You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mathias Koerber <ma...@koerber.org> on 2003/01/10 06:26:15 UTC
[users@httpd] Apache 1.3.27 ProxyPass/VirtHost problem
I have a problem with my Apache 1.3.27 (Linux) to forward requests from
the outside network to a host on the inside network. Both servers
serve the same virtual hosts (albeit using diff IP addresses).
General setup:
Firewall/Main Webserver:
Apache 1.3.27
# This server is also used as proxy for my intranet to proxy requests #
to the outside:
ProxyRequests On
proxyRemote * http://proxy.myisp.example:8080
ExpiresActive on
ExpiresDefault "modification plus 1 day" ExpiresByType image/jpeg "access
plus 1 day" ExpiresByType text/html "modificatin plus 14 days"
# To enable the cache as well, edit and uncomment the following lines:
#CacheRoot /usr/local/apache/var/proxy CacheRoot /u6/proxy
CacheSize 5
CacheGcInterval 4
CacheMaxExpire 24
CacheLastModifiedFactor 0.1
CacheDefaultExpire 1
# only allow the intranet site to use the proxy <Directory proxy:*>
order deny,allow
deny from all
allow from 172.22.22.0/24 localhost 127.0.0.1 </Directory>
# This server then is set up to serve multiple virtual hosts to
# the outside world. A few are still hosted on this machine
# while others are to be transparently forwarded to the # internal
webserver which will server those also in a virtual # host setup
# The WWW server
NameVirtualHost 172.22.22.1:80
NameVirtualHost mypublicIP:80
NameVirtualHost 127.0.0.1:80
# new HOME
<Virtualhost 172.22.22.1 mypublicIP:80 127.0.0.1:80> ServerAdmin
webmaster@site.example
ServerName home.site.example
ErrorLog logs/home-error_log
TransferLog logs/home-access_log
CustomLog logs/home-custom_log request
# allow the outside world to access this (need to override the global #
proxy perms denying the outside world for this! <Directory
proxy:http://home.site.example*> order deny,allow
allow from all
</Directory>
# now pass all requests for home.koerber.org to the internal #
home.koerber.org. Hopefully it resolves to the internal IP # address here
(it does, at least from the commandline/dig :-) ProxyPass /
http://home.site.example/ </VirtualHost>
# and the WIKI
<Virtualhost 172.22.22.1 mypublicIP:80 127.0.0.1:80> ServerAdmin
webmaster@site.example
ServerName testwiki.site.example
ErrorLog logs/testwiki-error_log
TransferLog logs/testwiki-access_log
CustomLog logs/testwiki-custom_log request
<Directory proxy:http://testwiki.site.example*> order deny,allow
allow from all
</Directory>
ProxyPass / http://testwiki.site.example/ </VirtualHost>
The actual webserver is set up similar, ie it has virtual host
definitions. This too is Apache 1.3.27:
NameVirtualHost *
# the first VH is the default
<VirtualHost *>
ServerName home.site.example
ServerALias ...
DocumentRoot ...
</VirtualHost>
# the next VH is a TWIKI and needs its own script-dirs etc: <VirtualHost
*>
ServerName testwiki.site.example
DocumentRoot /var/www/testwiki/html
<Directory "/var/www/testwiki/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_alias.c>
Alias /icons/ "/var/www/testwiki/icons/"
<Directory "/var/www/testwiki/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/var/www/testwiki/cgi-bin/"
<Directory "/var/www/testwiki/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
ScriptAlias /twiki/bin/ "/u1/twiki/testwiki/bin/" Alias /twiki/
"/u1/twiki/testwiki/"
<Directory "/u1/twiki/testwiki/bin">
Options +ExecCGI
SetHandler cgi-script
Allow from all
AllowOverride All
</Directory>
<Directory "/u1/testwiki/pub">
Options FollowSymLinks +Includes
AllowOverride None
Allow from all
</Directory>
<Directory "/u1/twiki/testwiki/data">
deny from all
</Directory>
<Directory "/u1/twiki/testwiki/templates">
deny from all
</Directory>
</VirtualHost>
When I directly connect to the internal server (home.site.example resolves
directly to it on the intranet), everything works fine.
Whenever I connect to the public IP address from an outside system and
issue a HTTP/1.2 GET, like this:
$ telnet mypublicIP 80
Trying mypublicIP...
Connected to mypublicIP.
Escape character is '^]'.
GET http://home.site.example/twiki/Main/ HTTP/1.1 Host: home.site.example
the external webserver goes into a loop trying to look up the page in its
cache instead of forwarding it to the internal server:
home-error_log:
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for
http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
[Wed Jan 8 21:53:22 2003] [debug] proxy_util.c(1450): File
/u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not
present or expired. Declining.
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for
http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
[Wed Jan 8 21:53:22 2003] [debug] proxy_util.c(1450): File
/u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not
present or expired. Declining.
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for
http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
[Wed Jan 8 21:53:22 2003] [debug] proxy_util.c(1450): File
/u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
[Wed Jan 8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not
present or expired. Declining.
ad infinitum (until the server quickly reaches some limit and dies)
How can I make it NOT try to always look up this URL in its cache (or go
and fetch the data as it is not found in the cache)?
I tried adding
NoCache home.site.example
to the global proxy configuration and to the VirtualHost definition for
home.site.example, w/o luck. I also tried using ProxyRequests On
I am stumped. Can anyone help point out the problem?
is there a way to debug Apache's internal rewriting/proxying and DNS
lookups etc?
thanks
--
Mathias Koerber
mathias@koerber.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org