httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lokesh K B Reddy" <Loke...@hcl.in>
Subject RE: [users@httpd] mod_proxy for rpc over https
Date Tue, 26 Jun 2007 19:29:21 GMT

 
Hi,

	I added that line .. My OWA is working fine with HTTPS only ..

Listen 80
Listen 158.218.128.115:443

Regards,
 
Lokesh 

-----Original Message-----
From: Lindsay Hausner [mailto:lindsay.hausner@comodo.com] 
Sent: Tuesday, June 26, 2007 3:31 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy for rpc over https



-----Original Message-----
From: Lokesh K B Reddy [mailto:LokeshR@hcl.in]
Sent: Tuesday, June 26, 2007 9:56 AM
To: users@httpd.apache.org
Cc: Owen.Boyle@swx.com
Subject: RE: [users@httpd] mod_proxy for rpc over https

Hi,

	Forgot to update Apache details..

Server version: Apache/2.0.52
Server built:   Jan 30 2007 09:56:16
OS : RHEL4 Update 4
Apache : Using Redhat RPM..


Regards,
 
Lokesh 

-----Original Message-----
From: Lokesh K B Reddy
Sent: Tuesday, June 26, 2007 9:54 AM
To: 'users@httpd.apache.org'
Cc: 'Owen.Boyle@swx.com'
Subject: RE: [users@httpd] mod_proxy for rpc over https

Hi,

	Still RPC over HTTPS is not working after adding AllowCONNECT
443. Here is my configuration, with this OWA (Outlook Web Access) is
working fine , only problem with RPC over HTTPS.

<VirtualHost 158.218.128.115:443>
        ServerName exchange.sensata.com:443
        # This secures the server from being used as a third party
        # proxy server
        ProxyRequests Off

        # Allows the proxying of a SSL connection
        AllowCONNECT 443 80 593 60001 60002 60003 60004
        SSLProxyEngine On
        ProxyVia On

        # Header Stuff
        AddDefaultCharset UTF-8
        RequestHeader unset Accept-Encoding
        #RequestHeader set Front-End-Https "On"
        HostnameLookups Off
        UseCanonicalName Off

        # Proxy Preserving the hostname
        ProxyPreserveHost On

        # SSL Stuff
        SSLProtocol All
        SSLEngine On

        DocumentRoot /opt/www/exchange

        # Configuration of RPC over HTTPS #
        ###
        ProxyPass / https://myexch.roof.com/
        ProxyPassReverse / https://myexch.roof.com/
        CacheDisable *
        ###
        # SSL Certificate #
        SSLCertificateFile /opt/www/exchange/exchange.cer
        SSLCertificateKeyFile /opt/www/exchange/exchange.key
        # Extras Stuff #
        ###
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        ###
        # Log file
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" com
        CustomLog /opt/www/logs/exchange/access_log combined
env=!dontlog
        ErrorLog /opt/www/logs/exchange/error_log

</VirtualHost>


158.218.128.115 --> My Virtual IP address.
Myexch.roof.com --> My F5 Load Balancer

Here is the design structure :

Exterbal IP --> Apache:443(DMZ) --> F5 Load Balancer:443(internal
network)-SSL Offloading --> Exchange Front-end server:80

Here is the website , I say BUG info:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
http://issues.apache.org/bugzilla/show_bug.cgi?id=40029

Error Logs :

[Mon Jun 25 17:43:11 2007] [error] (104)Connection reset by peer: proxy:
pass request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun
25 17:45:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:48:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com)

Access Logs :

158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 503 - "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 104 628 "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:06 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 200 128 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 200 128 "-" "MSRPC"

mailbox.roof.com --> My Mailbox server.

Please guide me , how to go further..

Thanks in advance,..
Regards,
 
Lokesh 

You may need a 'Listen 443' directive in you main server
configuration...

lh..


DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named
recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. Any views or
opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of
HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and
/ or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited.
If you have 
received this email in error please delete it and notify the sender immediately. Before opening
any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message