httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Jeffray <>
Subject Re: [users@httpd] Proxy on multiple ports - 2nd port has less facilities?
Date Wed, 13 Oct 2004 17:14:34 GMT
Alexander Stoll wrote:
> Ian Jeffray schrieb:
>> EXCEPT:  Requests to the proxy on this 2nd port cannot get
>> pages from the websites hosted by apache itself.  Very odd.
>> The requests just get forwarded out of the system, which
>> then cannot find the server in question (it basically tries
>> to request out of our firewall for something which is inside it
>> and should have been handled, so gets blocked there, in any
>> case, I don't want requests going out of the firewall, router,
>> then back in it... that's just silly).
>> Has anyone else come across this issue with the proxy server
>> or have any ideas what may be causing it?
> without further description of your topologie, this sounds like your 
> proxy tries to fetch a page from the site that resolves to an official 
> ip, your system only knows the default route via FW and it is routing 
> the request back "in"...

Yes, that does sound like what it's doing on non-port-80-proxy-requests.
That was my original question.  The request should never get as far as
the firewall machine;  because the name matches the site that apache
itself is hosting, it should serve it directly.

This *DOES* work when talking to the apache proxy on port 80 but not
when talking to it via another "Listen"-assigned port.

> Is your FW performing any NAT for the unproxied HTTP-Host?

Yes, but that's really not the point, the request should never go
anywhere near the FW/NAT.

Clients -> [Proxy|Server] -> Firewall -> Internet

The clients using the proxy, to get to "Server" should never end up
having "Proxy" send a packet to "Firewall"... because it should all
be handled inside apache, and IS handled, for proxy requests on port


ian@puffin $ telnet proxy 80
Connected to proxy.
Escape character is '^]'.

HTTP/1.1 200 OK
<web page from follows as expected>

ian@puffin $ telnet proxy 3128
Connected to proxy.
Escape character is '^]'.

HTTP/1.1 401 Unauthorized
Date: Wed, 13 Oct 2004 17:07:22 GMT
Server: ZyXEL-RomPager/3.02
<http request blocked at firewall as they should never get that far>

Apache listens on both port 80 and 3128.

My question could perhaps be put more simply;   why do proxy requests
to any port other than the "Port" assigned port appear to not go
through the same internal ruleset?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message