Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 72601 invoked from network); 28 Nov 2007 16:28:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Nov 2007 16:28:49 -0000 Received: (qmail 20629 invoked by uid 500); 28 Nov 2007 16:28:29 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 19834 invoked by uid 500); 28 Nov 2007 16:28:27 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 19823 invoked by uid 99); 28 Nov 2007 16:28:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 08:28:27 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [193.132.127.253] (HELO mailhost.cdltd.co.uk) (193.132.127.253) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 16:28:29 +0000 Received: from exch.cdltd.co.uk (fw.cdltd.co.uk [193.132.127.247]) by mailhost.cdltd.co.uk (8.14.1/8.12.11) with ESMTP id lASHPsmi017425 for ; Wed, 28 Nov 2007 17:27:45 GMT X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 28 Nov 2007 16:30:09 -0000 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] Redirecting to internal server Thread-Index: Acgx0VyYYsFCcl+4Q9G4lmsQ2D4XvgAAotAQAAHp9rA= References: <1196262645.3927.51.camel@stjwks02.uk.ratedpeople> From: "Paul Cocker" To: X-tntpost.co.uk-MailScanner-Information: Please contact the ISP for more information X-tntpost.co.uk-MailScanner: Found to be clean X-tntpost.co.uk-MailScanner-SpamCheck: X-MailScanner-From: paul.cocker@tntpost.co.uk X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] Redirecting to internal server I have managed to fix this (was indeed an issue with the DMZ-Internal router) and the proxy is working brilliantly. Many thanks to those who chipped in :) I have run into a new issue. To secure the resources found on this page we were intended to use NTLM authentication, seeing as how the resources are on a Windows server. This would be a quick and easy way of protecting the resources. However, while I am prompted to enter a username and password, it is never accepted despite the credentials being correct. When I try to access the resources direct (bypassing the Apache proxy) it works fine. Will this Proxy method (or Apache?) not work with this NTLM authentication?=20 Paul Cocker IT Systems Administrator IT Security Officer 01628 81(6647) TNT Post 1 Globeside Business Park Fieldhouse Lane Marlow Bucks SL7 1HY -----Original Message----- From: Paul Cocker [mailto:paul.cocker@tntpost.co.uk]=20 Sent: 28 November 2007 15:44 To: users@httpd.apache.org Subject: RE: [users@httpd] Redirecting to internal server This error has only started occurring (when trying to access the relevant folder) after the proxy lines were added to the virtual host. Before then it simply tried to find that folder and failed, so this is progress! :) What I want to clarify is whether a 502 can mean "no response" as well as "I reached it, but didn't understand it". I can't seem to telnet from the DMZ server to the internal one on port 80, so I suspect a routing issue, but I want to confirm. Paul Cocker IT Systems Administrator IT Security Officer 01628 81(6647) TNT Post 1 Globeside Business Park Fieldhouse Lane Marlow Bucks SL7 1HY -----Original Message----- From: David Cassidy [mailto:david@twocats.co.uk] Sent: 28 November 2007 15:11 To: users@httpd.apache.org Subject: RE: [users@httpd] Redirecting to internal server Yes such errors would go direct to the client unless you do something on apache to send back something else. Turn up your proxy logging and you can see what IIS is sending back. You might want to check you are doing proxying and not re-directing... On Wed, 2007-11-28 at 15:08 +0000, Paul Cocker wrote: > The proxy is currently registering a 502 Bad Gateway error. Is a=20 > failure to reach the internal server the most likely cause, or are=20 > there issues with communication between Apache 2.0.59 and IIS 6 which=20 > can cause this to occur? For example, attempting to access the default > page would get you the error: >=20 > Directory Listing Denied > This Virtual Directory does not allow contents to be listed. >=20 > Would such errors be directly relayed to the client?=20 >=20=20 >=20 > Paul Cocker > IT Systems Administrator > IT Security Officer >=20 > 01628 81(6647) >=20 > TNT Post > 1 Globeside Business Park > Fieldhouse Lane > Marlow > Bucks > SL7 1HY >=20 >=20=20 >=20 > ________________________________ >=20 > From: Victor Trac [mailto:victor.trac@gmail.com] > Sent: 28 November 2007 14:29 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Redirecting to internal server >=20 >=20 > On Nov 28, 2007 12:28 PM, Paul Cocker wrote: >=20 >=20 > Thanks, you're right, not only was it the wrong block it was the > wrong > config file. I forgot that when we upgraded Apache we used the new > config locations but didn't delete the old configs "just in case". >=20=09 > The proxy element is now working alas I have a new and exciting=20 > problem, > but it's one outside the scope of this list so thanks for your > assistance. With time I hope I'll be more confident in my own=20 > diagnosis > of the problem :) >=20=09 > One question, when acting as a reverse proxy what does Apache use as=20 > a > source port, anything above 1023? >=20=09 >=20 >=20 > Paul Cocker > IT Systems Administrator >=20=09 > IT Security Officer >=20=09 > 01628 81(6647) >=20=09 > TNT Post >=20=09 > 1 Globeside Business Park > Fieldhouse Lane > Marlow >=20=09 > Bucks > SL7 1HY >=20=09 >=20 >=20 >=20 > Yup, apache just uses a free, non-privileged port.=20 >=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047)= , TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897= ),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emm= a's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother a= nd Baby) Ltd (02556692). All companies are registered in England and Wales;= registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Bu= ckinghamshire, SL7 1HY. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org