httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Teixeira <>
Subject Re: [users@httpd] 403 Forbidden error with rewrite [P] flag
Date Wed, 21 Feb 2007 10:46:01 GMT
Hi krist,

thank you very much for your sugestion. It wasn't the only problem with 
my configuration - I also had "deny from all" in the proxy.conf file - 
but with the SSLProxy On directive the rewrite now works.

But I still have a problem: the original address isn't kept in the 
address bar... this is a problem because the proxy is the only external 
IP address. How can I keep the original address in the browser's address 
bar? Isn't this possible with the rewrite [P]? I have read that it is 
possible with an "old fashion" reverse proxy, doesn't the [P] do the same?

Thank you for your time

Bruno Teixeira

Krist van Besien wrote:
> On 2/16/07, Bruno Teixeira <> wrote:
>> I've been browsing the web for a solution to my problem, but all I can
>> find are similar problems, no solutions...
>> I am using a rewrite rule to rewrite ""
>> requests to "". This works fine, but I don't the
>> user to see the "198 IP", but to always the "251". To accomplish this, I
>> thought I only had to add a "P flag" to the rewrite rule, but when I do
>> so, I get a "403 Forbidden error". I have the proxy module loaded!
>> I would really appreciate some input. Thank you for your time.
> You're welcome.
>> I get this on the error log:
>> [Fri Feb 16 11:13:14 2007] [error] [client] client denied
>> by server configuration: proxy:
>> and this on the rewrite log:
>> - - [16/Feb/2007:11:16:04 +0000]
>> [][rid#82a2440/initial] (2) init rewrite engine
>> with requested uri /secure
>> - - [16/Feb/2007:11:16:04 +0000]
>> [][rid#82a2440/initial] (2) rewrite /secure ->
>> - - [16/Feb/2007:11:16:04 +0000]
>> [][rid#82a2440/initial] (2) forcing
>> proxy-throughput with
>> - - [16/Feb/2007:11:16:04 +0000]
>> [][rid#82a2440/initial] (1) go-ahead with proxy
>> request proxy: [OK]
> What I see here is that a) your rewrite works, but b) your proxy
> config has some problems.
> The problem is that proxying to an https server requires a bit more
> than just adding a P to a rewrite statement. When proxing to https
> your apache server has to take on the role of an SSL client, which the
> standard out of the box apache hasn't been set up for.
> You need at least the following directives:
> SSLProxyEngine on
> SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/
> And then in /usr/local/apache2/conf/ssl.crt/ (or whichever dir you
> configure here) you need to add at least the root certificate of the
> CA used to sign the SSL certificate you use on your https server.
> You can find out more about this by reading up on the SSLProxy
> directives in the manual.
> Krist

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message