httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] Proxy HTTPS tunneling
Date Tue, 11 Feb 2014 16:25:00 GMT
Are you trying to set up a Forward Proxy or a Reverse Proxy (explanation:
http://www.jscape.com/blog/bid/87783/Forward-Proxy-vs-Reverse-Proxy)?

Your configuration looks like a forward proxy but your email implies that
you really want a reverse proxy.

See this part of the HTTPD manual for more about reverse proxy setup:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
A reverse proxy is activated using the
ProxyPass<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>
directive
or the [P] flag to the
RewriteRule<http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule>
directive.
It is *not* necessary to turn
ProxyRequests<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests>
on
in order to configure a reverse proxy.

- Y


On Tue, Feb 11, 2014 at 7:51 AM, Sittampalam, Nagu <
Nagu.Sittampalam@southampton.gov.uk> wrote:

>  Hello
>
>
>
> WE are trying to setup  HTTPS tunnelling to a backend server through
> Apache proxy  but we are finding the client connect but Apache does not
> send through the traffic the backend server.
>
>
>
> The config we have on our Apache proxy  virtual host  is
>
>
>
> <VirtualHost 172.19.1.136:443>
>
>
>
> DocumentRoot "/usr/local/apache2221/htdocs/ibcm/"
>
> ServerName test.testdom.local
>
> ErrorLog logs/ibcm
>
> ServerAdmin webmaster@testdom.local
>
> ProxyRequests On
>
> AllowConnect 443
>
> SSLEngine on
>
> SSLHonorCipherOrder On
>
> SSLProtocol -ALL +SSLv3 +TLSv1
>
> SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>
>
>
> SSLCertificateFile "/etc/ssl/crt/ibcm.crt"
>
>
>
> SSLCertificateKeyFile "/etc/ssl/crt/testdom.key"
>
>
>
> SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.crt"
>
>
>
> <proxy *>
>
>    Order deny,allow
>
>    Deny from all
>
> </proxy>
>
>
>
> <ProxyMatch (webssl.testdom.com|192.168.50.100)>
>
>    Order deny,allow
>
>    Allow from all
>
> </ProxyMatch>
>
> </VirtualHost>
>
>
>
> Anybody know what we are not doing correctly.   Also we found Apache would
> not start without us putting in the root certificate. Thought it would not
> need any certificate for tunnelling  so wonder if we have missed something.
>
>
>
>
>
>
>
>
>
> Nagu Sittampalam | Security Team Leader , IT Solutions Division |
> Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax:
> 02380 832973 | e-mail Nagu.Sittampalam@southampton.gov.uk | e-mail
> Nagu.Sittampalam@capita.co.uk | post Capita ITS, 1st Floor, One Guildhall
> Square, Above Bar, Southampton, SO14 7FP
> This email and any files transmitted with it are confidential, and may be
> subject to legal privilege, and are intended solely for the use of the
> individual or entity to whom they are addressed.
> If you have received this email in error or think you may have done so,
> you may not peruse, use, disseminate, distribute or copy this message.
> Please notify the sender immediately and delete the original e-mail from
> your system.
>
>
>

Mime
View raw message