On Thu, Oct 7, 2010 at 1:27 PM, Michelle Konzack <linux4miche...@tamay-dogan.net> wrote: > Hello Tom Evans, > > Am 2010-10-07 10:55:59, hacktest Du folgendes herunter: >> On Thu, Oct 7, 2010 at 6:51 AM, Michelle Konzack >> <linux4miche...@tamay-dogan.net> wrote: >> > ----[ '/etc/apache2/conf.d/apache_proxy' ]------------------------------ >> > NameVirtualHost 192.168.0.69:80 >> > >> > <VirtualHost 192.168.0.69:80> >> > ServerName www.tdipmedia.net >> > ProxyPass / http://192.168.0.208:80/ >> > ProxyPassReverse / http://192.168.0.208:80/ >> > <Directory proxy:http://192.168.0.208:80/*> >> > Order deny,allow >> > Allow from all >> > </Directory> >> > </VirtualHost> >> > ------------------------------------------------------------------------ >> Your config doesn't look right to me: > > Hmmm, since my three pootle instances where confliction with Apache, I > have setup last year the following config which is working: > > ----[ '/VServer_10/APACHE_available/pootle.tdwave.net' ]---------------- > <VirtualHost 192.168.0.69:80> > ServerAdmin linux4miche...@tamay-dogan.net > ServerName pootle.tdwave.net > > ProxyPass /images ! > ProxyPass /js ! > ProxyPass /pootle.css ! > ProxyPass /favicon.ico ! > ProxyPass / http://localhost:8888/ > ProxyPassReverse / http://localhost:8888/ > <Directory proxy:http://localhost:8888/*> > Order deny,allow > Allow from all > </Directory> > > DocumentRoot /usr/share/pootle/html/ > <Directory /usr/share/pootle/html/> > Order deny,allow > Allow from all > </Directory> > > <Directory /> > Options FollowSymLinks Indexes > AllowOverride None > Order deny,allow > Allow from all > </Directory> > > # debug, info, notice, warn, error, crit, alert, emerg. > LogLevel warn > ErrorLog > /VServer_10/CONFIG_pootle.tdwave.net/log/apache/error.log > > LogFormat "%{[%Y-%m-%d %H:%M:%S %z]}t %h [%V] %l %u \"%r\" %>s > %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost > CustomLog > /VServer_10/CONFIG_pootle.tdwave.net/log/apache/access.log vhost > > ServerSignature On > </VirtualHost> > ------------------------------------------------------------------------ > > and now modified it. the only difference is, that the newServer is NOT > on <localhost> but on IP <192.168.0.208> > >> NameVirtualHost 192.168.0.69:80 >> >> This says 'When a request comes in on the socket listening on IP >> 192.168.0.69, port 80, use the Host header from the request to infer >> the virtualhost to use'. > > Right > >> <VirtualHost 192.168.0.69:80> >> ServerName www.tdipmedia.net >> >> </VirtualHost> >> >> This says: 'When a request comes in on 192.168.0.69:80, with Host >> header 'www.tdipmedia.net', use this virtualhost to serve the request' > > Right too. > >> ProxyPass / http://192.168.0.208:80/ >> ProxyPassReverse / http://192.168.0.208:80/ >> >> This says: 'Proxy / to the website on http://192.168.0.208:80/' > > Right too. > >> <Directory proxy:http://192.168.0.208:80/*> >> Order deny,allow >> Allow from all >> </Directory> >> >> This is nonsense. A <Directory> refers to a disk location, nothing >> else. If you wish to restrict who can access a reverse proxy, use a >> <Proxy> directive or a <Location> directive. > > Hmmm... > >> Well, you haven't specified anything in your config that would result >> in a redirect, you have configured a proxy. Apart from that... >> >> So there are a couple of things you can check. >> >> 1) When you connect to the webserver, are you connecting to 192.168.0.69:80 ? > > Yes, and I get: > > ----[ command 'wget -S -O /dev/null http://www.tdipmedia.net/' ]-------- > > --2010-10-07 14:26:26-- http://www.tdipmedia.net/ > Resolving www.tdipmedia.net... 88.168.69.36 > Connecting to www.tdipmedia.net|88.168.69.36|:80... connected. > HTTP request sent, awaiting response... > HTTP/1.1 403 Forbidden > Date: Thu, 07 Oct 2010 12:26:26 GMT > Content-Length: 390 > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > Content-Type: text/html; charset=iso-8859-1 > 2010-10-07 14:26:26 ERROR 403: Forbidden. > > ------------------------------------------------------------------------ > > <88.168.69.36> is my fixed PUBLIC IP address and all :80 traffic is > redirected to my DMZ on <192.168.0.69> and some of the servers should be > proxyied to Servers behind it like the <192.168.0.208>. > >> 2) What Host header are you sending to the server? Typically a browser >> will send the host portion of the URL you type in the address bar - >> does that match 'www.tdipmedia.net'? >> 3) Where are your logs? What 'does not work' - explain what you've >> tried, what the server does when you try that, and what error/info >> messages are printed in the access and error logs. > > [Thu Oct 07 14:16:45 2010] [error] [client 192.168.0.65] client denied by > server configuration: proxy:http://192.168.0.208:80/ > > Thanks, Greetings and nice Day/Evening > Michelle Konzack > > --
Can you spot the difference, or shall I point it out? :) In your working vhost, you have specified a documentroot, and have granted access to it. In your non working vhost, you haven't done either, and your <Directory> block doesn't ever get applied, thus requests are denied. Either replace your <Directory> block with an appropriate <Location> block, or give your vhost an empty document root, and change your Directory block to point at that (/var/empty is where I usually use). Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
