httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Scherer" <rsche...@sddpc.org>
Subject Re: [users@httpd] proxy server fun
Date Tue, 21 Sep 2004 23:51:20 GMT
Turn ProxyRequests off...that is a very big security hole.   You also do not need to specify
the port. Give this a try

<VirtualHost _default:444>
ProxyRequests off
ProxyPass / http://intranet.company.com/
ProxyPassReverse / http://intranet.company.com/

SSLEngine on
SSLCertificateFile /etc/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key

CacheRoot /var/www/localhost/cache
CacheSize 128
</VirtualHost>

Hopefully that works.



------------------------------------------------------------------
Rick Scherer
- UNIX Systems Administrator
- Information Security Specialist
The City of San Diego - IT&C
email: rscherer@sandiego.gov
------------------------------------------------------------------

>>> frenchie@blackapache.net 9/21/2004 4:33:03 PM >>>
Hi All,

I've got a lot to explain for very little. WHat i'm trying to create is 
a https proxy. This is what i'm trying to do.

client <-> https apache server <-> http webshpere server

SO i created the virtual host:

<VirtualHost _default_:444>
          ProxyRequests on
	 ProxyPass	     /       http://intranet.company.com:80/ 
          ProxyPassReverse    /       http://intranet.company.com:80/ 

          DocumentRoot /var/www/localhost/vhosts/

          SSLEngine on
          SSLCertificateFile /etc/apache2/conf/ssl/server.crt
          SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key

          CacheRoot /var/www/localhost/cache
          CacheSize 128
</VirtualHost>

What happens is that the user is asked to connect in https, but then 
gets passed directory to the server, and then completely by-passes my 
proxy all together.

How must i change up my config file so that the user stays within the 
proxy at all times( and stay encrypted).

Thanks in advance

bryce

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message