httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ja...@nixsecurity.org
Subject Re: [users@httpd] Problem solved was Re: [users@httpd] Problem configuring proxy (forbidden error locally)
Date Thu, 10 Feb 2011 20:28:06 GMT
There should be a mod_ssl RPM available for the Apache RPM which enables mod_ssl.

[root@myhost ~]# yum search apache | grep ssl
mod_ssl.i386 : SSL/TLS module for the Apache HTTP server


>---- Original Message ----
>From: o haya <ohaya@yahoo.com>
>To: users@httpd.apache.org
>Sent: Thu, Feb 10, 2011, 3:24 PM
>Subject: [users@httpd] Problem solved was Re: [users@httpd] Problem configuring proxy
(forbidden error locally)
>
>Hi,
>
>We figured out the problem.
>
>As mentioned earlier, we were using the Redhat Apache 2.0.52 (httpd) RPM.
>
>Apparently, that doesn't come with mod_ssl support (either built-in or DSO), but we had
the ProxyPass/ProxyPassReverse directives pointing to SSO/https URLs, i.e., the Apache2 had
no support for SSL at all.
>
>We modified the ProxyPass/ProxyPassReverse directives to point to non-SSL URLs, and that
eliminated the 403/Forbidden errors.
>
>So, the bottom line was that pointing the ProxyPass/ProxyPassReverse to SSL URLs, when
the Apache didn't have SSL support, causes Apache2 to respond with 403/Forbidden responses...
>
>Thanks,
>Jim
>
>
>
>
>--- On Wed, 2/9/11, o haya <ohaya@yahoo.com> wrote:
>
>> From: o haya <ohaya@yahoo.com>
>> Subject: Re: [users@httpd] Problem configuring proxy (forbidden error locally)
>> To: users@httpd.apache.org
>> Date: Wednesday, February 9, 2011, 11:09 PM
>> Hi,
>> 
>> BTW, to help guide me on what to look for, my understanding
>> is that there are basically two things that can cause Apache
>> to provide the 403/Forbidden response:
>> 
>> - Linux permissions
>> - Something in the Apache .conf files that sets a "deny"
>> 
>> For the former, and assuming the we don't have any local
>> resources in the <VirtualHost>s (i.e., no
>> <DocumentRoot>), and only a bunch of
>> ProxyPass/ProxyPassReverse directives, I think that the
>> <VirtualHost> would "inherit" the <DocumentRoot>
>> from the server configuration, so what we'd have to do is to
>> look at where the <DocumentRoot> is pointing to, and
>> confirm that the user and group specified in the User and
>> Group directives in the Apache .conf files have
>> read/write/execute perms on that and all of its parent
>> directories.
>> 
>> Is that correct?
>> 
>> For the latter, we need to look for all "deny", and check
>> that none of them apply to the <Location> directives
>> in the <VirtualHost> sections.
>> 
>> Is that correct?
>> 
>> Thanks,
>> Jim
>> 
>> 
>> --- On Wed, 2/9/11, o haya <ohaya@yahoo.com>
>> wrote:
>> 
>> > From: o haya <ohaya@yahoo.com>
>> > Subject: Re: [users@httpd] Problem configuring proxy
>> (forbidden error locally)
>> > To: users@httpd.apache.org
>> > Date: Wednesday, February 9, 2011, 10:23 PM
>> > Eric,
>> > 
>> > Sorry for that.  The system is at work, so I'll have
>> > to get that tomorrow.
>> > 
>> > Jim
>> > 
>> > 
>> > --- On Wed, 2/9/11, Eric Covener <covener@gmail.com>
>> > wrote:
>> > 
>> > > From: Eric Covener <covener@gmail.com>
>> > > Subject: Re: [users@httpd] Problem configuring
>> proxy
>> > (forbidden error locally)
>> > > To: users@httpd.apache.org
>> > > Date: Wednesday, February 9, 2011, 9:58 PM
>> > > On Wed, Feb 9, 2011 at 8:26 PM, o
>> > > haya <ohaya@yahoo.com>
>> > > wrote:
>> > > >
>> > > > Hi Eric and Igor,
>> > > > The Apache proxy logs show "403" errors.
>> > > 
>> > > Don't paraphrase the logs. Include them verbatim
>> in
>> > your
>> > > response.
>> > > 
>> > >
>> >
>> ---------------------------------------------------------------------
>> > > The official User-To-User support forum of the
>> Apache
>> > HTTP
>> > > Server Project.
>> > > See <URL:http://httpd.apache.org/userslist.html> for more
>> > > info.
>> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > > For additional commands, e-mail: users-help@httpd.apache.org
>> > > 
>> > > 
>> > 
>> > 
>> > 
>> > 
>> >
>> ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache
>> HTTP
>> > Server Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more
>> > info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> > 
>> > 
>> 
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more
>> info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>> 
>
>
>      
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message