Apache :: SSL For Proxy Server And Individual Web Servers
Feb 27, 2014
I have a total of 3 web servers:
x1 gateway.domain.com:443 (Using as a proxy to web1 and web2)
x1 web1.domain.com:443
x1 web2.domain.com:443
I was able to have gateway.domain.com play nicely with a wildcard certificate and handshake perfectly with web1 and web2. Now currently, web1 and web2 have their own SSL certificates while gateway has a wildcard cert for *.domain.com. Is it necessary to have certs on all 3 servers or just have the single wildcard cert on gateway.domain.com?
I have diesel generator controller card (IB Lite made by Comap) and the built-in webserver supports only a single user/session connected.
I want to set apache in front and serve multiple connection while apache is keeping a single session with the IB Lite card in background no matter how sessions it have.
I tried ProxyPass but it doesn't seems to be a solution.
I am using a Windows 7 and the proxy server is working fine. However, I need to run a web content filtering on the server. This should be able to replace or change specific words or phrases from an incoming html and deliver it to the client. I have searched the internet for days for a working configuration but none of them worked. Here is the current configuration I added on the httpd.conf file:
somebody know is possible on some way route traffic before come to web server (apache or lighttpd)?
I want to setup lighttpd on port 80 and apache on port 81 and I want visitors to go direct to apache or lighttpd without url:81 and that must work on this way if somebody visiting url1.domain.com that go to lighttpd on port 80 and if somebody visiting url2.domain.com that go to apache on port 81 and something must route it before lighttpd and apache (and get/post must work), is this possible on some way?
I know that lighttpd and apache can do it but I don`t need it on that way!
I'm running Apache 2.4.7 on a RHEL 6.4 server. I'm using the Oracle WebLogic Proxy Plugin ver 12.c to connect to a back end server.What's happening is that Apache answers URL.. and proxies the request via the WebLogic Proxy Plugin to internal.blah.com. Unfortunately, the downstream system encounters a problem and issues an http 302 redirect to internal.blah.com/whathappened. I would like to have Apache intercept this http 302 and redirect the client to URL...
I am trying to setup a pass through on our apache proxy server, typically this is not any trouble but our developers have started using a product call DEV EXPRESS and I cannot figure out how to get my pass through to work. Here's what my pass through looks like
ProxyPass /tmsdev http://tmsdev.dot.missouri/ ProxyPassReverse /tmsdev http://tmsdev.dot.missouri/ The initial url is http://tmsdev.dot.missouri/RealEstate/AAH/LitterPickup.aspx
I am getting 404 errors on everything that has /RealEstate/DXR.axd......... The DXR.axd is something from DEVEXPRESS here's the error I'm getting.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /RealEstate/DXR.axd was not found on this server.</p> <hr /> <address>IBM_HTTP_Server/6.0.2.35 Apache/2.0.47 (Win32) Server at ghweb04 Port 80</address> </body></html>
We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy:
[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443 [Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync
So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2.
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
I want to setup a failover approach in which if after a particular timeout say 10secs the load shifts to some other website like Refer.com | The world. The timeout should be in Proxy Pass and if timeout occurs it shifts to Refer.com | The world
Im using AJAX on my site and i need to access a seperate server instance on a different port. AJAX wont allow me to do that so i want to use Apache as a proxy but only for one page.
Loading a page with ~150 files (most images and js files) i keep runing into "locked requests" that are not comeing back and block the whole page from finishing loading. The files differ every time.
I see this warnings in my error.log (looks like they are connected to the behauviour above).
Code:
[Tue Nov 19 20:38:10.890013 2013] [cache_disk:warn] [pid 216692:tid 15924] (OS 5)Access is denied. : [client x.x.x.x:58963] AH00699: rename tempfile to file failed: C:/temp/cache/aptmpcBQArf -> C:/temp/cache/H8Cta/9ha4U/Uhhhs/OlQfU/1Q.data,
I m trying to setup a reverse proxy with several site that will redirect the request into several internal server.I wanted to do that with several VirtualHost (like shown below). Unfortunatly whatever I type on my browser testsupport.xxxx.com or support2.xxxx.com I m redirected at the first of the config file (in the exemple http://10.253.12.41/.Is it the ServerName key that will redirect to the right proxypass ?
We are struggling to configure our Apache reverse proxy (on WIN 2008) server to force https.
We have the cert installed on the proxy server, and it seems to be working but we are unable to force connections to https: and the site is still available via http:
How do you enforce https on the site?
reading read about the .htaccess file, virtual hosts but still having a hell of a time putting it all together
I have a setup where Apache connects to a F5 load balancer which in turn balances between two jboss app servers.
Apache using mod_proxy -> F5 (hardware load balancer) -> 2 jboss application server
It uses jsessionid. I sometimes get 500 errors for the post methods. I think the request goes to the incorrect jboss server because of the F5 load balancer. Everything works just right when I shutdown one of the jboss app servers.
I'm trying to do a setup of alfresco.It has two basic sites. [URL]. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
I have apache 2.2 on Linux going through the a firewall to a backend sharepoint server. My sharepoint application has anonymous and authenticated traffic. This works fine most of the time but we randomly get (104)Connection reset by peer: proxy: error reading status line from remote server. I was able to fix this by adding *SetEnv force-proxy-request-1.0 1 *SetEnv proxy-nokeepalive 1 *RequestHeader unset Expect early But after I added this I was then no longer able to log in. I would receive a *HTTP/1.1" 401 my understanding is KeepAlive is required for NTLM to work so making sure I can stop the connection resets which are unacceptable and still allow the authenticated users to log in.
