httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gund Wehsling <>
Subject RE: [users@httpd] ProxyPass and Internal URLs
Date Fri, 08 May 2009 04:32:26 GMT

Thanks for the quick response.

It sounds like your ProxyPassReverse failed to do the right thing, and
a redirect leaked out. I assume for most users, ""
in the browser would be game over.

Yes, is not routable or resolvable unless you are on the LAN, it is an
independent and random address and domain. The browser trying to get there results in the

I assume you have NameVirtualHost (your symptom doesn't
match this error, but it's a common error)

Can you paste apache2ctl (or apachectl/httpd) -S ?

I am using SMEServer 7.4 distro and there is no apachectl on the volume. The output of httpd
-S is here:

[root@server11 /]# /usr/sbin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost (/etc/httpd/conf/httpd.conf:591)
         port 443 namevhost (/etc/httpd/conf/httpd.conf:701)
         port 443 namevhost (/etc/httpd/conf/httpd.conf:799)
         port 443 namevhost (/etc/httpd/conf/httpd.conf:1103)
         port 443 namevhost (/etc/httpd/conf/httpd.conf:1120)
*:80                   is a NameVirtualHost
         default server (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost (/etc/httpd/conf/httpd.conf:532)
         port 80 namevhost (/etc/httpd/conf/httpd.conf:654)
         port 80 namevhost (/etc/httpd/conf/httpd.conf:752)
         port 80 namevhost (/etc/httpd/conf/httpd.conf:1097)
         port 80 namevhost (/etc/httpd/conf/httpd.conf:1114)
Syntax OK
[root@server11 /]#

As you can see, I have everything on a private LAN and I enjoy the security benefits of reverse
proxy. The publicaddress1 and publicaddress2 are both domains I own. Everything resolves to
a fixed address I own and I use the Apache server to send the incoming requets to either an
Exchange box (host1) or another SMEServer (host2), depending on the FQDN. Everything works
except OSCommerce on another SMEServer 7.4 (host2).

OSCommerce requires that from the web the users and administrator can 'see' FQDN/oscommerce
and FQDN/oscommerce/admin. I was hoping that PROXYPASS would allow everything from / to be
proxy'd out, but looking at how Exchange is reverse proxy'd (each virtual directory is explicitly
detailed), I added a few lines into the PROXYPASS statement to explicitly handle /oscommerce
and /oscommerce/admin as well as / and it works!

I am not sure if this is a short comming of reverse proxy HTTPS (because it works fine in
HTTP for any non-explicit virtual directory), or I have misread or misinterpreted the documentation.

I am okay with it as it is now, because ultimately, this means only explicit redirects work,
which is a security feature for me, but perhaps somebody else wants to make this work if it
is indeed a problem with code.

For reference, I did have to enable SSL proxy:

SSLProxyEngine on

before any of the PROXYPASS stuff would work in HTTPS.

Many thanks for all your help, I am very happy with the product and most definitely the support.

I am also happy this is resolved, unless somebody else is concerned that each Virtual Directoy
needs to be explicit.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message