Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
Why are you calling it _forward_ proxy if it's only going to connect to one service? Your problem can easily be solved with _reverse_ proxy. -- With Best Regards, Marat Khalili On 28/02/17 02:16, Daniel Frank wrote: All, I am trying to set Apache up as a forward proxy to help solve an issue that we have where an HTTP Client in our application does not support TLS 1.2 but an API that we need to consume only supports TLS 1.2. What I am attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but allow my internal client to talk to the proxy over HTTP. I had it in my head that this was what a forward proxy was going to give me so after having set up a forward proxy and configuring my application to use it I was surprised to see that I was getting exactly the same behavior that I was getting when I had no proxy configured (failure of my internal client to speak TLS 1.2). So my question is; can Apache be configured as a FORWARD proxy to speak HTTP with the caller but HTTPS to the callee? I have spent a lot of time searching and I did check the mailing list archives but it's entirely possible that I just dont even know what to search for to get a good answer so if this is a dumb question I sincerely apologize for wasting the groups time. Thanks in advance for any help. -Dan
Re: [users@httpd] download stops at 1kB
Hi, vps = virtual private server. It's virtualized at some level. cheers, Erich On 27.02.2017 21:28, Oscar Knorn wrote: > Hi Eric, can you please tell me, what vps means? > > Cheers, > Oscar > > > Am 27.02.2017 um 20:21 schrieb Erich Eckner: >> Hi, >> >> I have a strange problem: >> I'm running an apache server (Apache/2.2.22 under Debian) with several >> vhosts, one of which is hosted at crux.eckner.net, on a vps. >> The index document "http://crux.eckner.net/index.html"; stops >> transferring after 1kB (exactly 1024 Bytes are shown if I do 'curl >> http://crux.eckner.net/index.html', firefox also hangs at the respective >> position). index.html is a local file and I deactivated all >> dynamic-content-stuff (e.g. php). If I wait long enough, I get a timeout: >> the client says: "curl: (56) Recv failure: Connection reset by peer", >> the server logs nothing. >> >> The strange part is, that each of the following work fine: >> - Downloading via https, e.g. https://crux.eckner.net/index.html >> - Downloading the same file with same size, but replaced content, works >> fine - e.g. 'head -c 14052 /dev/urandom | base64 -w0 > index.html', then >> 'curl http://crux.eckner.net/index.html' >> >> I'm somewhat out of Ideas where to look next :-( >> Any hints are apreciated. >> >> Cheers, >> Erich >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
All, I am trying to set Apache up as a forward proxy to help solve an issue that we have where an HTTP Client in our application does not support TLS 1.2 but an API that we need to consume only supports TLS 1.2. What I am attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but allow my internal client to talk to the proxy over HTTP. I had it in my head that this was what a forward proxy was going to give me so after having set up a forward proxy and configuring my application to use it I was surprised to see that I was getting exactly the same behavior that I was getting when I had no proxy configured (failure of my internal client to speak TLS 1.2). So my question is; can Apache be configured as a FORWARD proxy to speak HTTP with the caller but HTTPS to the callee? I have spent a lot of time searching and I did check the mailing list archives but it's entirely possible that I just dont even know what to search for to get a good answer so if this is a dumb question I sincerely apologize for wasting the groups time. Thanks in advance for any help. -Dan
[users@httpd] Problem with mod_jk and apache 2.4.25 not working on tomcat 8.5.11
Hello, I'm trying to configure an apache 2.4.25 on oel 6.8 OS this server will be use has a front for proxy redirection for an tomcat 8.5.11. Both are on the same host, every time i try to access the apps on tomcat from the webpage i get a 404 error. my version of the mod_jk module is: tomcat-connectors-1.2.42 i in the mod_jk_log that the module is initiate and load. I even try to use the mod_proxy and mod_proxy_ajp module instead but it's seem that the mod_proxy_ajp is not able to load itself even if it's include in the httpd.conf file. if you can help me make any of them to work i would be happy ! The configuration was working well on apache 2.2.37 with tomcat 7.x and mod_jk module but we are trying to migrate to the newest version with no luck. Hope someone can help me Stephane L.
