You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by robert rottermann <ro...@redcor.ch> on 2009/12/29 11:38:46 UTC
[users@httpd] what should be in the proxy directive
Hi there,
I set up an apache on a debian lenny.
I do have a virtual host that uses the redirect module.
Now all access to that virtual host is blocked.
only when I alter the config file of the proxy module to allow access from
everywhere I can access the site:
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from wv.opensourcevista.net
Allow from all <------- this I belive is bad
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via:
headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>
now this is for sure wrong.
So could somebody please give me a hint what should be in the <Proxy /> stanza?
thanks a lot
robert
here is the virtual host stanza I am using:
<VirtualHost *:80>
ServerName wv.opensourcevista.net
ServerAdmin robert@redcor.ch
DocumentRoot /var/www/
ErrorLog /var/log/apache2/wv_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/wv_access.log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
RewriteEngine On
# use #RewriteLog to debug problems with your rewrite rules
# disable it after you found the error our your harddisk will be filled
*very fast*
#RewriteLog "/var/log/apache2/rewrite_log"
#RewriteLogLevel 2
RewriteRule /(.*)/$
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80/wv/VirtualHostRoot/$1
[L,P]
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80/wv/VirtualHostRoot/$1
[L,P]
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] what should be in the proxy directive
Posted by robert rottermann <ro...@redcor.ch>.
Am 29.12.2009 12:48, schrieb Nick Kew:
>
> On 29 Dec 2009, at 10:38, robert rottermann wrote:
>
>> Hi there,
>>
>> I set up an apache on a debian lenny.
>> I do have a virtual host that uses the redirect module.
>
> Ugly!
>
>> Now all access to that virtual host is blocked.
>> only when I alter the config file of the proxy module to allow access from
>> everywhere I can access the site:
>
> That's what you (usually) want for a reverse proxy.
>
>> <IfModule mod_proxy.c>
>
> Drop <IfModule>. It only serves to confuse, if you're editing your config
> "by hand" (as opposed to purely with tools like debian's a2enmod).
>
>> now this is for sure wrong.
>> So could somebody please give me a hint what should be in the <Proxy /> stanza?
>
> You're confusing forward and reverse proxies. Forward proxies are
> dangerous and need to be restricted, but you've correctly set
> ProxyRequests Off, so you don't have a forward proxy. Reverse
> proxies are, to all intents and purposes, equivalent to origin servers.
>
> But put all your proxy directives inside the <VirtualHost>.
> And <Proxy> is usually a bad idea: use <Location> instead.
>
thanks a lot,
I never used such an proxy directive and was wondering whether I was always
creating an open proxy.
now the only thing I had to do, was to delete the config file provided by debian..
by the way: why is using the redirect module ugly?
thanks again
robert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] what should be in the proxy directive
Posted by Nick Kew <ni...@webthing.com>.
On 29 Dec 2009, at 10:38, robert rottermann wrote:
> Hi there,
>
> I set up an apache on a debian lenny.
> I do have a virtual host that uses the redirect module.
Ugly!
> Now all access to that virtual host is blocked.
> only when I alter the config file of the proxy module to allow access from
> everywhere I can access the site:
That's what you (usually) want for a reverse proxy.
> <IfModule mod_proxy.c>
Drop <IfModule>. It only serves to confuse, if you're editing your config
"by hand" (as opposed to purely with tools like debian's a2enmod).
> now this is for sure wrong.
> So could somebody please give me a hint what should be in the <Proxy /> stanza?
You're confusing forward and reverse proxies. Forward proxies are
dangerous and need to be restricted, but you've correctly set
ProxyRequests Off, so you don't have a forward proxy. Reverse
proxies are, to all intents and purposes, equivalent to origin servers.
But put all your proxy directives inside the <VirtualHost>.
And <Proxy> is usually a bad idea: use <Location> instead.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org