Hi all, I am trying to configure a Apache forward proxy with SSL. But I am not able to connect external host using the proxy. Below is my virtual host configuration.
Listen 10.157.131.196:12149 <VirtualHost 10.157.131.196:12149> ServerName ech-10-157-131-196.test.com SSLEngine On SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key ProxyVia On ProxyRequests On SSLProxyEngine On RewriteEngine On RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] RewriteRule .* - [F] </VirtualHost> *Scenario 1:* Using Curl try to access https://www.goole.com curl -v --proxy 10.157.131.196:12149 https://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 > Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Proxy-Connection: Keep-Alive > * Proxy CONNECT aborted * Closing connection #0 curl: (56) Proxy CONNECT aborted *Seenario 2:* Using Curl try to access http://www.google.com curl -v --proxy 10.157.131.196:12149 http://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 > Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 400 Bad Request < Date: Wed, 15 Feb 2017 10:03:52 GMT < Server: Apache < Content-Length: 362 < Connection: close < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /> </p> </body></html> * Closing connection #0 But when I am disabling SSL in the virtual host and trying to connect outbound http it's working. Virtual host Configuration: Listen 10.157.131.196:12149 <VirtualHost 10.157.131.196:12149> ServerName ech-10-157-131-196.test.com #SSLEngine On #SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt #SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key ProxyVia On ProxyRequests On #SSLProxyEngine On RewriteEngine On RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] RewriteRule .* - [F] </VirtualHost> *Scenario 1:* Using Curl try to access https://www.goole.com curl -v --proxy 10.157.131.196:12149 https://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 > Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Proxy-Connection: Keep-Alive > < HTTP/1.1 500 Internal Server Error < Date: Wed, 15 Feb 2017 10:13:15 GMT < Server: Apache < Content-Length: 546 < Connection: close < Content-Type: text/html; charset=iso-8859-1 < * Received HTTP code 500 from proxy after CONNECT * Closing connection #0 curl: (56) Received HTTP code 500 from proxy after CONNECT *Seenario 2:* Using Curl try to access http://www.google.com curl -v --proxy 10.157.131.196:12149 http://www.google.com * About to connect() to proxy 10.157.131.196 port 12149 (#0) * Trying 10.157.131.196... connected * Connected to 10.157.131.196 (10.157.131.196) port 12149 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 > Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 302 Found < Date: Wed, 15 Feb 2017 10:14:20 GMT < Server: Apache < Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw== < Cache-Control: no-cache < Pragma: no-cache < Content-Type: text/html; charset=utf-8 < Content-Length: 660 < Via: 1.1 ech-10-157-131-196.test.com < <HTML><HEAD> <TITLE>Redirect</TITLE> </HEAD> <BODY> <FONT face="Helvetica"> <big><strong></strong></big><BR> </FONT> <blockquote> <TABLE border=0 cellPadding=1 width="80%"> <TR><TD> <FONT face="Helvetica"> <big>Redirect (authentication_redirect_to_virtual_host)</big> <BR> <BR> </FONT> </TD></TR> <TR><TD> <FONT face="Hel Regards, Tapas Mishra 7769092465