Re: [users@httpd] download stops at 1kB
Hi Eric, can you please tell me, what vps means? Cheers, Oscar Am 27.02.2017 um 20:21 schrieb Erich Eckner: Hi, I have a strange problem: I'm running an apache server (Apache/2.2.22 under Debian) with several vhosts, one of which is hosted at crux.eckner.net, on a vps. The index document "http://crux.eckner.net/index.html"; stops transferring after 1kB (exactly 1024 Bytes are shown if I do 'curl http://crux.eckner.net/index.html', firefox also hangs at the respective position). index.html is a local file and I deactivated all dynamic-content-stuff (e.g. php). If I wait long enough, I get a timeout: the client says: "curl: (56) Recv failure: Connection reset by peer", the server logs nothing. The strange part is, that each of the following work fine: - Downloading via https, e.g. https://crux.eckner.net/index.html - Downloading the same file with same size, but replaced content, works fine - e.g. 'head -c 14052 /dev/urandom | base64 -w0 > index.html', then 'curl http://crux.eckner.net/index.html' I'm somewhat out of Ideas where to look next :-( Any hints are apreciated. Cheers, Erich - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] download stops at 1kB
Hi, I have a strange problem: I'm running an apache server (Apache/2.2.22 under Debian) with several vhosts, one of which is hosted at crux.eckner.net, on a vps. The index document "http://crux.eckner.net/index.html"; stops transferring after 1kB (exactly 1024 Bytes are shown if I do 'curl http://crux.eckner.net/index.html', firefox also hangs at the respective position). index.html is a local file and I deactivated all dynamic-content-stuff (e.g. php). If I wait long enough, I get a timeout: the client says: "curl: (56) Recv failure: Connection reset by peer", the server logs nothing. The strange part is, that each of the following work fine: - Downloading via https, e.g. https://crux.eckner.net/index.html - Downloading the same file with same size, but replaced content, works fine - e.g. 'head -c 14052 /dev/urandom | base64 -w0 > index.html', then 'curl http://crux.eckner.net/index.html' I'm somewhat out of Ideas where to look next :-( Any hints are apreciated. Cheers, Erich - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] ModSecurity and custom headers
Hi all, How can I add a custom header using the 'msg' value from a ModSecurity rule, for all rules triggered? I'm basically trying to track the ModSec block reason at an edge point (Varnish) based on Apache's response. For example, I would like: SecRule REQUEST_URI "/modsectest" "log,deny,status:406,phase:1,t:none,id:9084310,msg:'ModSec Log Test'" To add a 'X-ModSec-Block' response header with the value 'ModSec Log Test' in this case. I understand this might be better suited with setenv + mod_headers due to blocks being done at different phases, and found http://serverfault.com/questions/796088/modsecurity-creating-a-new-request-header-from-secrule which seems similar to this scenario, just that it's not quite working out for me. Any help is greatly appreciated! Andrei
Re: [users@httpd] mod_lua and subprocess_env
On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov
wrote:
> On Feb 24, 2017 22:54, "Yann Ylavic" wrote:
>
> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov
> wrote:
> >
> > I've managed to apply your patch and rebuild Apache and now I have:
> > Header set Client-IP "expr=%{REMOTE_ADDR}"
> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>
> Could you please add:
> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
> PeerExtList('2.5.29.17')"
> ?
>
> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
> precedence.
> I'll try on my side, but you may beat me to it since you have the
> environment...
>
>
> Ugh, it's my work environment, I'll be able to access it only on Monday.
>
>
Tried now, I've adapted your suggestion a bit as it doesn't seem correct:
Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
%{PeerExtList:2.5.29.17}"
This results in:
Expr: 'IP Address:'.159.107.78.127 -in email:,
email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
As far as I understand, it doesn't perform the concatenation properly.
I've tried
Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in
%{PeerExtList:2.5.29.17}"
But I get a parse error at startup:
Can't parse value expression : syntax error, unexpected T_ERROR, expecting
T_VAR_END or ':': Invalid character in variable name ' '
But I think mod_headers has some different way of interpreting expressions,
because this doesn't work:
Header set matched false
Header set matched true
Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
expecting T_ID or '{
[users@httpd] Apache 2.4 Mod Speling
Hello - I am trying to implement mod_speling on Apache 2.4 running on RH v4 .4.7. The idea so ignore case of the URL on the destination file system, by way of file names or directories. There are multiple sites configured in the vhosts directory, each with it's own virtual hosts file. The spelling module has been enabled in the server config file /etc/httpd/conf/httpd.conf. Inside one of the virtual host files the following has been added - CheckSpelling on CheckCaseOnly on The server has been restared but the URL's are still case sensitive. Yes I know that all incoming URL's can be rewrote to lowercase but the problem is not all URL's in the configs are in lower case - hence the need for this module. Any pointers would be much appreciated. Theo Direct Line Insurance Group plc. Registered in England & Wales No 02280426. Registered Office: Churchill Court, Westmoreland Road, Bromley, Kent, BR1 1DP This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. You should not copy, print, distribute, disclose or use any part of it. Internet e-mails are not necessarily secure. By replying to this message you give your consent to our monitoring of your email communications with us. We do not accept responsibility for changes made to this message after it was sent. We cannot accept any liability for viruses transmitted via this email once it has left our network. We will never send e-mails requesting personal or confidential information. If you ever receive such an e-mail appearing to come from us, do not reply to it, instead please contact us immediately. __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
