if youre doing a reverse proxy you probably shouldnt have ProxyRequests On
Sebastian Reitenbach wrote:
Hi,
I have an apache listening for SSL connections on port 443 behind a NAT
firewall in the DMZ. Connections for one virtual host shall be reverse proxied
to another host in the same DMZ, but it seems that I am unable to get it to
work, for me it seems I must have missed sth. obvious.
I tried this with mod_proxy:
SSLProxyEngine On
ProxyRequests On
AllowCONNECT 443
ProxyPass / https://10.0.0.2/
ProxyPassReverse / https://10.0.0.2/
then I receive the following error messages at the proxy:
[Wed May 17 17:07:18 2006] [error] SSL Proxy requested for
webgis.rapideye.de:80 but not enabled [Hint: SSLProxyEngine]
[Wed May 17 17:07:18 2006] [error] proxy: failed to enable ssl support for
10.0.0.2:443 (0.0.0.2)
[Wed May 17 17:07:19 2006] [notice] child pid 28242 exit signal Segmentation
fault (11)
because of the segmentation fault, I am not sure, whether it shall work that
way or not, but I doubt it.
with the SSLProxyEngine enabled:
SSLProxyEngine On
ProxyRequests On
AllowCONNECT 443
ProxyPass / https://10.0.0.2/
ProxyPassReverse / https://10.0.0.2/
I have this message in the error_log of the proxy:
[Wed May 17 17:09:55 2006] [error] (20014)Error string not specified yet:
proxy: request failed to 10.10.10.2:443 (10.0.0.2)
[Wed May 17 17:09:55 2006] [error] proxy: HTTP: previous connection is closed
[Wed May 17 17:09:55 2006] [error] (20014)Error string not specified yet:
proxy: request failed to 10.0.0.2:443 (10.0.0.2)
and this in the error_log of the apache behind the proxy:
[Wed May 17 19:07:17 2006] [error] [client 10.0.0.3] Invalid method in request
\x80|\x01\x03\x01
[Wed May 17 19:07:17 2006] [error] [client 10.0.0.3] Invalid method in request
\x80|\x01\x03\x01
with only these in the virtual host of the proxy, it is working, but only
without HTTPS
ProxyPass / http://10.0.0.2/
ProxyPassReverse / http://10.0.0.2/
Is there any way to access an HTTPS server behind a apache HTTPS proxy?
kind regards
Sebastian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]