Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 31436 invoked from network); 25 Jan 2006 11:00:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Jan 2006 11:00:45 -0000 Received: (qmail 11857 invoked by uid 500); 25 Jan 2006 11:00:24 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 11690 invoked by uid 500); 25 Jan 2006 11:00:24 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 11678 invoked by uid 99); 25 Jan 2006 11:00:23 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jan 2006 03:00:23 -0800 X-ASF-Spam-Status: No, hits=1.0 required=10.0 tests=HTML_MESSAGE,IP_LINK_PLUS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [194.199.73.1] (HELO helios.univ-reunion.fr) (194.199.73.1) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jan 2006 03:00:22 -0800 Received: from [10.75.0.119] (syscsi-dhcp-119.univ.run [10.75.0.119]) by helios.univ-reunion.fr (8.12.9/jtpda-5.4) with ESMTP id k0PAxrp9019755 for ; Wed, 25 Jan 2006 14:59:54 +0400 (GMT+4) Message-ID: <43D758AB.2090001@univ-reunion.fr> Date: Wed, 25 Jan 2006 14:53:31 +0400 From: Annie Dumont User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: fr, en MIME-Version: 1.0 To: users@httpd.apache.org References: <8C29B2F93BAE9047A906EF6D6F9C5D430141652E@exchange2k301.gaia.fr> In-Reply-To: <8C29B2F93BAE9047A906EF6D6F9C5D430141652E@exchange2k301.gaia.fr> Content-Type: multipart/alternative; boundary="------------020809020103080601090002" X-Virus-Scanned: by amavisd-new X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] How to execute cgi on a proxied host ? X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --------------020809020103080601090002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Hi Axel-St�phane, Sorry, i forget to give the apache version : 1.3.31 :-( I don't know if this answer your question, but when i put in a browser http://10.10.10.10/cgi-bin/subrep/file.cgi (host where the cgi-script i want to execute are) it works. When i put http://distant.machine.univ-reunion.fr/cgi-bin/subrep/file.cgi (so the same machine behind a reverse proxy), i get : Forbidden You don't have permission to access /cgi-bin/PBE/list_superfamily.cgi on this server. Apache/1.3.31 Server at [distant.machine].univ-reunion.fr Port 80 Am i false if i think that reverse-proxy does not know where to find the cgi-script on the 10.10.10.10 machine, or is it something else ? i try to put a Directory directive in the virtual host : AllowOverride none Options ExecCGI Order allow,deny Allow from all where /usr/lib/cgi-bin/ is the absolute path to cgi folder on 10.10.10.10 It doesn't work either,and perhaps was it a nut thing to do. So if you have an idea ... Thanks for help. cordialement. annie Axel-St�phane SMORGRAV a �crit : > Annie, > >You do not specify what version of Apache you are using. > >My understanding is that there is a content server somewhere that also hosts cgi-scripts, and you have put a reverse proxy in front of that server. You do NOT want CGI scripts to be executed on the reverse proxy. > >Have you tested against the configuration you outline below and actually found that paths prefixed with /cgi-bin are actually interpreted as CGI-scripts by the reverse proxy? > >Tests I made with Apache 2.0.54 show that it works just fine. The CGI script is NOT executed on the reverse proxy. A quick look at the code of mod_proxy and mod_cgi seems to confirm this since the mod_proxy handler registers all its hooks before mod_cgi (except post_config). > >I suggest you test your configuration below. If you actually do observe that the CGI scripts are executed on the reverse proxy, please report back and we'll look into it again. > >Cordialement, >-ascs > >-----Original Message----- >From: Annie Dumont [mailto:annie.dumont@univ-reunion.fr] >Sent: Wednesday, January 25, 2006 7:17 AM >To: users@httpd.apache.org >Subject: [users@httpd] How to execute cgi on a proxied host ? > >Hi everybody, > >One of our scientist has develop a website with cgi-script, on host with a private adress. >He needs to be readable throught the internet next month. >Is it possible, throught a virtualHost and proxying to execute the cgi scripts hosted on his machine ? > >On our apache server we have written in the vhost.conf : >(assuming for the example that our apache serveur ip adress is >123.12.12.12 our distant host private ip adress 10.10.10.10 and the name it becomes to bee seen through the internet >distant.machine.univ-reunion.fr) : > > > Servername distant.machine.univ-reunion.fr > ProxyPass / http://10.10.10.10 > ProxypassReverse / http://10.10.10.10 > > >How do i tell apache that cgi scripts i want to execute are not those on the apache server but those on the 10.10.10.10 ? Is it just possible ? > >regards, annie > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > > > > --------------020809020103080601090002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi Axel-Stéphane,

Sorry, i forget to give the apache version : 1.3.31 :-(
I don't know if this answer your question, but when i put in a browser http://10.10.10.10/cgi-bin/subrep/file.cgi (host where the cgi-script i want to execute are) it works.
When i put http://distant.machine.univ-reunion.fr/cgi-bin/subrep/file.cgi (so the same machine behind a reverse proxy), i get :

Forbidden

You don't have permission to access /cgi-bin/PBE/list_superfamily.cgi on this server.
Apache/1.3.31 Server at [distant.machine].univ-reunion.fr Port 80

Am i false if i think that reverse-proxy does not know where to find the cgi-script on the 10.10.10.10 machine, or is it something else ?

i try to put a Directory directive in the virtual host :
<Directory /usr/lib/cgi-bin/>
    AllowOverride none
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

where /usr/lib/cgi-bin/ is the absolute path to cgi folder on 10.10.10.10
It doesn't work either,and perhaps was it a nut thing to do.

So if you have an idea ...
Thanks for help.
cordialement. annie

Axel-Stéphane SMORGRAV a écrit :

 Annie,

You do not specify what version of Apache you are using.

My understanding is that there is a content server somewhere that also hosts cgi-scripts, and you have put a reverse proxy in front of that server. You do NOT want CGI scripts to be executed on the reverse proxy.

Have you tested against the configuration you outline below and actually found that paths prefixed with /cgi-bin are actually interpreted as CGI-scripts by the reverse proxy?

Tests I made with Apache 2.0.54 show that it works just fine. The CGI script is NOT executed on the reverse proxy. A quick look at the code of mod_proxy and mod_cgi seems to confirm this since the mod_proxy handler registers all its hooks before mod_cgi (except post_config).

I suggest you test your configuration below. If you actually do observe that the CGI scripts are executed on the reverse proxy, please report back and we'll look into it again.

Cordialement,
-ascs 

-----Original Message-----
From: Annie Dumont [mailto:annie.dumont@univ-reunion.fr] 
Sent: Wednesday, January 25, 2006 7:17 AM
To: users@httpd.apache.org
Subject: [users@httpd] How to execute cgi on a proxied host ?

Hi everybody,

One of our scientist has develop a website with cgi-script, on host with a private adress.
He needs to be readable throught the internet next month.
Is it possible, throught a virtualHost and proxying to execute the cgi scripts hosted on his machine ?

On our apache server we have written in the vhost.conf :
(assuming for the example that our apache serveur ip adress is
123.12.12.12 our distant host private ip adress 10.10.10.10 and the name it becomes to bee seen through the internet
distant.machine.univ-reunion.fr) :

<VirtualHost 123.12.12.12:80>
    Servername distant.machine.univ-reunion.fr
    ProxyPass             /        http://10.10.10.10
    ProxypassReverse /        http://10.10.10.10
</VirtualHost>

How do i tell apache that cgi scripts i want to execute are not those on the apache server but those on the 10.10.10.10 ? Is it just possible ?

regards, annie

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

--------------020809020103080601090002--