You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Arne Heizmann <Ar...@csr.com> on 2005/06/14 18:46:05 UTC
[users@httpd] RewriteRule problems
Hi,
I get a 403 Forbidden when trying to use a RewriteRule to proxy a
request to another server.
I have two servers, ukrbcsr01 and ukrbcsr02. ukrbcsr02 is accessible
from the outside, ukrbcsr01 isn't. Their LAN IPs are 192.168.0.131 and
192.168.0.132, respectively. I can access one from the other, so I know
that both Apaches are running correctly and the LAN is working.
Now I added the following RewriteRule to ukrbcsr02:
RewriteEngine On
RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P]
I was hoping that [P] would work to proxy the request to the other
server, but what I get instead is a 403 Forbidden when I try to access
/old/something. I get the same 403 even when I stop the Apache on
ukrbcsr01, so it must be ukrbcsr02 that generates the Forbidden message
without even attempting to proxy the request.
Thanks for any advice you can give.
Arne Heizmann
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteRule problems
Posted by Krist van Besien <kr...@gmail.com>.
On 6/15/05, Arne Heizmann <Ar...@csr.com> wrote:
> Krist van Besien wrote:
> >
> > I get the impression that probably somewhere in your httpd config
> > there is an access rule that forbids access to the /old URL, and that
> > therefore the "403 Forbidden" gets triggered before everything else.
>
> But the rewrite log shows that the rewrite module does process the URL
> correctly...
In this case it must be a access control issue. I think it must be the
first server that denies access and/or proxying. If it would have been
the second one blocking access, the error would have been "Bad
Gateway".
> > Do you have an "order allow,deny" statement somewhere?
>
> Not that I can see. But to alleviate the need for guessing, I'll attach
> the httpd.conf below. I have changed the "ServerName" line, but
> everything else is unchanged. Two lines will get word-wrapped by my
> mailer (LogFormat and BrowserMatch), but it should be obvious that they
> are one line.
>
> The line that exhibits the problem is the very last one, at the very bottom.
I don't see a line that allows proying in your config... Have you
tried adding a <proxy> block?
Have you also tried to access the webserver on the second host from
the first one using a webbrowser?
Krist
--
krist.vanbesien@gmail.com
Solothurn, Switzerland
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteRule problems
Posted by Arne Heizmann <Ar...@csr.com>.
Krist van Besien wrote:
>
> I get the impression that probably somewhere in your httpd config
> there is an access rule that forbids access to the /old URL, and that
> therefore the "403 Forbidden" gets triggered before everything else.
But the rewrite log shows that the rewrite module does process the URL
correctly...
> Do you have an "order allow,deny" statement somewhere?
Not that I can see. But to alleviate the need for guessing, I'll attach
the httpd.conf below. I have changed the "ServerName" line, but
everything else is unchanged. Two lines will get word-wrapped by my
mailer (LogFormat and BrowserMatch), but it should be obvious that they
are one line.
The line that exhibits the problem is the very last one, at the very bottom.
Thanks again for any help,
Arne Heizmann
File follows: ---------------------------------------------------------
ServerRoot "C:/Program Files/Apache Group/Apache2"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80
ServerName <removed>
LoadModule access_module modules/mod_access.so
LoadModule alias_module modules/mod_alias.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule php4_module "C:/php/php4apache2.dll"
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml
ServerAdmin Arne.Heizmann@csr.com
UseCanonicalName Off
DocumentRoot "C:/support"
<Directory />
Options FollowSymLinks
AllowOverride None
Allow from all
</Directory>
<Directory "C:/support">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.php index.html
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access.log common
ServerTokens Full
ServerSignature On
Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"
<Directory "C:/Program Files/Apache Group/Apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
RewriteEngine On
# RewriteLog "C:/support/conf/rewrite.log"
# RewriteLogLevel 9
RewriteRule ^/download/(\d+)/ /download.php?did=$1 [L]
RewriteRule ^/documents/(\d+)_ /document.php?did=$1 [R]
RewriteRule ^/download/ /index.php [R]
RewriteRule ^/documents/ /index.php [R]
RewriteRule ^/conf/ /index.php [R]
RewriteRule ^/archive/ /index.php [R]
RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P]
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteRule problems
Posted by Krist van Besien <kr...@gmail.com>.
On 6/15/05, Arne Heizmann <Ar...@csr.com> wrote:
> Krist van Besien wrote:
> >
> > Did you configure you apache to allow proxying? [...] You need something like this in your apache:
> >
> > ProxyRequests Off
> > <Proxy *>
> > Order deny,allow
> > Allow from all
> > </Proxy>
>
> I've added this, and it doesn't seem to have an effect. I still get the
> Forbidden message. I also tried "ProxyRequests On", in case that was a
> typo, and I also tried "Order allow,deny".
>
> > If your requirements are simple there is no need to use a rewrite rule:
> > ProxyPass /old http://ukrbcsr01/
> > ProxyPassReverse /old http://ukrbcsr01/
>
> Tried that (along with the <Proxy *> clause above) and it still has the
> same effect -- 403 Forbidden. :/
Hmmm.
I get the impression that probably somewhere in your httpd config
there is an access rule that forbids access to the /old URL, and that
therefore the "403 Forbidden" gets triggered before everything else.
Do you have an "order allow,deny" statement somewhere?
Krist
--
krist.vanbesien@gmail.com
Solothurn, Switzerland
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteRule problems
Posted by Arne Heizmann <Ar...@csr.com>.
Krist van Besien wrote:
>
> Did you configure you apache to allow proxying? [...] You need something like this in your apache:
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
I've added this, and it doesn't seem to have an effect. I still get the
Forbidden message. I also tried "ProxyRequests On", in case that was a
typo, and I also tried "Order allow,deny".
> If your requirements are simple there is no need to use a rewrite rule:
> ProxyPass /old http://ukrbcsr01/
> ProxyPassReverse /old http://ukrbcsr01/
Tried that (along with the <Proxy *> clause above) and it still has the
same effect -- 403 Forbidden. :/
Thanks for any further help you can provide,
Arne Heizmann
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteRule problems
Posted by Krist van Besien <kr...@gmail.com>.
On 6/14/05, Arne Heizmann <Ar...@csr.com> wrote:
>
> Hi,
>
> I get a 403 Forbidden when trying to use a RewriteRule to proxy a
> request to another server.
>
> I have two servers, ukrbcsr01 and ukrbcsr02. ukrbcsr02 is accessible
> from the outside, ukrbcsr01 isn't. Their LAN IPs are 192.168.0.131 and
> 192.168.0.132, respectively. I can access one from the other, so I know
> that both Apaches are running correctly and the LAN is working.
>
> Now I added the following RewriteRule to ukrbcsr02:
>
> RewriteEngine On
> RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P]
>
> I was hoping that [P] would work to proxy the request to the other
> server, but what I get instead is a 403 Forbidden when I try to access
> /old/something. I get the same 403 even when I stop the Apache on
> ukrbcsr01, so it must be ukrbcsr02 that generates the Forbidden message
> without even attempting to proxy the request.
Did you configure you apache to allow proying? It looks like your
apache on the first server simply doesn't allow proxying.
You need something like this in your apache:
(and the proxy module needs to be available, ofcoures)
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
If your requirements are simple there is no need to use a rewrite rule
for you proxying. Use for example:
ProxyPass /old http://ukrbcsr01/
ProxyPassReverse /old http://ukrbcsr01/
Krist
--
krist.vanbesien@gmail.com
Solothurn, Switzerland
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org