[BugDB] Problems with name resolving with mod_ssl (PR#147)

Thu, 1 Apr 1999 05:08:10 -0500 

Full_Name: Naresh Sharma
Version: mod_ssl-2.2.3-1.3.4
OS: Linux 2.0.34 / 2.2.3
Submission from: ns01.chello.nl (195.75.224.130)


The original problem is described below. I tried to see if it
worked without ssl and it did. From outside the network, plain old
http works fine, but any SSL enabled browser hangs and says that it 
cannot find hostname guru.mantra.firm (10.0.1.2), on my internal
network. However, ssl does work fine with normal webpages both from
outside as well as from inside the firewall. It only goes nuts when
the page requires authentication via MySQL based database and when
using php3.


The situation is like so:

               Internet

                  |                   aaa.bbb.ccc.ddd

    Linux-firewall+IPMasquerading   10.0.0.1 + ipportfw 443 from
aaa.bbb.ccc.ddd>Apache

                  |

     ---------------------------     Internal network (10.0.0.0) Prot-A

                  |

            Linux-firewall

                  |

     ---------------------------     Internal network (10.0.1.0) Prot-B

     |           |             |

 ApacheSSL     MySQL    ClientDB (PostgreSQL)

 port 443

I have only one legal IP address which is aaa.bbb.ccc.ddd and a huge
network hierarchy behind it. Every thing works great from all hosts in
the Prot-A and Prot-B networks. The Apache-mod_ssl, php3, mysql all
work great and can serve all documents to both Prot-A and Prot-B
networks. Now the outer firewall is configured to forward port 443 to
the Apache. This works ok too so long as normal pages are served. The
moment a PHP based script is fired for authentication via the MySQL
user database, any client(netscape) from the Internet gets a message
that it cannot find the host for MySQL. Well in my opinion, its not
supposed to find that from the client, but the server should be able
to access the MySQL since it does it beautifully from within the
firewall.

In the ApacheSSL httpd.conf I have added the line:

<IfModule mod_proxy.c>
ProxyRequests On
NoProxy       10.0.*.*
</IfModule>

It still does not work. I get a message from the apache logs saying
that Proxy has been loaded (msg 305), but thats about all. The client
just hangs.



______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to