www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Liz Helmeke <helme...@us.ibm.com>
Subject mod_proxy/4233: Reverse proxy of SSL requests fails with " @" 403
Date Mon, 12 Apr 1999 17:38:59 GMT

>Number:         4233
>Category:       mod_proxy
>Synopsis:       Reverse proxy of SSL requests fails with " @" 403
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Apr 12 10:40:04 PDT 1999
>Last-Modified:
>Originator:     helmekel@us.ibm.com
>Organization:
apache
>Release:        1.3.4-dev
>Environment:
AIX 4.3.2, ibm xlc compiler 3.6.4, Apache 1.3.4-dev
>Description:
Using ProxyPass and ProxyPassReverse with IP-based Virtual Hosts works fine for
HTTP requests, but all HTTPS requests fail with " @" 403 in Apache access_log.
Does Apache support reverse proxy of SSL requests?  I have searched extensively 
the documentation, Web, and USENET news groups, but cannot find any examples on 
how to accomplish this.

We have ifconfig aliases on the real server for the Virtual Host IP addresses 
and are using the following VirtualHost containers:

#This one works fine!
<VirtualHost 1.2.3.4>
ServerName wwwa.server.dom
ProxyPass           /    http://wwwa.server.dom/
ProxyPassReverse    /    http://wwwa.server.dom/
</VirtualHost>

#The next two fail with " @" 403 in access_log.
#Requests are never sent to the remote server.
<VirtualHost 1.2.3.5:443/
ServerName wwwb.server.dom
ProxyPass           /    https://wwwb.server.dom/
ProxyPassReverse    /    https://wwwb.server.dom/
</VirtualHost>

#wwwb.server.dom is also listening on port 80 for SSL requests, so
#we also need:
<VirtualHost 1.2.3.5:80>
ServerName wwwb.server.dom
ProxyPass           /    https://wwwb.server.dom:80/
ProxyPassReverse    /    https://wwwb.server.dom:80/
</VirtualHost>

The IP addresses for wwwa and wwwb are actually the real and aliased addresses
of a single internal server.  Of course, accessing the internal servers 
directly works successfully (not through the proxy).  
>How-To-Repeat:
Set up VirtualHost container for an internal SSL server as given above.
>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message