603004n004.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET4/
      ProxyPassReverse  / https://IP_ADDR_TARGET4/
</VirtualHost>
<VirtualHost *>
      SSLProxyEngine    on
      ServerName  a0603005n005.my.company.com
      ErrorLog    logs/error_log.a0603005n005
      CustomLog   logs/access_log.a0603005n005 common
      ServerAlias a0603005n005
      ServerAlias https://a0603005n005
      ServerAlias https://a0603005n005.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET5/
      ProxyPassReverse  / https://IP_ADDR_TARGET5/
</VirtualHost>
<VirtualHost *>
      ErrorLog    logs/error_log.a0603006n006
      ServerName  a0603006n006.my.company.com
      SSLProxyEngine    on
      CustomLog   logs/access_log.a0603006n006 common
      ServerAlias a0603006n006
      ServerAlias https://a0603006n006
      ServerAlias https://a0603006n006.my.company.com
      ProxyPass   / https://IP_ADDR_TARGET6/
      ProxyPassReverse  / https://IP_ADDR_TARGET6/
</VirtualHost>
 


Hoping for plenty of suggestions !

Thx in advance!!

Rob

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message