httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel E" <emmanue...@gmx.net>
Subject Re: [users@httpd] Proxy on port 80 and 443
Date Sat, 05 Nov 2005 05:42:38 GMT
I think we need to get some things clear.

You want your apache to run as a forward proxy server for both port 80 and 443. By this i
am assuming that you want your browser to reach both port 80 and port 443 on any remote webserver
via your proxy server.

To do this you need to run apache as a proxy on only one port. In your browser you just need
to set proxy to your proxy's (the machine where u are running apache as a proxy) name or ip
and the port to 80. In addition tick the option in your browser which says use the same proxy
for all protocols. This will ensure that your browser will work fine.

This is how a proxy works:

========        plain HTTP request      ====================      proxy sends request to remote
webserver        ==================
Browser  <-------------------------------------->   proxy running on any port    <---------------------------------------------------------------->
    remote webserver
========      proxy sends response   ====================       remote webserver sends response
back to     ==================
displays          back to browser           proxy can check if its a valid       back to proxy
                                               remote webserver processes
response.                                           request and from an allowed          
                                                                the request and sends response
if it has requested                                machine. it also establishes
a secure tunnel                                    a tunnel if the browser has 
then it validates                                   requested access to a secure
the security of the                                (SSL) page. proxy can also scan
tunnel and directly                               the response from the webserver
communicates with the                       and check if its valid and allowed.
remote webserver via the
tunnel established through
the proxy.

i think you can delete the entire section on virtual host :443. Unless you want to run 2 proxy
servers: one running on port 80 and one running on port 443.

apache dosent assume anything! its all waiting to be configured :) but you are probably right
that on port 443 an ssl enabled server is being started by default. this is quite a likely
scenario in most default apache configurations.

Also i doubt you would require the AllowCONNECT to port 80 since usually webservers do not
run secure servers on port 80. The AllowCONNECT is only to allow the browser to establish
a secure tunnel on those ports. If a secure tunnel is being established the proxy cannot check
the request or the response for validity and security.

Hope this helps.

Cheers,
Emmanuel
  ----- Original Message ----- 
  From: Khoa Nguyen 
  To: users@httpd.apache.org 
  Sent: Saturday, November 05, 2005 1:31 AM
  Subject: [users@httpd] Proxy on port 80 and 443


  I am trying to configure apache 2.0 as a forward proxy server for both port 80 and 443.
Below is my config:

  AllowCONNECT 80 443

  <Proxy *>
      Order deny,allow
      Deny from all
      Allow from 172.16 10
  </Proxy>

  NameVirtualHost *:80
  NameVitualHost *:443

  <VirtualHost *:80>
     bla bla bla
  </VirtualHost>

  <VirtualHost *:443>
     bla bla bla
  </VirtualHost>

  ================

  Problem is that the HTTP CONNECT method to <IP Address>:80 works find, but HTTP CONNECT
to <IP Address>:443 returns an error message "Your server doesn't understand the request"
or something similar. What might be the reason? Is it possible that apache assumes HTTPS on
port 443?

  Thanks,
  Khoa 


Mime
View raw message