httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bryce <frenc...@blackapache.net>
Subject Re: [users@httpd] proxy server fun
Date Wed, 22 Sep 2004 00:39:56 GMT
I don't know if this is related( tar & feather me if it is)

But in the html, there is javascript that access "intranet.company.net" 
with a hardcoded URL http://intranet.company.com/scripts/somescript.js"

Could this be ther reason that my proxy gets supersceded? And if it is, 
how do i work around it to have my clients stay behind the proxy?

thanks,
bryce

Rick Scherer wrote:
> Turn ProxyRequests off...that is a very big security hole.   You also do not need to
specify the port. Give this a try
> 
> <VirtualHost _default:444>
> ProxyRequests off
> ProxyPass / http://intranet.company.com/
> ProxyPassReverse / http://intranet.company.com/
> 
> SSLEngine on
> SSLCertificateFile /etc/apache2/conf/ssl/server.crt
> SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
> 
> CacheRoot /var/www/localhost/cache
> CacheSize 128
> </VirtualHost>
> 
> Hopefully that works.
> 
> 
> 
> ------------------------------------------------------------------
> Rick Scherer
> - UNIX Systems Administrator
> - Information Security Specialist
> The City of San Diego - IT&C
> email: rscherer@sandiego.gov
> ------------------------------------------------------------------
> 
> 
>>>>frenchie@blackapache.net 9/21/2004 4:33:03 PM >>>
> 
> Hi All,
> 
> I've got a lot to explain for very little. WHat i'm trying to create is 
> a https proxy. This is what i'm trying to do.
> 
> client <-> https apache server <-> http webshpere server
> 
> SO i created the virtual host:
> 
> <VirtualHost _default_:444>
>           ProxyRequests on
> 	 ProxyPass	     /       http://intranet.company.com:80/ 
>           ProxyPassReverse    /       http://intranet.company.com:80/ 
> 
>           DocumentRoot /var/www/localhost/vhosts/
> 
>           SSLEngine on
>           SSLCertificateFile /etc/apache2/conf/ssl/server.crt
>           SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
> 
>           CacheRoot /var/www/localhost/cache
>           CacheSize 128
> </VirtualHost>
> 
> What happens is that the user is asked to connect in https, but then 
> gets passed directory to the server, and then completely by-passes my 
> proxy all together.
> 
> How must i change up my config file so that the user stays within the 
> proxy at all times( and stay encrypted).
> 
> Thanks in advance
> 
> bryce
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org 
> For additional commands, e-mail: users-help@httpd.apache.org 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message