Return-Path: 
 <users-return-45358-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 48689 invoked from network); 22 Sep 2004 00:23:18 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 22 Sep 2004 00:23:18 -0000
Received: (qmail 17626 invoked by uid 500); 22 Sep 2004 00:23:00 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 17545 invoked by uid 500); 22 Sep 2004 00:22:59 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 17528 invoked by uid 99); 22 Sep 2004 00:22:59 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from [67.18.33.34] (HELO cpanel36.gzo.com) (67.18.33.34)
  by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 21 Sep 2004 17:22:57 -0700
Received: from [12.106.42.8] (helo=[172.16.24.112])
	by cpanel36.gzo.com with asmtp (Exim 4.34)
	id 1C9uuJ-00016H-77
	for users@httpd.apache.org; Tue, 21 Sep 2004 19:22:51 -0500
Message-ID: <4150C611.6020801@blackapache.net>
Date: Tue, 21 Sep 2004 17:23:45 -0700
From: bryce <frenchie@blackapache.net>
User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: users@httpd.apache.org
References: <s1505c22.014@gwmail.sannet.gov>
In-Reply-To: <s1505c22.014@gwmail.sannet.gov>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel36.gzo.com
X-AntiAbuse: Original Domain - httpd.apache.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - blackapache.net
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Virus-Checked: Checked
Subject: Re: [users@httpd] proxy server fun
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Thanks for your help on securing my configuration. However it doesn't 
solve the probelm.

The client still sees "http://intranet.company.com" in their address bar 
after going through my proxy.

thanks for the quick responce none the less,

bryce

Rick Scherer wrote:
> Turn ProxyRequests off...that is a very big security hole.   You also do not need to specify the port. Give this a try
> 
> <VirtualHost _default:444>
> ProxyRequests off
> ProxyPass / http://intranet.company.com/
> ProxyPassReverse / http://intranet.company.com/
> 
> SSLEngine on
> SSLCertificateFile /etc/apache2/conf/ssl/server.crt
> SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
> 
> CacheRoot /var/www/localhost/cache
> CacheSize 128
> </VirtualHost>
> 
> Hopefully that works.
> 
> 
> 
> ------------------------------------------------------------------
> Rick Scherer
> - UNIX Systems Administrator
> - Information Security Specialist
> The City of San Diego - IT&C
> email: rscherer@sandiego.gov
> ------------------------------------------------------------------
> 
> 
>>>>frenchie@blackapache.net 9/21/2004 4:33:03 PM >>>
> 
> Hi All,
> 
> I've got a lot to explain for very little. WHat i'm trying to create is 
> a https proxy. This is what i'm trying to do.
> 
> client <-> https apache server <-> http webshpere server
> 
> SO i created the virtual host:
> 
> <VirtualHost _default_:444>
>           ProxyRequests on
> 	 ProxyPass	     /       http://intranet.company.com:80/ 
>           ProxyPassReverse    /       http://intranet.company.com:80/ 
> 
>           DocumentRoot /var/www/localhost/vhosts/
> 
>           SSLEngine on
>           SSLCertificateFile /etc/apache2/conf/ssl/server.crt
>           SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
> 
>           CacheRoot /var/www/localhost/cache
>           CacheSize 128
> </VirtualHost>
> 
> What happens is that the user is asked to connect in https, but then 
> gets passed directory to the server, and then completely by-passes my 
> proxy all together.
> 
> How must i change up my config file so that the user stays within the 
> proxy at all times( and stay encrypted).
> 
> Thanks in advance
> 
> bryce
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org 
> For additional commands, e-mail: users-help@httpd.apache.org 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org