[OT] User problem: Apache-Rewrite - Firewall - Problem

Andreas Tille tillea at rki.de
Fri Mar 23 18:52:24 UTC 2007 

On Fri, 23 Mar 2007, Fabio Tranchitella wrote:

> You should use 127.0.0.1 or localhost instead of a.b.c.d at the first
> occurrence.

Well, that failed for me formerly with apache 1.3 and I also tested it
now with apache2 (2.2.3, Etch package) ... but I'll try.

> Could you please confirm us that the mod_proxy is enabled and loaded?

$ ls -l /etc/apache2/mods-enabled/p*
lrwxrwxrwx 1 root root 33 2007-03-22 10:33 /etc/apache2/mods-enabled/proxy_http.load -> ../mods-available/proxy_http.load
lrwxrwxrwx 1 root root 28 2007-03-22 15:58 /etc/apache2/mods-enabled/proxy.load -> ../mods-available/proxy.load

What else can I do to convince you? Is there any way to proof that these
modules are really loaded?

> Also, add this snippet (tested with apache2, not sure if it works on apache
> 1.3) to your virtual host configuration:

Well, tha actual problem concerns only apache2 (Etch) so we can
forget any 1.3 issues.

>
>    <Proxy *>
>        Order deny,allow
>        Allow from all
>    </Proxy>

This snipped would be included if I would do

    ln -s ../mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf

>    <IfModule mod_proxy.c>
>        ProxyVia On
>        # prevent the webserver from beeing used as proxy
>        <LocationMatch "^[^/]">
>            Deny from all
>        </LocationMatch>
>    </IfModule>

I did as above /set the link to proxy.conf and changed the rewrite
rule to

RewriteRule ^(.*) http://127.0.0.1:9673/VirtualHostBase/http/a.b.c.d:80/mydir/VirtualHostRoot$1 [P,L]

My browser said:

   You don't have permission to access / on this server.

Apache error.log sais:

[Fri Mar 23 18:44:52 2007] [error] [client 217.81.80.129] client denied by server configuration: proxy:http://127.0.0.1:9673/VirtualHostBase/http/a.b.c.d:80/agi/VirtualHostRoot/
[Fri Mar 23 18:44:53 2007] [error] [client 217.81.80.129] client denied by server configuration: proxy:http://127.0.0.1:9673/VirtualHostBase/http/a.b.c.d:80/agi/VirtualHostRoot/favicon.ico

Apache access.log sais:

217.81.80.129 - - [23/Mar/2007:18:44:52 +0100] "GET / HTTP/1.0" 403 284
217.81.80.129 - - [23/Mar/2007:18:44:53 +0100] "GET /favicon.ico HTTP/1.0" 403 295

I could also send a rewrite log but I do not see any interesting things.
I would say this promotes my theory that the browser tries to query
my client localhost.  Next I would try to find out whether apache mod_proxy
is loaded if you tell me, how to do this.

Kind regards

          Andreas.

-- 
http://fam-tille.de

More information about the pkg-zope-developers mailing list