httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lokesh K B Reddy" <Loke...@hcl.in>
Subject RE: [users@httpd] mod_proxy for rpc over https
Date Tue, 26 Jun 2007 13:56:17 GMT
Hi,

	Forgot to update Apache details..

Server version: Apache/2.0.52
Server built:   Jan 30 2007 09:56:16
OS : RHEL4 Update 4
Apache : Using Redhat RPM..


Regards,
 
Lokesh 

-----Original Message-----
From: Lokesh K B Reddy 
Sent: Tuesday, June 26, 2007 9:54 AM
To: 'users@httpd.apache.org'
Cc: 'Owen.Boyle@swx.com'
Subject: RE: [users@httpd] mod_proxy for rpc over https

Hi,

	Still RPC over HTTPS is not working after adding AllowCONNECT
443. Here is my configuration, with this OWA (Outlook Web Access) is
working fine , only problem with RPC over HTTPS.

<VirtualHost 158.218.128.115:443>
        ServerName exchange.sensata.com:443
        # This secures the server from being used as a third party
        # proxy server
        ProxyRequests Off

        # Allows the proxying of a SSL connection
        AllowCONNECT 443 80 593 60001 60002 60003 60004
        SSLProxyEngine On
        ProxyVia On

        # Header Stuff
        AddDefaultCharset UTF-8
        RequestHeader unset Accept-Encoding
        #RequestHeader set Front-End-Https "On"
        HostnameLookups Off
        UseCanonicalName Off

        # Proxy Preserving the hostname
        ProxyPreserveHost On

        # SSL Stuff
        SSLProtocol All
        SSLEngine On

        DocumentRoot /opt/www/exchange

        # Configuration of RPC over HTTPS #
        ###
        ProxyPass / https://myexch.roof.com/
        ProxyPassReverse / https://myexch.roof.com/
        CacheDisable *
        ###
        # SSL Certificate #
        SSLCertificateFile /opt/www/exchange/exchange.cer
        SSLCertificateKeyFile /opt/www/exchange/exchange.key
        # Extras Stuff #
        ###
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        ###
        # Log file
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" com
        CustomLog /opt/www/logs/exchange/access_log combined
env=!dontlog
        ErrorLog /opt/www/logs/exchange/error_log

</VirtualHost>


158.218.128.115 --> My Virtual IP address.
Myexch.roof.com --> My F5 Load Balancer

Here is the design structure :

Exterbal IP --> Apache:443(DMZ) --> F5 Load Balancer:443(internal
network)-SSL Offloading --> Exchange Front-end server:80

Here is the website , I say BUG info:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
http://issues.apache.org/bugzilla/show_bug.cgi?id=40029

Error Logs :

[Mon Jun 25 17:43:11 2007] [error] (104)Connection reset by peer: proxy:
pass request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun
25 17:45:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:48:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com)

Access Logs :

158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 503 - "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 104 628 "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:06 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 200 128 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 200 128 "-" "MSRPC"

mailbox.roof.com --> My Mailbox server.

Please guide me , how to go further..

Thanks in advance,..
Regards,
 
Lokesh 

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: Tuesday, June 26, 2007 2:11 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy for rpc over https

> -----Original Message-----
> From: Lokesh K B Reddy [mailto:LokeshR@hcl.in]
> Sent: Monday, June 25, 2007 11:33 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] mod_proxy for rpc over https
> 
> Hi,
>  
>     Is there any BUG in mod_proxy for RPC over HTTPS,using Apache 
> reverse proxy outlook web access is working fine but rpc over https is

> not working .Is there any diffrence configuration is required to setup

> rpc over https using apache reverse proxy .

Try http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect

If that's not it, post back with *lots* more detail about your exact
setup (apache version, OS etc.) and exact description of what "not
working" means (ie, include error_log data).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


>  
> Please help me out..
>  
> 
> Regards,
> 
>  
> 
> Lokesh
> 
> DISCLAIMER:
> --------------------------------------------------------------
> ---------------------------------------------------------
> 
> The contents of this e-mail and any attachment(s) are confidential and

> intended for the named recipient(s) only.
> It shall not attach any liability on the originator or HCL or its 
> affiliates. Any views or opinions presented in this email are solely 
> those of the author and may not necessarily reflect the opinions of 
> HCL or its affiliates.
> Any form of reproduction, dissemination, copying, disclosure, 
> modification, distribution and / or publication of this message 
> without the prior written consent of the author of this e-mail is 
> strictly prohibited. If you have received this email in error please 
> delete it and notify the sender immediately. Before opening any mail 
> and attachments please check them for viruses and defect.
> 
> --------------------------------------------------------------
> ---------------------------------------------------------
> 	
>
 
 
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message