Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 399E3103F9 for ; Tue, 11 Feb 2014 12:52:16 +0000 (UTC) Received: (qmail 86360 invoked by uid 500); 11 Feb 2014 12:52:12 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 86038 invoked by uid 500); 11 Feb 2014 12:52:07 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 86030 invoked by uid 99); 11 Feb 2014 12:52:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 12:52:05 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [194.165.29.12] (HELO mailshield1.southampton.gov.uk) (194.165.29.12) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 12:52:02 +0000 Received: from pps.filterd (mailshield.southampton.gov.uk [127.0.0.1]) by mailshield.southampton.gov.uk (8.14.5/8.14.5) with SMTP id s1BCoBX7030230 for ; Tue, 11 Feb 2014 12:51:35 GMT Received: from cls-grn-ex01svr.corp.southampton.gov.uk ([172.23.60.64]) by mailshield.southampton.gov.uk with ESMTP id 1hwk0vt7cc-6 for ; Tue, 11 Feb 2014 12:51:35 +0000 Received: from SVR-GRN-EXCHNG1.corp.southampton.gov.uk ([172.23.60.86]) by CLS-GRN-EX01SVR.corp.southampton.gov.uk with Microsoft SMTPSVC(6.0.3790.4675); Tue, 11 Feb 2014 12:51:10 +0000 Received: from SVR-GRN-EXCHNG2.corp.southampton.gov.uk ([fe80::9d90:e534:7a94:9de2]) by svr-grn-exchng1.corp.southampton.gov.uk ([fe80::516e:832a:f426:78b9%28]) with mapi id 14.03.0174.001; Tue, 11 Feb 2014 12:51:10 +0000 From: "Sittampalam, Nagu" To: "'users@httpd.apache.org'" Thread-Topic: Proxy HTTPS tunneling Thread-Index: Ac8nJ+8+NIWb6rvPR3GDU15bIEQuJg== Date: Tue, 11 Feb 2014 12:51:09 +0000 Message-ID: <35CF7E77FA256D46888B732DD32D2D42048F27@svr-grn-exchng2.corp.southampton.gov.uk> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.147.32.43] Content-Type: multipart/alternative; boundary="_000_35CF7E77FA256D46888B732DD32D2D42048F27svrgrnexchng2corp_" MIME-Version: 1.0 X-OriginalArrivalTime: 11 Feb 2014 12:51:10.0422 (UTC) FILETIME=[F0349760:01CF2727] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87,1.0.14,0.0.0000 definitions=2014-02-11_04:2014-02-11,2014-02-11,1970-01-01 signatures=0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Proxy HTTPS tunneling --_000_35CF7E77FA256D46888B732DD32D2D42048F27svrgrnexchng2corp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello WE are trying to setup HTTPS tunnelling to a backend server through Apache= proxy but we are finding the client connect but Apache does not send thro= ugh the traffic the backend server. The config we have on our Apache proxy virtual host is DocumentRoot "/usr/local/apache2221/htdocs/ibcm/" ServerName test.testdom.local ErrorLog logs/ibcm ServerAdmin webmaster@testdom.local ProxyRequests On AllowConnect 443 SSLEngine on SSLHonorCipherOrder On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile "/etc/ssl/crt/ibcm.crt" SSLCertificateKeyFile "/etc/ssl/crt/testdom.key" SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.crt" Order deny,allow Deny from all Order deny,allow Allow from all Anybody know what we are not doing correctly. Also we found Apache would = not start without us putting in the root certificate. Thought it would not = need any certificate for tunnelling so wonder if we have missed something. Nagu Sittampalam | Security Team Leader , IT Solutions Division | Southampt= on Strategic Services Partnership | Landline: 02380 833012 | Fax: 02380 832= 973 | e-mail Nagu.Sittampalam@southampton.gov.uk | e-mail Nagu.Sittampalam@capita.co.uk | post Capita ITS, 1st Floor, One Guildhall Square, Abo= ve Bar, Southampton, SO14 7FP This email and any files transmitted with it are confidential, and may be s= ubject to legal privilege, and are intended solely for the use of the indiv= idual or entity to whom they are addressed. If you have received this email in error or think you may have done so, you= may not peruse, use, disseminate, distribute or copy this message. Please = notify the sender immediately and delete the original e-mail from your syst= em. --_000_35CF7E77FA256D46888B732DD32D2D42048F27svrgrnexchng2corp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello

 

WE are trying to setup  HTTPS tunnelling to a b= ackend server through Apache proxy  but we are finding the client conn= ect but Apache does not send through the traffic the backend server.

 

The config we have on our Apache proxy  virtual= host  is

 

<VirtualHost 172.19.1.136:443>

 

DocumentRoot "/usr/local/apache2221/htdocs/ibcm= /"

ServerName test.testdom.local

ErrorLog logs/ibcm

ServerAdmin webmaster@testdom.local

ProxyRequests On

AllowConnect 443

SSLEngine on

SSLHonorCipherOrder On

SSLProtocol -ALL +SSLv3 +TLSv1

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4&= #43;RSA:+HIGH:+MEDIUM

 

SSLCertificateFile "/etc/ssl/crt/ibcm.crt"=

 

SSLCertificateKeyFile "/etc/ssl/crt/testdom.key= "

 

SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.cr= t"

 

<proxy *>

   Order deny,allow

   Deny from all

</proxy>

 

<ProxyMatch (webssl.testdom.com|192.168.50.100)&g= t;

   Order deny,allow

   Allow from all

</ProxyMatch>

</VirtualHost>

 

Anybody know what we are not doing correctly. &= nbsp; Also we found Apache would not start without us putting in the root c= ertificate. Thought it would not need any certificate for tunnelling  = so wonder if we have missed something.

 

 

 

 

Nagu Sit= tampalam | Security Team Leader , IT Solutions Division | Southam= pton Strategic Services Partnership | Landline: 02380 833012 | Fax: 02380 8= 32973 | e-mail Nagu.Sittampalam@southampton.gov.uk | e-mail Nagu.Sittampalam@capita.co.uk | post Capita= ITS, 1st Floor, One Guildhall Square, Above Bar, Southampton, SO14 7FP
This email and any file= s transmitted with it are confidential, and may be subject to legal privile= ge, and are intended solely for the use of the individual or entity to whom= they are addressed.
If you have received this email in error or think you may have done so, you= may not peruse, use, disseminate, distribute or copy this message. Please = notify the sender immediately and delete the original e-mail from your syst= em.

 

--_000_35CF7E77FA256D46888B732DD32D2D42048F27svrgrnexchng2corp_--