On Mon, 2004-01-12 at 17:55, Stas Bekman wrote: > Rafael Caceres wrote: > > I'm setting up a HTTP/HTPPS reverse proxy server with apache on my DMZ. > > The proxy will access an internal server (insidelan.server.com) to > > provide content to outside users. > > I've attempted using mod_proxy: > > <VirtualHost 1.2.3.4:80> > > ServerName insidelan.server.com > > ProxyPass / http://insidelan.server.com/ > > ProxyPassReverse / http://insidelan.server.com/ > > </Virtualhost> > > > > and using mod_rewrite: > > <VirtualHost 1.2.3.4:443> > > ServerName insidelan.server.com > > RewriteRule /(.*)$ http://insidelan.server.com/$1 [P] > > </VirtualHost> > > Don't you miss: > > ProxyPassReverse / http://insidelan.server.com/ > > in the mod_rewrite case if you want it to be equivalent to the mod_proxy vhost > setup? [P] does only the 'ProxyPass / http://insidelan.server.com/' part. > You're right. Fact is we exercised the HTTPS part only when using the login windows, which inmediately redirected to /index using HTTP.
Is there a way to make sure that people coming through the DMZ can only see a subset of the site (say, an /extranet branch)? > > Everything seems to work fine (including the HTTPS proxy, cookies, etc., > > etc.), except that I'm getting: > > Proxy Error > > The proxy server received an invalid response from an upstream server > > The proxy server could not handle the requet GET /perl/program.pl > > Reason: Document contains no data > > > > The very same URL: http://insidelan.server.com/perl/program.pl (that > > runs under Apache::Registry) works just fine when used from inside the > > LAN (that is, directly). > > > > I also copied program.pl to the cgi-bin directory (to run it as a > > standard CGI), and called the resulting URL: > > http://insidelan.server.com/cgi-bin/program.pl and what comes up is the > > text of the generated HTML page. > > Strangely enough, some other perl scripts (in cgi-bin or perl) work fine > > through the proxy. > > > > What's the global difference between working and non-working scripts (e.g. are > all non-working are processing GET requests?). > I found that the difference could be attributed to /cgi-bin having PerlSendHeader Off and /perl having PerlSendHeader On. The scripts using Template Toolkit (and not having an print $query->header (or similar) did not show up when viewed through the proxy. The quick fix was adding the print $query-header to scripts using Template Toolkit. What still puzzles me, is that they work when viewed directly and through a standard Squid proxy, and what to do if I ever need to set cookies that can depend on template work. Rafael Caceres -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html