httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clodoaldo Neto <clodoaldo.pinto.n...@gmail.com>
Subject [users@httpd] "Method Not Allowed" when CONNECTing to a proxied ssh host
Date Fri, 26 Aug 2011 13:06:14 GMT
CONNECTing trough a proxy in a virtual host only works if it is the default
virtual host.

"Method Not Allowed" when trying to CONNECT to a proxied ssh host:

$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com

HTTP/1.1 405 Method Not Allowed
Date: Fri, 26 Aug 2011 12:34:24 GMT
Server: Apache/2.2.15 (CentOS)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method CONNECT is not allowed for the URL /.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at <a href="mailto:
admin@cz.example.com">ssh.example.com</a> Port 22</address>
</body></html>
Connection closed by foreign host.

If the virtual host config file is moved from torno.example.com.conf to
aaa.torno.example.com.conf it works:

$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com

HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.2.15 (CentOS)

SSH-2.0-OpenSSH_5.3


It seems like the problem is that the connection is using the HTTP 1.0
protocol in instead of the 1.1 protocol which can handle the Host: Header.

This is the virtual host config:

<VirtualHost *:80>

     ServerAdmin admin@example.com
     ServerName torno.example.com
     ServerSignature Off

     HostnameLookups Off
     LogLevel Warn
     ErrorLog logs/torno.example.com-error_log
     CustomLog logs/torno.example.com-access_log combined

     ProxyRequests On
     AllowConnect 22

     <Proxy *>
         Order deny,allow
         Deny from all
     </Proxy>
     <Proxy ssh.example.com>
         Order deny,allow
         Allow from all
     </Proxy>

     ProxyPass / http://www.ibm.com/
     ProxyPassReverse / http://www.ibm.com/
     <Proxy http://www.ibm.com/>
         Order deny,allow
         Allow from all
     </Proxy>

</VirtualHost>

Regards, Clodoaldo Pinto Neto

Mime
View raw message