I'm currently in the process of configuring a red hat linux server as a proxy server for a number of back end web servers. I set up reverse proxying to hide the web server url's, but I've run into a problem with the second web server, because some of the directory structures are identical on both servers.
I am having a little trouble getting a reverse proxy redirect to work. I have a Linux server running Apache2. I have installed SABnzbd+, Sickbeard, Couchpotato & Headphones onto this device. I want to access SABnzbd+, Sickbeard, Couchpotato & Headphones from the outside world (via a DYNDNS name).
I know that I could just forward the ports through the router, but I don't want all the extra ports opened. I was told that I can have Apache to do a revers proxy, but I can't get it to work. I basically want to be able to do type myname.dyndns.org/sickbeard instead of typing in myname.dyndns.org:8081.
I'm trying to fix a problem with open proxy on my website. It's running ubuntu & apache2. I also run pfsense for a firewall with snort. I have a SSL for the website, so I have regular port 80 redirect to https.
At first I did notice right away when I checked & saw this happen that proxy was turned on. So I got that turned off.
My firewall is still allowing these bad IPs to port 80. I would like to figure out what I could turn on the firewall or snort to stop those connections in addition to what needs fixing in apache. I've read the solution is to make the redirects go to a 403 error page.
I also tried adding a mod_security rule but ended up blocking all people from website, though I may have accidentally turned some other rules on too.
There are a few different problems it looks like.
First - It looks like they're trying to connect to my HTTPS then redirect to an ad through my domain name? Second - It looks like they're still trying to use my website for open proxy but directly accessing ib.adnxs.com through my port 80. My logs indicate I'm redirecting to a 301 page.
Have run through a bunch of threads on mod_proxy race conditions, possible causes, and potential solutions.
What is the status? Is there a fix for this, maybe in 2.4.7?
On 2.4.3 in production we literally have 10K errors in the past 2 months along the lines of:
Code : AH00898: Error reading from remote server returned by...
Application server (JVM webapp) issues no errors at the time of mod_proxy error occurring. It seems then that mod_proxy is sporadically broken, which is horrible for end users accessing an otherwise rock solid production application.
I am running a few different web servers on my home network and have found a way of binding each wb server (and any virtual hosts) to domain names and having a "central" web server rerouting a request to the appropriate server using reverse-proy. at the moment, this central web server is IIS (Windows Server 2008 R2) based and it works perfectly. I want to change the central server to an Apache based one.
As an example; I want the central server to see an incoming http request (e.g sub.domain.com) and reroute it using reverse-proxy to a different web server that wouldn't normaly be accessible from the Internet (e.g 192.168.1.122/index.html).
My question is how do you reverse-proxy to a different server on the LAN with mod_rewrite in Apache?
Is there any reason to have each website on a seperate hosting account(security/optimization etc).
I am with enom and I have bandwidth of 200gb a month for a pretty low price -basically nothing. So at the moment I have 4 websites on this hosting package, each one limited to 50gb bandwidth a month. At the moment I get a couple of visitors a day on each, and when I get more I can upgrade the bandwidth as much as I need to(but even if I didnt upgrade, this 50gb a month would allow me 50,000 visitors downloading 1mb each). My question is, is there any reason to move each site to a seperate hosting package? It is easier to manage all the sites from a single hosting account but I wonder if there is a security issue(like if one site gets hacked they might all go down), or maybe databases would run faster or something?
I have hsphere working on my server. Now I need to install phpacution. After the installation of php auction I am getting this message
Extension dir /hsphere/shared/apache/libexec/php4ext/ You must to place ixed files at/hsphere/shared/apache/libexec/php4ext//
I tried to copy php.ini in the root of my website but it has take down all of my websites. So will youlet me know how can I get php.ini working for 1 on my website from its root?
I'm running both Apache (on port 81) and Lighttpd (port 80) on my VPS. I would like to have Apache run CGI/Perl scripts only for virtual hosts in the Lighttpd.conf. My Lighttpd.conf already has fastCGI enabled though.
a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.
One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?
(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )
I am trying to set up a reverse proxy to the application Surveillance Station on my Synology NAS. Altough the reverse proxy works ok for other apps like Webadmin, Download Station and such, parts of the Surveillance Station app do not work, particulary the Live View & Time Line.
From the logs, I suspect an authorisation problem (because of the 401), but I'm not sure. I have tried ProxyPreserveHost on, ProxyVia full, and some rewrite rules, but I'm not sure what I'm doing Direct access to the port of the app works (i.e. 83.xxx.x.xxx:9900), so i know it has something to do with the reverse proxy.
Some of websites like youtube and facebook are blocked in my country and we can't access them .in addition most of tunneling protocols like PPTP are blocked too . I want to create a website that tunnels between our network and this website like proxy or other ways. Scripts like phpProxy are not secure and many websites don't permit the visitors who come with this scripts. A very good sample for my idea is walww.com . This websites is like alternate for blocked addresses like facebook, but it's premium and require charging cash .
How can I create website like walww.com . I have my own VPS and Host for this issue. Is that possible to serve this blocked websites trough proxy by configuring apache settings?
Own Build Apache 2.4.4 (32bit) with IPv6 support Openssl 1.0.1e on Windows Server 2012.
We implemented this as a reverse proxy with Exchange 2010 behind it. We published Webmail out through Apache. Thought it was going well until users reported strange things. Exchange Web Services users were sending email and they arrived having been posted from another user's mailbox. Also, sometimes viewing the mailbox provides a view of somebody else's mailbox.
We checked out the logs on the Exchange CAS server and what appears to be happening is that the body of the post is being sent with the header of another post.