[users@httpd] Apache 2.4 forward Proxy Configuration Issue

Tapas Mishra Wed, 15 Feb 2017 04:00:02 -0800

Hi all,

I am trying to configure a Apache forward proxy with SSL. But I am not able
to connect external host using the proxy. Below is my virtual host
configuration.


Listen 10.157.131.196:12149
<VirtualHost 10.157.131.196:12149>
  ServerName ech-10-157-131-196.test.com
  SSLEngine On
  SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
  SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key

  ProxyVia On
  ProxyRequests On
  SSLProxyEngine On
  RewriteEngine On

  RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
  RewriteRule .* - [F]
</VirtualHost>

*Scenario 1:* Using Curl try to access https://www.goole.com

curl  -v --proxy 10.157.131.196:12149 https://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 
> Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted

*Seenario 2:* Using Curl try to access http://www.google.com

curl  -v --proxy 10.157.131.196:12149 http://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 
> Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Date: Wed, 15 Feb 2017 10:03:52 GMT
< Server: Apache
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Closing connection #0

But when I am disabling SSL in the virtual host and trying to connect
outbound http it's working.

Virtual host Configuration:

Listen 10.157.131.196:12149
<VirtualHost 10.157.131.196:12149>
  ServerName ech-10-157-131-196.test.com
  #SSLEngine On
  #SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
  #SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key

  ProxyVia On
  ProxyRequests On
  #SSLProxyEngine On
  RewriteEngine On

  RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
  RewriteRule .* - [F]
</VirtualHost>

*Scenario 1:* Using Curl try to access https://www.goole.com

curl  -v --proxy 10.157.131.196:12149 https://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 
> Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 15 Feb 2017 10:13:15 GMT
< Server: Apache
< Content-Length: 546
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
* Received HTTP code 500 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 500 from proxy after CONNECT

*Seenario 2:* Using Curl try to access http://www.google.com

curl  -v --proxy 10.157.131.196:12149 http://www.google.com
* About to connect() to proxy 10.157.131.196 port 12149 (#0)
*   Trying 10.157.131.196... connected
* Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 
> Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Date: Wed, 15 Feb 2017 10:14:20 GMT
< Server: Apache
< Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw==
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Content-Length: 660
< Via: 1.1 ech-10-157-131-196.test.com
<
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Hel

Regards,
Tapas Mishra
7769092465

[users@httpd] Apache 2.4 forward Proxy Configuration Issue

Reply via email to