httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edmon Begoli <ebeg...@gmail.com>
Subject [users@httpd] Firewall settings for mod_jk
Date Fri, 11 Feb 2005 03:20:03 GMT
Hi,

With Apache2 is going to send requests to Tomcat's port 8009 via Ajp13.

Is there any way to know ahead to which port Tomcat is going to respond, 
or is mod_jk
connecting from truly random high ports?

I would like to be as restrictive as possible on the firewall.

Thank you,
Edmon


Bill Scherer wrote:

> Hello -
>
> I have a need to reverse proxy to a site outside of our network.  It 
> is accesible only via proxy. And only via https.
>
> I've referenced a previous post on this topic:
>    
> http://marc.theaimsgroup.com/?l=apache-httpd-users&m=110442942307956&w=2
>
> Below, with names changed, is the relevant config section.
>
> <VirtualHost *:9393>
>
>  SSLProxyEngine on
>
>  ProxyRemote * http://<proxyIP>:<proxyPort>
>
>  ProxyPass / https://<remoteHost>/
>  ProxyPassReverse / https://<remoteHost>/
>
> </VirtualHost>
>
> It doesn't work, and what I'm seeing is this:  When I connect to the 
> remote host through our proxy with a browser, and sniff the 
> communication, I see the triple handshake, then a PSH containing a 
> CONNECT request going to the forward proxy in clear text, and it all 
> works fine.  When I request the Apache reverse proxy to get a page for 
> me from that site, I see the triple handshake between the reverse 
> proxy machine and the forward proxy machine, and then a PSH from the 
> reverse proxy to the forward proxy that appears to be SSL encrypted 
> data. After that, the forward proxy no longer responds, and the 
> reverse proxy re-transmits for five minutes before giving up. I was 
> expecting to see a clear text CONNECT, just as the browser.
>
> Maybe I'm reading it wrong, but my understanding from the post 
> reference above is that this should work.
>
> Any ideas?
>
> Apache is 2.0.50, running on RHAS2.1. The forward proxy is some 
> Microsoft product, as far as I can tell.
>
> Thanks in advance.
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message