httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Teixeira <brunote...@gmail.com>
Subject Re: [users@httpd] 403 Forbidden error with rewrite [P] flag
Date Wed, 21 Feb 2007 10:46:01 GMT
Hi krist,

thank you very much for your sugestion. It wasn't the only problem with 
my configuration - I also had "deny from all" in the proxy.conf file - 
but with the SSLProxy On directive the rewrite now works.

But I still have a problem: the original address isn't kept in the 
address bar... this is a problem because the proxy is the only external 
IP address. How can I keep the original address in the browser's address 
bar? Isn't this possible with the rewrite [P]? I have read that it is 
possible with an "old fashion" reverse proxy, doesn't the [P] do the same?

Thank you for your time

Bruno Teixeira

Krist van Besien wrote:
> On 2/16/07, Bruno Teixeira <brunoteixa@gmail.com> wrote:
> 
>> I've been browsing the web for a solution to my problem, but all I can
>> find are similar problems, no solutions...
>>
>> I am using a rewrite rule to rewrite "http://192.168.2.251/secure"
>> requests to "https://192.168.2.198/". This works fine, but I don't the
>> user to see the "198 IP", but to always the "251". To accomplish this, I
>> thought I only had to add a "P flag" to the rewrite rule, but when I do
>> so, I get a "403 Forbidden error". I have the proxy module loaded!
>>
>> I would really appreciate some input. Thank you for your time.
> 
> You're welcome.
> 
>>
>> I get this on the error log:
>>
>> [Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] client denied
>> by server configuration: proxy:https://192.168.2.198
>>
>> and this on the rewrite log:
>>
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init rewrite engine
>> with requested uri /secure
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite /secure ->
>> https://192.168.2.198
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing
>> proxy-throughput with https://192.168.2.198
>> 192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
>> [192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead with proxy
>> request proxy:https://192.168.2.198 [OK]
> 
> What I see here is that a) your rewrite works, but b) your proxy
> config has some problems.
> 
> The problem is that proxying to an https server requires a bit more
> than just adding a P to a rewrite statement. When proxing to https
> your apache server has to take on the role of an SSL client, which the
> standard out of the box apache hasn't been set up for.
> 
> You need at least the following directives:
> 
> SSLProxyEngine on
> SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/
> 
> And then in /usr/local/apache2/conf/ssl.crt/ (or whichever dir you
> configure here) you need to add at least the root certificate of the
> CA used to sign the SSL certificate you use on your https server.
> 
> You can find out more about this by reading up on the SSLProxy
> directives in the manual.
> 
> Krist
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message