httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] Vendor Connection via Proxy to SNI Server response 403 Forbidden
Date Wed, 07 Jun 2017 17:21:05 GMT
2017-06-07 2:42 GMT+02:00 Reid Watson <reid.watson@auckland.ac.nz>:

> Hi Luca,
>
> I think the vendor is might be putting me down the wrong path because I
> receive
>
> "[Wed Jun 07 11:54:29.302145 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1807): [remote 54.230.144.17:443]
> OpenSSL: Write: SSL negotiation finished successfully"
>
> I thought I would receive "SNI Hostname Error” if I had a mismatch
>
> auckland.collegescheduler.com (54.230.144.17) = External Vendor
>
> Log Snippet
>
> [Wed Jun 07 11:54:28.750881 2017] [proxy:debug] [pid 9177:tid
> 140532624602880] proxy_util.c(2394): [client 10.0.0.1:19478] AH00947:
> connected /api/institutiondata/xxxxxxxx/COHORTS to
> auckland.collegescheduler.com:443
> [Wed Jun 07 11:54:28.886833 2017] [proxy:debug] [pid 9177:tid
> 140532624602880] proxy_util.c(2771): AH02824: HTTPS: connection established
> with 54.230.144.17:443 (*)
> [Wed Jun 07 11:54:28.886887 2017] [proxy:debug] [pid 9177:tid
> 140532624602880] proxy_util.c(2923): AH00962: HTTPS: connection complete to
> 54.230.144.17:443 (auckland.collegescheduler.com)
> [Wed Jun 07 11:54:28.886897 2017] [ssl:info] [pid 9177:tid
> 140532624602880] [remote 54.230.144.17:443] AH01964: Connection to child
> 0 established (server Internal-site.test.com:80)
> [Wed Jun 07 11:54:28.886921 2017] [ssl:trace2] [pid 9177:tid
> 140532624602880] ssl_engine_rand.c(124): Seeding PRNG with 144 bytes of
> entropy
> [Wed Jun 07 11:54:28.886985 2017] [ssl:trace4] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(1489): [remote 54.230.144.17:443]
> coalesce: have 0 bytes, adding 776 more
> [Wed Jun 07 11:54:28.886993 2017] [ssl:trace4] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(1551): [remote 54.230.144.17:443]
> coalesce: passing on 545 bytes
> [Wed Jun 07 11:54:28.887001 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(1086): [remote 54.230.144.17:443] SNI
> extension for SSL Proxy request set to 'Internal-site.test.com'
> [Wed Jun 07 11:54:28.887011 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1788): [remote 54.230.144.17:443]
> OpenSSL: Handshake: start
> [Wed Jun 07 11:54:28.887022 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1797): [remote 54.230.144.17:443]
> OpenSSL: Loop: before/connect initialization
> [Wed Jun 07 11:54:28.887040 2017] [ssl:trace4] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(2050): [remote 54.230.144.17:443]
> OpenSSL: write 277/277 bytes to BIO#7fd04400ad80 [mem: 7fd044021b10] (BIO
> dump follows)
>
> [Wed Jun 07 11:54:28.887149 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1797): [remote 54.230.144.17:443]
> OpenSSL: Loop: SSLv2/v3 write client hello A
> [Wed Jun 07 11:54:28.887154 2017] [core:trace6] [pid 9177:tid
> 140532624602880] core_filters.c(527): [remote 54.230.144.17:443]
> core_output_filter: flushing because of FLUSH bucket
> [Wed Jun 07 11:54:29.024967 2017] [ssl:trace4] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(2050): [remote 54.230.144.17:443]
> OpenSSL: read 7/7 bytes from BIO#7fd044019290 [mem: 7fd00c024be0] (BIO dump
> follows)
>
> [Wed Jun 07 11:54:29.165225 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1797): [remote 54.230.144.17:443]
> OpenSSL: Loop: SSLv3 read finished A
> [Wed Jun 07 11:54:29.165239 2017] [ssl:trace3] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1792): [remote 54.230.144.17:443]
> OpenSSL: Handshake: done
> [Wed Jun 07 11:54:29.165269 2017] [ssl:debug] [pid 9177:tid
> 140532624602880] ssl_engine_kernel.c(1841): [remote 54.230.144.17:443]
> AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128
> bits)
> [Wed Jun 07 11:54:29.165288 2017] [ssl:trace4] [pid 9177:tid
> 140532624602880] ssl_engine_io.c(2050): [remote 54.230.144.17:443]
> OpenSSL: write 574/574 bytes to BIO#7fd04400ad80 [mem: 7fd00c02cd33] (BIO
> dump follows)
>
> [Wed Jun 07 11:54:29.302044 2017] [proxy_http:trace3] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1424): [client 10.0.0.1:19478] Status
> from backend: 403
> [Wed Jun 07 11:54:29.302056 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1099): [client 10.0.0.1:19478] Headers
> received from backend:
> [Wed Jun 07 11:54:29.302063 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478] Server:
> CloudFront
> [Wed Jun 07 11:54:29.302068 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478] Date:
> Tue, 06 Jun 2017 23:54:29 GMT
> [Wed Jun 07 11:54:29.302075 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478]
> Content-Type: text/html
> [Wed Jun 07 11:54:29.302078 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478]
> Content-Length: 555
> [Wed Jun 07 11:54:29.302082 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478]
> Connection: close
> [Wed Jun 07 11:54:29.302085 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478] X-Cache:
> Error from cloudfront
> [Wed Jun 07 11:54:29.302089 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478] Via: 1.1
> 515297ac55a7ae01bf8c7d03df4fecb1.cloudfront.net (CloudFront)
> [Wed Jun 07 11:54:29.302092 2017] [proxy_http:trace4] [pid 9177:tid
> 140532624602880] mod_proxy_http.c(1101): [client 10.0.0.1:19478]
> X-Amz-Cf-Id: xxxxxxxx
>
>
This one is interesting: Cloudfront seems to return 403 to you. I don't see
any particular TLS related error from the logs, I'd focus on checking one
level up (HTTP :)

Luca

Mime
View raw message