osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server


I advice to debug this step-by-step. First the SSL connection to your Apache. Then the proxy setup. Then any restrictions with "Require...".

> Am 10.04.2018 um 13:31 schrieb Rajesh Cherukuri <rajecher@xxxxxxxxx>:
> 
> 
> configured HTTPS on 8080 port and here is the request sent to HTTP and HTTPS found two things by running curl with --insecure 
> 
> 
> 1.) for all HTTP requests  i get 400 bad requests as response 
> 2.) for all HTTPS requests i get HTTP/1.1 400 Bad Request
> 
> 
> below is the output 
> 
> 
> curl --insecure -I -x https://172.16.130.2:8080 http://crl3.digicert.com
> HTTP/1.1 400 Bad Request
> Date: Tue, 10 Apr 2018 11:08:44 GMT
> Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
> Content-Length: 362
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
> 
>  curl --insecure -I -x https://172.16.130.2:8080 https://example.com
> curl: (56) Proxy CONNECT aborted
> 
> 
> 
> 
> 
> error log for https requests (https://example.com)
> 
> 
> [Tue Apr 10 12:12:44.768286 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH01964: Connection to child 1 established (server testnew1..com:443)
> [Tue Apr 10 12:12:44.769907 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH02008: SSL library error 1 in handshake (server testnew1..com:443)
> [Tue Apr 10 12:12:44.770033 2018] [ssl:info] [pid 13353] SSL Library Error: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request -- speaking HTTP to HTTPS port!?
> [Tue Apr 10 12:12:44.770074 2018] [ssl:info] [pid 13353] [client 172.16.135.4:56408] AH01998: Connection closed to child 1 with abortive shutdown (server testnew1..com:443
> 
> ----------------------
> 
> Error Log for HTTP request (http://crl3.digicert.com)
> [Tue Apr 10 12:14:41.387149 2018] [ssl:info] [pid 13354] [client 172.16.135.4:56410] AH01964: Connection to child 2 established (server testnew1.com:443)
> [Tue Apr 10 12:14:41.387647 2018] [ssl:info] [pid 13354] [client 172.16.135.4:56410] AH01996: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
> [Tue Apr 10 12:14:41.387704 2018] [ssl:info] [pid 13354] SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!?
> 
> 
> 
> 
> 
> virtual host configuration 
> 
> 
> 
> Listen 172.16.130.2:8080
> 
> <VirtualHost  172.16.130.2:8080>
> 
>  ServerName      testnew1.com
> 
> 
> 
> ProxyRequests On
> ProxyVia On
> SSLProxyEngine On
> SSLEngine On
> SSLProxyVerify none
> SSLCertificateFile 1.cert
> SSLCertificateKeyFile 1.key
> #AllowConnect 80 443 1080 8082
> ProxyPreserveHost On
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
>      Require expr %{HTTP_HOST} =~ /^crl3.digicert.com:80$/
>  </RequireAny>
> 
> </Proxy>
> 
> </VirtualHost>
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx