OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server



configured HTTPS on 8080 port and here is the request sent to HTTP and HTTPS found two things by running curl with --insecure


1.) for all HTTP requests  i get 400 bad requests as response
2.) for all HTTPS requests i get HTTP/1.1 400 Bad Request


below is the output


curl --insecure -I -x https://172.16.130.2:8080 http://crl3.digicert.com
HTTP/1.1 400 Bad Request
Date: Tue, 10 Apr 2018 11:08:44 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

 curl --insecure -I -x https://172.16.130.2:8080 https://example.com
curl: (56) Proxy CONNECT aborted





error log for https requests (https://example.com)


[Tue Apr 10 12:12:44.768286 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH01964: Connection to child 1 established (server testnew1..com:443)
[Tue Apr 10 12:12:44.769907 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH02008: SSL library error 1 in handshake (server testnew1..com:443)
[Tue Apr 10 12:12:44.770033 2018] [ssl:info] [pid 13353] SSL Library Error: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request -- speaking HTTP to HTTPS port!?
[Tue Apr 10 12:12:44.770074 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH01998: Connection closed to child 1 with abortive shutdown (server testnew1..com:443

----------------------

Error Log for HTTP request (http://crl3.digicert.com)
[Tue Apr 10 12:14:41.387149 2018] [ssl:info] [pid 13354] [client 172.16.135.4:56410] AH01964: Connection to child 2 established (server testnew1.com:443)
[Tue Apr 10 12:14:41.387647 2018] [ssl:info] [pid 13354] [client 172.16.135.4:56410] AH01996: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Tue Apr 10 12:14:41.387704 2018] [ssl:info] [pid 13354] SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!?





virtual host configuration



Listen 172.16.130.2:8080

<VirtualHost  172.16.130.2:8080>

 ServerName      testnew1.com



ProxyRequests On
ProxyVia On
SSLProxyEngine On
SSLEngine On
SSLProxyVerify none
SSLCertificateFile 1.cert
SSLCertificateKeyFile 1.key
#AllowConnect 80 443 1080 8082
ProxyPreserveHost On
<Proxy "*">
<RequireAny>
     Require expr %{HTTP_HOST} =~ /^example.com:443$/
     Require expr %{HTTP_HOST} =~ /^crl3.digicert.com:80$/
 </RequireAny>

</Proxy>

</VirtualHost>