Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EDC13200C1C for ; Wed, 15 Feb 2017 12:59:54 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id EC5AB160B5E; Wed, 15 Feb 2017 11:59:54 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C29C4160B46 for ; Wed, 15 Feb 2017 12:59:53 +0100 (CET) Received: (qmail 59234 invoked by uid 500); 15 Feb 2017 11:59:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 59224 invoked by uid 99); 15 Feb 2017 11:59:52 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2017 11:59:52 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id E1CF7C1947 for ; Wed, 15 Feb 2017 11:59:51 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.649 X-Spam-Level: ** X-Spam-Status: No, score=2.649 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id GvHOLFyB9wZV for ; Wed, 15 Feb 2017 11:59:49 +0000 (UTC) Received: from mail-io0-f176.google.com (mail-io0-f176.google.com [209.85.223.176]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 6AC415FAFB for ; Wed, 15 Feb 2017 11:59:49 +0000 (UTC) Received: by mail-io0-f176.google.com with SMTP id j18so86846622ioe.2 for ; Wed, 15 Feb 2017 03:59:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=foxabK7zHYU/Gi8lYsBftXoqBvoPkAqDA7aRk0rPWIs=; b=Mc5zK9MhA9J34gFfmUlsY59DX5tCYiAYCmgFegXt10I+x+ykxLGS0ThsAOcf3nVnKQ LqzKHCX0eW1Fa4k9zqhCukABUNdK9BHYjhrkMa/R/OxxV/xmaIaEsaA/uLOfqU5VYDm0 IuZkCSxOakH3dua1Uxet/zmXpEHidlLU8ydJ5ucz0sYM6iT1VbkH2cjIBo4LLFEUuTqQ TXqYvZ1dZwYVrN3yf/APov5Cdzaw34y/PqaVVdxSbimPD7qQhAETI9uk45wOUcXiDFno 2sUbC8utsV2U/l2BxmcNLuS2KCNz6+NzfN/F1LsZqEIReYnqRymaq+B+WJTzrfcQ4Pht 1t3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=foxabK7zHYU/Gi8lYsBftXoqBvoPkAqDA7aRk0rPWIs=; b=TRjAvSDS8soottmWEI45M8TXtj+564PBk1D9XX9oKKRU9A9Dghf8qfjZYmQ+3O2PkY QKP5RUqXPC/B1AVPIn+3DiipUMLdfUO/6kfGidJZ/RORPQxBST5CN5QE6VoIpQ9b1v2/ 6Sk/h5a5cgfJRW8Kmky8FFkEt+rfhn2jHQFJqGqBMM/eEqvIZF0sWWMCPMb/Fv4i8Ivj 8VftKEYl0IWTNZ3Ma9T8PAdYDr8p9MkbOL6a4Nfgp8HkidPBlrgnVmDWTTahgcU3tq9+ DGg7T4jPzR160UWe/oCeoazjWpjI5+RZj0LXCxFyXwolPUPz/7hlKMefvLnWJiMPUIWs wwGg== X-Gm-Message-State: AMke39m8LgsYp54MrIlcaPS/q9n7RJFsIAQCDYWytf5oNNGbJ3Aa1fGg+FCAe+UKLZqe5Y7x8g60Kd64OjKnow== X-Received: by 10.107.151.136 with SMTP id z130mr30163953iod.181.1487159983552; Wed, 15 Feb 2017 03:59:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.101.71 with HTTP; Wed, 15 Feb 2017 03:59:12 -0800 (PST) From: Tapas Mishra Date: Wed, 15 Feb 2017 17:29:12 +0530 Message-ID: To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=001a1140ea008b4c8b0548906a36 Subject: [users@httpd] Apache 2.4 forward Proxy Configuration Issue archived-at: Wed, 15 Feb 2017 11:59:55 -0000 --001a1140ea008b4c8b0548906a36 Content-Type: text/plain; charset=UTF-8 Hi all, I am trying to configure a Apache forward proxy with SSL. But I am not able to connect external host using the proxy. Below is my virtual host configuration. Listen 10.157.131.196:12149 ServerName ech-10-157-131-196.test.com SSLEngine On SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key ProxyVia On ProxyRequests On SSLProxyEngine On RewriteEngine On RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] RewriteRule .* - [F] *Scenario 1:* Using Curl try to access https://www.goole.com curl -v --proxy 10.157.131.196:12149 https://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Proxy-Connection: Keep-Alive > * Proxy CONNECT aborted * Closing connection #0 curl: (56) Proxy CONNECT aborted *Seenario 2:* Using Curl try to access http://www.google.com curl -v --proxy 10.157.131.196:12149 http://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 400 Bad Request < Date: Wed, 15 Feb 2017 10:03:52 GMT < Server: Apache < Content-Length: 362 < Connection: close < Content-Type: text/html; charset=iso-8859-1 < 400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

