httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Teixeira <brunote...@gmail.com>
Subject Re: [users@httpd] 403 Forbidden error with rewrite [P] flag
Date Wed, 21 Feb 2007 10:28:43 GMT
Hi there,

I didn't use AllowCONNECT. The problem was that I loaded the module with 
"a2enmod" and the default configuration is "deny from all". Anyway, it 
works now but, the address at the top changes to the redirected 
address... Shouldn' it always keep the original address? This is a 
problem, because in the future only the original IP address will be 
"external".

Thank you for your time.

Bruno Teixeira

Chirouze Olivier wrote:
> Hi,
> 
> I already had this but can't manage to find back the solution.
> 
> I have two clues, thought:
> 
> - you should have ProxyRequests Off to both of your virtualhosts (or at
> least, the first one).
> - I guess you did, but just in case, did you load module
> "proxy_http_module"?
> 
> Last thing, I've recently found directive "AllowCONNECT", haven't had
> time to play with it, but that might be useful. (Might also need
> mod_proxy_connect).
> 
> Please tell us if one of these helped!
> 
> Olivier
> 
> Olivier CHIROUZE
> I&0 Infrastructure
> Volvo Information Technology
>  
> 
>> -----Original Message-----
>> From: Bruno Teixeira [mailto:brunoteixa@gmail.com] 
>> Sent: 16 February 2007 13:17
>> To: users@httpd.apache.org
>> Subject: [users@httpd] 403 Forbidden error with rewrite [P] flag
>>
>> Hi there,
>>
>> I've been browsing the web for a solution to my problem, but all I can
>> find are similar problems, no solutions...
>>
>> I am using a rewrite rule to rewrite "http://192.168.2.251/secure"
>> requests to "https://192.168.2.198/". This works fine, but I don't the
>> user to see the "198 IP", but to always the "251". To 
>> accomplish this, I
>> thought I only had to add a "P flag" to the rewrite rule, but 
>> when I do
>> so, I get a "403 Forbidden error". I have the proxy module loaded!
>>
>> I would really appreciate some input. Thank you for your time.
>>
>> I get this on the error log:
>>
>> [Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] 
>> client denied
>> by server configuration: proxy:https://192.168.2.198
>>
>> and this on the rewrite log:
>>
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init 
>> rewrite engine
>> with requested uri /secure
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite 
>> /secure ->
>> https://192.168.2.198
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing
>> proxy-throughput with https://192.168.2.198
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead 
>> with proxy
>> request proxy:https://192.168.2.198 [OK]
>>
>>
>> Here are both of the Virtual hosts:
>>
>> <VirtualHost 192.168.2.251:80>
>> 	ServerAdmin webmaster@localhost
>> 	ServerName 192.168.2.251
>> 	DocumentRoot /var/www/
>> 	<Directory />
>> 		Options FollowSymLinks
>> 		AllowOverride None
>> 	</Directory>
>> 	<Directory /var/www/>
>> 		Options Indexes FollowSymLinks MultiViews
>> 		AllowOverride None
>> 		Order allow,deny
>> 		allow from all
>> 		# Uncomment this directive is you want to see apache2's
>> 		# default start page (in /apache2-default) when 
>> you go to /
>> 		RedirectMatch ^/$ /site
>> 	</Directory>
>>
>> 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>> 	<Directory "/usr/lib/cgi-bin">
>> 		AllowOverride None
>> 		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>> 		Order allow,deny
>> 		Allow from all
>> 	</Directory>
>>
>> 	ErrorLog /var/log/apache2/error.log
>>
>> 	# Possible values include: debug, info, notice, warn, 
>> error, crit,
>> 	# alert, emerg.
>> 	LogLevel warn
>>
>> 	CustomLog /var/log/apache2/access.log combined
>> 	ServerSignature On
>>
>> 	RewriteEngine   on
>>   	RewriteCond     %{SERVER_PORT} ^80$
>> 	RewriteRule     ^/secure(.*)$ https://192.168.2.198$1 [L]
>> #	RewriteRule     ^/secure(.*)$ https://192.168.2.198$1 
>> [L,P] this rule
>> gives the error
>> 	RewriteLog      "/var/log/apache2/rewrite.log"
>> 	RewriteLogLevel 2
>>
>>      Alias /doc/ "/usr/share/doc/"
>>      <Directory "/usr/share/doc/">
>>          Options Indexes MultiViews FollowSymLinks
>>          AllowOverride None
>>          Order deny,allow
>>          Deny from all
>>          Allow from 127.0.0.0/255.0.0.0 ::1/128
>>      </Directory>
>> </VirtualHost>
>>
>>
>> <VirtualHost 192.168.2.198:443>
>>          ServerAdmin webmaster@localhost
>>          ServerName 192.168.2.198
>>
>>          SSLEngine On
>> 	SSLCertificateFile /etc/apache2/ssl/198.crt
>> 	SSLCertificateKeyFile /etc/apache2/ssl/198.key
>>
>>
>>          DocumentRoot /var/www
>>          <Directory />
>>                  Options FollowSymLinks
>>                  AllowOverride None
>>          </Directory>
>>          <Directory /var/www/>
>>                  Options FollowSymLinks MultiViews
>>                  AllowOverride None
>>                  Order allow,deny
>>                  allow from all
>>                  RedirectMatch ^/$ /site
>>          </Directory>
>>
>>          ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>>          <Directory "/usr/lib/cgi-bin">
>>                  AllowOverride None
>>                  Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>>                  Order allow,deny
>>                  Allow from all
>>          </Directory>
>>
>>          ErrorLog /var/log/apache2/error.log
>>
>>          # Possible values include: debug, info, notice, 
>> warn, error, crit,
>>          # alert, emerg.
>>          LogLevel warn
>>
>>          CustomLog /var/log/apache2/access.log combined
>>          ServerSignature On
>>
>>      Alias /doc/ "/usr/share/doc/"
>>      <Directory "/usr/share/doc/">
>>          Options Indexes MultiViews FollowSymLinks
>>          AllowOverride None
>>          Order deny,allow
>>          Deny from all
>>          Allow from 127.0.0.0/255.0.0.0 ::1/128
>>      </Directory>
>>
>> </VirtualHost>
>>
>>
>> Bruno Teixeira
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message