httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Lindner <mailingli...@xgm.de>
Subject Re: [users@httpd] Problem setting up SSL Proxy
Date Fri, 06 Aug 2010 20:10:20 GMT
Am Freitag 06 August 2010, 21:48:15 schrieb Joost de Heer:
> On 08/06/2010 09:16 PM, Florian Lindner wrote:
> > Hello!
> > 
> > I want to set up an local ssl proxy. I have an certificate for
> > *.centershock.net and want domains like xgm.de to be accessible with SSL.
> 
> You do realise that only the connection to the reverse proxy is encrypted?
> The connection from the proxy to the source server is still unencrypted.

Yes. Both hosts are always on the same machine and have the same IP.

> > I added an rewrite entry to my SSL virtual host:
> >          RewriteEngine On
> >          RewriteLog      /var/log/apache2/sslproxy.log
> >          RewriteLogLevel 6
> >          
> >          RewriteMap   domains      txt:/etc/apache2/sslproxy.map
> >          
> >          RewriteCond  %{HTTP_HOST} ^(.*-.*)\..*\..* [NC]
> >          RewriteRule  ^(.+)$       http://${domains:%1}$1 [P,L]
> > 
> > The sslproxy.map:
> > 	xgm-de     xgm.de
> 
> Looks fine
> 
> >          ProxyRequests On
> 
> You have a reverse proxy, don't turn proxyrequests on.

Ok, I set it to Off.

> 
> >          <Proxy *>
> >          
> >                  AddDefaultCharset off
> >                  Order deny,allow
> >                  Deny from all
> >                  Allow from centershock.net
> >          
> >          </Proxy>
> 
> Does the IP address of the client have a PTR record?

Yes, points to shiva.centershock.net

> > Now I expect that I can access http://xgm.de/forum/ from
> > https://xgm.centershock.net/forum/ but all I get is a 403 error
> > everywhere.
> 
> > The RewriteLog looks fine:
> And what does the errorlog say?

Ok, it is a permissions problem: client denied by server configuration:

Setting "Allow from all" makes it work. Clearly not an permanent option, is 
it?
The proxy should work for any request from any client that matches the rules.

Thanks,

Florian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message