httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gund Wehsling <g...@nzrides.com>
Subject RE: [users@httpd] ProxyPass and Internal URLs
Date Fri, 08 May 2009 04:32:26 GMT
Hi 

Thanks for the quick response.

<snip>
It sounds like your ProxyPassReverse failed to do the right thing, and
a redirect leaked out. I assume for most users, "internaladdress1.com"
in the browser would be game over.
</snip>

Yes, internaladdress1.com is not routable or resolvable unless you are on the LAN, it is an
independent and random address and domain. The browser trying to get there results in the
404.

<snip>
I assume you have NameVirtualHost 0.0.0.0:443 (your symptom doesn't
match this error, but it's a common error)

Can you paste apache2ctl (or apachectl/httpd) -S ?
</snip>

I am using SMEServer 7.4 distro and there is no apachectl on the volume. The output of httpd
-S is here:

[root@server11 /]# /usr/sbin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server internaladdress1.com (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost internaladdress1.com (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost publicaddress1.com (/etc/httpd/conf/httpd.conf:701)
         port 443 namevhost publicaddress2.com (/etc/httpd/conf/httpd.conf:799)
         port 443 namevhost host1.publicaddress2.com (/etc/httpd/conf/httpd.conf:1103)
         port 443 namevhost host2.publicaddress2.com (/etc/httpd/conf/httpd.conf:1120)
*:80                   is a NameVirtualHost
         default server internaladdress1.com (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost internaladdress1.com (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost publicaddress1.com (/etc/httpd/conf/httpd.conf:654)
         port 80 namevhost publicaddress2.com (/etc/httpd/conf/httpd.conf:752)
         port 80 namevhost host1.publicaddress2.com (/etc/httpd/conf/httpd.conf:1097)
         port 80 namevhost host2.publicaddress2.com (/etc/httpd/conf/httpd.conf:1114)
Syntax OK
[root@server11 /]#

As you can see, I have everything on a private LAN and I enjoy the security benefits of reverse
proxy. The publicaddress1 and publicaddress2 are both domains I own. Everything resolves to
a fixed address I own and I use the Apache server to send the incoming requets to either an
Exchange box (host1) or another SMEServer (host2), depending on the FQDN. Everything works
except OSCommerce on another SMEServer 7.4 (host2).

OSCommerce requires that from the web the users and administrator can 'see' FQDN/oscommerce
and FQDN/oscommerce/admin. I was hoping that PROXYPASS would allow everything from / to be
proxy'd out, but looking at how Exchange is reverse proxy'd (each virtual directory is explicitly
detailed), I added a few lines into the PROXYPASS statement to explicitly handle /oscommerce
and /oscommerce/admin as well as / and it works!

I am not sure if this is a short comming of reverse proxy HTTPS (because it works fine in
HTTP for any non-explicit virtual directory), or I have misread or misinterpreted the documentation.

I am okay with it as it is now, because ultimately, this means only explicit redirects work,
which is a security feature for me, but perhaps somebody else wants to make this work if it
is indeed a problem with code.

For reference, I did have to enable SSL proxy:

SSLProxyEngine on

before any of the PROXYPASS stuff would work in HTTPS.

Many thanks for all your help, I am very happy with the product and most definitely the support.

I am also happy this is resolved, unless somebody else is concerned that each Virtual Directoy
needs to be explicit.

Gund
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message