* Closing connection #0 But when I am disabling SSL in the virtual host and trying to connect outbound http it's working. Virtual host Configuration: Listen 10.157.131.196:12149 ServerName ech-10-157-131-196.test.com #SSLEngine On #SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt #SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key ProxyVia On ProxyRequests On #SSLProxyEngine On RewriteEngine On RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] RewriteRule .* - [F] *Scenario 1:* Using Curl try to access https://www.goole.com curl -v --proxy 10.157.131.196:12149 https://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Proxy-Connection: Keep-Alive > < HTTP/1.1 500 Internal Server Error < Date: Wed, 15 Feb 2017 10:13:15 GMT < Server: Apache < Content-Length: 546 < Connection: close < Content-Type: text/html; charset=iso-8859-1 < * Received HTTP code 500 from proxy after CONNECT * Closing connection #0 curl: (56) Received HTTP code 500 from proxy after CONNECT *Seenario 2:* Using Curl try to access http://www.google.com curl -v --proxy 10.157.131.196:12149 http://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 302 Found < Date: Wed, 15 Feb 2017 10:14:20 GMT < Server: Apache < Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw== < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Content-Length: 660 < Via: 1.1 ech-10-157-131-196.test.com < Redirect
Redirect (authentication_redirect_to_virtual_host)

Hi all,=C2=A0

I am trying to configure a Apache forward proxy with SSL. = But I am not able to connect external host using the proxy. Below is my vir= tual host configuration.

Listen 10.1=
57.131.196:12149
<VirtualHost 10.157.131.196:1214=
9>
  ServerName ech-10-157-131-=
196.test.com
  SSLEngine On
  SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
  SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key

  ProxyVia On
  ProxyRequests On
  SSLProxyEngine On
  RewriteEngine On

  RewriteCond %{REQUEST_URI} !https://w=
ww.google.com/ [NC]
  RewriteRule .* - [F]
</VirtualHost>
Scenario 1:=C2=A0Using Curl try to access=C2=A0https://www.goole.com

curl  -v --proxy 10.157.131.196:12149 https://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
* Establish HTTP proxy tunnel to www.=
google.com:443
> CONNECT www.google.com:443 H=
TTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3=
.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted
Seen= ario 2:=C2=A0Using Curl = try to access=C2=A0http://www.google.com

curl  -v --proxy 10.157.131.196:12149 http=
://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
> GET http://www.google.com/ HTTP=
/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3=
.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Date: Wed, 15 Feb 2017 10:03:52 GMT
< Server: Apache
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=3Diso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.=
<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br=
 />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Closing connection #0

But when I am disabling SSL in the virtual host and trying to connect outb= ound http it's working.

Virtual host Configuration:= 

Li=
sten 10.157.131.196:12149
<VirtualHost 10.157.131.196:1214=
9>
  ServerName ech-10-157-131-=
196.test.com
  #SSLEngine On
  #SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
  #SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key

  ProxyVia On
  ProxyRequests On
  #SSLProxyEngine On
  RewriteEngine On

  RewriteCond %{REQUEST_URI} !https://w=
ww.google.com/ [NC]
  RewriteRule .* - [F]
</VirtualHost>
Scenario 1:=C2=A0Using Curl try to acces= s=C2=A0https://www.goole.com

<= /div>
curl  -v --proxy 10=
.157.131.196:12149 https://www.googl=
e.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
* Establish HTTP proxy tunnel to www.=
google.com:443
> CONNECT www.google.com:443 H=
TTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3=
.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 15 Feb 2017 10:13:15 GMT
< Server: Apache
< Content-Length: 546
< Connection: close
< Content-Type: text/html; charset=3Diso-8859-1
<
* Received HTTP code 500 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 500 from proxy after CONNECT
Seenario 2:=C2=A0Using Curl try to access=C2=A0http://www.google.c= om

curl  -v --proxy 10.157.131.196:12149 http://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
> GET http://www.google.com/ HTTP=
/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3=
.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Date: Wed, 15 Feb 2017 10:14:20 GMT
< Server: Apache
< Location: http://www.cfauth.com/?cfru=3DaHR0cDovL3d3dy5nb29nbGUuY2=
9tLw=3D=3D
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=3Dutf-8
< Content-Length: 660
< Via: 1.1 ech-10-157-131=
-196.test.com
<
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face=3D"Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=3D0 cellPadding=3D1 width=3D"80%">
<TR><TD>
<FONT face=3D"Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face=3D"Hel
Regards,
T= apas Mishra
7769092465
--001a1140ea008b4c8b0548906a36--