Dear all,
I'm reverse proxying requests on Apache/2.4.18 (stock version on Ubuntu
16.04) via SSL to an application running on IIS 7.0. Somehow, despite
ProxyPreserveHost, IIS app manages to sniff IP-address 10.1.2.3
specified in ProxyPass (see below) and breaks. If I replace 10.1.2.3
with myapp.com and put "10.1.2.3 myapp.com" in /etc/hosts everything
works (but I don't like the solution).
Because of SSL the problem is somewhat hard to debug, can't just packet
trace. I tried to replace IIS application with CGI script on different
Apache, without SSL, and found that ProxyPreserveHost is not ignored
(environment variable SERVER_NAME set correctly to myapp.com). I guess
for SSL the ProxyPreserveHost is implemented partially, i.e. for Host
header but not for SNI. Any ideas on how to investigate?
Here's the complete virtualhost configuration:
---
<VirtualHost *:443>
ServerName myapp.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/myapp.pem
SSLCertificateKeyFile /etc/ssl/private/myapp.key
SSLProxyEngine on
SSLProxyProtocol all
SSLProxyCipherSuite ALL
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location />
ProxyPreserveHost on
ProxyPass https://10.1.2.3/ connectiontimeout=300 timeout=300
ProxyPassReverse /
ProxyPassReverseCookieDomain myapp.com 10.1.2.3
</Location>
</VirtualHost>
---
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
