Re: [users@httpd] 403 Forbidden error with rewrite [P] flag

Wed, 21 Feb 2007 02:55:31 -0800 

Hi there,
I didn't use AllowCONNECT. The problem was that I loaded the module with "a2enmod" and the default configuration is "deny from all". Anyway, it works now but, the address at the top changes to the redirected address... Shouldn' it always keep the original address? This is a problem, because in the future only the original IP address will be "external". 

Thank you for your time.

Bruno Teixeira

Chirouze Olivier wrote:

Hi,

I already had this but can't manage to find back the solution.

I have two clues, thought:

- you should have ProxyRequests Off to both of your virtualhosts (or at
least, the first one).
- I guess you did, but just in case, did you load module
"proxy_http_module"?

Last thing, I've recently found directive "AllowCONNECT", haven't had
time to play with it, but that might be useful. (Might also need
mod_proxy_connect).

Please tell us if one of these helped!

Olivier

Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology

 


-----Original Message-----

From: Bruno Teixeira [mailto:[EMAIL PROTECTED] 
Sent: 16 February 2007 13:17

To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] 403 Forbidden error with rewrite [P] flag

Hi there,

I've been browsing the web for a solution to my problem, but all I can
find are similar problems, no solutions...

I am using a rewrite rule to rewrite "http://192.168.2.251/secure";
requests to "https://192.168.2.198/";. This works fine, but I don't the

user to see the "198 IP", but to always the "251". To 
accomplish this, I
thought I only had to add a "P flag" to the rewrite rule, but 
when I do

so, I get a "403 Forbidden error". I have the proxy module loaded!

I would really appreciate some input. Thank you for your time.

I get this on the error log:


[Fri Feb 16 11:13:14 2007] [error] [client 192.168.2.251] 
client denied

by server configuration: proxy:https://192.168.2.198

and this on the rewrite log:

192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]

[192.168.2.251/sid#8162818][rid#82a2440/initial] (2) init 
rewrite engine

with requested uri /secure
192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]

[192.168.2.251/sid#8162818][rid#82a2440/initial] (2) rewrite 
/secure ->

https://192.168.2.198
192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]
[192.168.2.251/sid#8162818][rid#82a2440/initial] (2) forcing
proxy-throughput with https://192.168.2.198
192.168.2.251 - - [16/Feb/2007:11:16:04 +0000]

[192.168.2.251/sid#8162818][rid#82a2440/initial] (1) go-ahead 
with proxy

request proxy:https://192.168.2.198 [OK]


Here are both of the Virtual hosts:

<VirtualHost 192.168.2.251:80>
        ServerAdmin [EMAIL PROTECTED]
        ServerName 192.168.2.251
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # Uncomment this directive is you want to see apache2's

		# default start page (in /apache2-default) when 
you go to /

                RedirectMatch ^/$ /site
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log


	# Possible values include: debug, info, notice, warn, 
error, crit,

        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

        RewriteEngine   on
        RewriteCond     %{SERVER_PORT} ^80$
        RewriteRule     ^/secure(.*)$ https://192.168.2.198$1 [L]

#	RewriteRule     ^/secure(.*)$ https://192.168.2.198$1 
[L,P] this rule

gives the error
        RewriteLog      "/var/log/apache2/rewrite.log"
        RewriteLogLevel 2

     Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     </Directory>
</VirtualHost>


<VirtualHost 192.168.2.198:443>
         ServerAdmin [EMAIL PROTECTED]
         ServerName 192.168.2.198

         SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/198.crt
        SSLCertificateKeyFile /etc/apache2/ssl/198.key


         DocumentRoot /var/www
         <Directory />
                 Options FollowSymLinks
                 AllowOverride None
         </Directory>
         <Directory /var/www/>
                 Options FollowSymLinks MultiViews
                 AllowOverride None
                 Order allow,deny
                 allow from all
                 RedirectMatch ^/$ /site
         </Directory>

         ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
         <Directory "/usr/lib/cgi-bin">
                 AllowOverride None
                 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                 Order allow,deny
                 Allow from all
         </Directory>

         ErrorLog /var/log/apache2/error.log


         # Possible values include: debug, info, notice, 
warn, error, crit,

         # alert, emerg.
         LogLevel warn

         CustomLog /var/log/apache2/access.log combined
         ServerSignature On

     Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     </Directory>

</VirtualHost>


Bruno Teixeira




---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP 
Server Project.

See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to