Hi,
It still does not work.
I still get "Invalid method in request F" at the proxy's log.
Perhaps it is still not clear enough what I like
to do so I explain it in other words:
I have the following configuration of hosts and requests:
Client-Host/Browser(Netscape4.7) requests https://proxy/html_root/
and I have nothing setup in the netscape proxy preferences (Direct
connection to the internet).
The proxy-server(firewall) does not know mod-ssl but mod-proxy and
should pass all requests to the internal web-server.
The internal web-server has mod-ssl and installed.
With the following http.conf at the proxy-server:
<VirtualHost proxy_name:443>
ProxyVia Block
ProxyRequests Off
ProxyPass /html_root/ https://my_server/html_root
ProxyPassReverse /html_root/ https://my_server/html_root
</VirtualHost>
and https://proxy/html_root/ as browser URL I get in the proxy server log the message:
Invalid method in request F
which indicates that https is spoken on port 443 which is not understood (clear,
because the proxy does not know about ssl).
When I use
<VirtualHost proxy_name:443>
ProxyVia Block
ProxyRequests Off
ProxyPass /html_root/ http://my_server/html_root
ProxyPassReverse /html_root/ http://my_server/html_root
</VirtualHost>
(changed https to http) and the URL: http://proxy:443/html_root/ it works
fine: the request is passed to my_server.
What I do not understand is why are in the first configuration the requests
not passed by the proxy to the internal server. That's what I expected
regarding the statement of Ralf Engelschall according to the CONNECT
method.
Using an additional
AllowCONNECT 443
does not help (ok, because it is anyway the default). Also using the
NameVirtualHost,ServerName,ServerAlias statements does not change
the behaviour.
What makes me crazy is that reading all the help and docs and
archives does indicate that it is just trivial to do the setup and it
should just work out "naturally" and after trying and
trying I can't get it to work. It is exasperating.
How can I get a request like https://proxy/html_root/ passed from
a NON-ssl proxy to a mod-ssl internal server?
It is kind of painful to ask the question over and over again but I have
still hope that someone could show me what I have missed.
Thanx,
Oli
[EMAIL PROTECTED] wrote:
> Hi,
>
> I believed all that you need are the following directives:
>
> ...
> ProxyVia Block #
> removes Via: headers (not necessary) to hide that the request was proxied
> ProxyRequests Off #
> do not work as proxy server but just retrieve and forward the requested
> URLs
> ProxyPass /html_root https://my_server/html_root # tree substitution
> ProxyPassReverse /html_root https://my_server/html_root # adjust the URL in
>the Location header on HTTP redirect responses
> (useful some times)
> ...
>
> Rossen
>
--
____________________________________________
Oliver Heil
Deutsches Krebsforschungszentrum DKFZ
Molekulare Genomanalyse (H0600)
Im Neuenheimer Feld 506
69120 Heidelberg
Germany
Tel. +49 6221 / 42 4701
Fax +49 6221 / 42 4704
Email [EMAIL PROTECTED]
____________________________________________
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.1i
mQGiBDgUYPYRBADU3koMZwVCtF+5gOa+jvc1Ee5qGjARaTB7jfRp+FoexUKDRUxr
5pXgR37eahJiE0aIcanz7mhuzIgkTbJA9UoihrCBXTQlxjs7207H3/Uye5M5CvDy
nlK8FPfjjxuVV30riBqWutoWGp/qxfG8/7ItayAetxp/LdZLkt/GcJG99wCg/z+t
Tnu4wJnYdeP64G65jY/Aj98EAJlVror6GmSfj2UL2qS5YhLPNMFfz6RIFRtb7PMA
FP8viIs58/WiBhRCa+kJFBPcsCiELBjQjzjkwGQFqAsfoXqN32yWerDkqABqc9rZ
a981L5kPieo+5coRdkm14IYxRsiSyCq6cz5UKrcjUzU9OPLcnjRu8iN0Hmq9/Gdf
CiEJA/44rTf9/Tfb5IWLF2TZSv6ZaYrjyThJ1IV7l1G9J7JtmLHO3H0ifumied/k
GlLtXL9VRHHftq3VFlaQNgzzVLwlMQPAD8IHJ1UAivwQ8HsQ7tVE8utHVOw/BjXv
t1AbXL2Obkp6SMqv8ce4OHtRnN/ce9MjYQpuoyvPGFMlU9v2ebQnT2xpdmVyIEhl
aWwgPG8uaGVpbEBka2Z6LWhlaWRlbGJlcmcuZGU+iQBMBBARAgAMBQI4FGD2AgsB
AhkBAAoJEA39eR4I2AaMTooAnRLEIVCbVpCU+rPG3G3ZsOetG+KTAKC0d6UY13rI
RuUbDzdDL9USQCOy3LkCDQQ4FGD2EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAsFh5
H8ybAtfElTLHNAniEShIOE6SITzsygtTCQCFv1GHRqFupc0S277ZzRvzhTzEUpFf
MgPh4B7QqVi3hAnQeUwdnR2YrjkSHMsE7AubhrMWdO+lujfpKAaH+GnkGWHHn3Ic
0XVVNF/OCnyQY9X3YmGXgv4UjwNS+S8TOm2vzbKpvQjs+Nq2D+IdhjEFl+/STk6b
Yh84YzLHWvF6YYnFCcsIhDluee/8Gv8Ja1N+Emh0D6yTqQUqYCImO+7tSNXEcbVh
YT/81t5BQdgndlhc38oOd8nDEhu3lfNvn6UvbDvawYa0ejCUyriOPL2pz6nR2Ckf
Ko8CGvv4t69Md0crnYkARgQYEQIABgUCOBRg9gAKCRAN/XkeCNgGjJEHAJ9R0uOc
swumsNZZiJnZufPMU3XnyQCfaQkIeIM6Nn4CkX+qkqqCp3DdcBg=
=xWz7
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN ECHELON LOAD BLOCK-----
jihad drugs bombing heroin arms million israel hussein assassin
clinton dollar coke world domination patent invest smuggle
pgp strong encryption decryption prime number segmentation
invention plot strike surveillance cryptography gore
fbi cia nsa mossad terrorism revolution force waco
-----END ECHELON LOAD BLOCK-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
