You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2010/01/04 18:41:22 UTC
Re: [users@httpd] mod_proxy.c configuration problem for a
tomcat6-bridged situation
On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
<li...@alvisenicoletti.com> wrote:
> ====================================================
> That is the configuration that I tryed and it's not working:
> <Proxy *>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
> # Allow from www.TOMCATWEBSITE.com
> </Proxy>
> ====================================================
"Allow" restricts the client, or browser, address/hostname. You seem
to have listed your origin (backend) server instead.
What were you trying to restrict?
--
Eric Covener
covener@gmail.com
Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged
situation
Posted by Alvise Nicoletti <li...@alvisenicoletti.com>.
Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> <li...@alvisenicoletti.com> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
I am trying to restrict everyone but that website ...
Actually that configuration you quoted is ALL commented so I don't have
any allow/deny.
If I put it like you wrote, the bridged website on tomcat goes on timeout.
So wich is the right way?
Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged
situation
Posted by Alvise Nicoletti <li...@alvisenicoletti.com>.
Alvise Nicoletti wrote:
> Alvise Nicoletti wrote:
>> Alvise Nicoletti wrote:
>>> Eric Covener wrote:
>>>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>>>> <li...@alvisenicoletti.com> wrote:
>>>>
>>>>> I would like to restrict access to everything-but-mywebsite like the
>>>>> example:
>>>>>
>>>>
>>>>
>>>>> <IfModule mod_proxy.c>
>>>>> ProxyRequests Off
>>>>> <Proxy *>
>>>>> AddDefaultCharset off
>>>>> Order deny,allow
>>>>> Deny from all
>>>>>
>>>>> Allow from www.TOMCATWEBSITE.com
>>>>> </Proxy>
>>>>> ProxyVia On
>>>>> </IfModule>
>>>>
>>>>
>>>> That restricts access "from" an [client] address, not access "to" a
>>>> backend [webserver] address.
>>>>
>>>> If you're running a reverse proxy only (ProxyRequests off), and you've
>>>> told it to connect to a specific backend via ProxyPass, I don't see
>>>> why you need furtherer configuration to restrict anything.
>>>>
>>>>
>>> mhh ...
>>>
>>> the point is that the original configuration in my webserver was:
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>>
>>> And everthing was working, BUT, I had to remove everything to make
>>> the tomcat6-apache2 bridge work.
>>> Also, in the header of that file I found written:
>>> #turning ProxyRequests on and allowing proxying from all may
>>> allow
>>> #spammers to use your proxy to send email.
>>>
>>> So I guess this is not good:
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>>
>>>
>>>
>>> Or is it ok?
>>
>
mhh ....
> Do you guy confirm that leaving a webserver with mod_proxy.c enabled
> but with no rules is a good thing?
>
> So I relax up a bit ...
And what is this?
Connection attempts using mod_proxy:
65.183.2.75 -> http://lti-mail01.ltinetworks.com:25
<http://lti-mail01.ltinetworks.com:25>: 1 Time(s)
Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged
situation
Posted by Alvise Nicoletti <li...@alvisenicoletti.com>.
Alvise Nicoletti wrote:
> Eric Covener wrote:
>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>> <li...@alvisenicoletti.com> wrote:
>>
>>> I would like to restrict access to everything-but-mywebsite like the
>>> example:
>>>
>>
>>
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>>
>>> Allow from www.TOMCATWEBSITE.com
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>
>>
>> That restricts access "from" an [client] address, not access "to" a
>> backend [webserver] address.
>>
>> If you're running a reverse proxy only (ProxyRequests off), and you've
>> told it to connect to a specific backend via ProxyPass, I don't see
>> why you need furtherer configuration to restrict anything.
>>
>>
> mhh ...
>
> the point is that the original configuration in my webserver was:
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
> </Proxy>
> ProxyVia On
> </IfModule>
>
> And everthing was working, BUT, I had to remove everything to make the
> tomcat6-apache2 bridge work.
> Also, in the header of that file I found written:
> #turning ProxyRequests on and allowing proxying from all may allow
> #spammers to use your proxy to send email.
>
> So I guess this is not good:
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> </Proxy>
> ProxyVia On
> </IfModule>
>
>
>
> Or is it ok?
Do you guy confirm that leaving a webserver with mod_proxy.c enabled but
with no rules is a good thing?
So I relax up a bit ...
Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged
situation
Posted by Alvise Nicoletti <li...@alvisenicoletti.com>.
Eric Covener wrote:
> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
> <li...@alvisenicoletti.com> wrote:
>
>> I would like to restrict access to everything-but-mywebsite like the
>> example:
>>
>
>
>> <IfModule mod_proxy.c>
>> ProxyRequests Off
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>>
>> Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ProxyVia On
>> </IfModule>
>
>
> That restricts access "from" an [client] address, not access "to" a
> backend [webserver] address.
>
> If you're running a reverse proxy only (ProxyRequests off), and you've
> told it to connect to a specific backend via ProxyPass, I don't see
> why you need furtherer configuration to restrict anything.
>
>
mhh ...
the point is that the original configuration in my webserver was:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule>
And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.
Also, in the header of that file I found written:
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
So I guess this is not good:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
</Proxy>
ProxyVia On
</IfModule>
Or is it ok?
Re: [users@httpd] mod_proxy.c configuration problem for a
tomcat6-bridged situation
Posted by Eric Covener <co...@gmail.com>.
On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<li...@alvisenicoletti.com> wrote:
> I would like to restrict access to everything-but-mywebsite like the
> example:
>
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
>
> Allow from www.TOMCATWEBSITE.com
> </Proxy>
> ProxyVia On
> </IfModule>
That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.
If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged
situation
Posted by Alvise Nicoletti <li...@alvisenicoletti.com>.
Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> <li...@alvisenicoletti.com> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
Hi ...
This is my ACTUAL configuration:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
</Proxy>
ProxyVia On
</IfModule>
So I'm open like a californian beach.
I would like to restrict access to everything-but-mywebsite like the
example:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from www.TOMCATWEBSITE.com
</Proxy>
ProxyVia On
</IfModule>
But this is not making work the tomcat6-apache2 bridge.
So I need your help to understand the right configuration.
This is the TOMCATWEBSITE.COM virtual host conf:
<VirtualHost *:80>
ServerAdmin "webmaster@TOMCATWEBSITE.com"
ServerName www.TOMCATWEBSITE.com
ProxyPreserveHost On
ProxyPass / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverse / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverseCookieDomain www.TOMCATWEBSITE.com:8080
www.TOMCATWEBSITE.com
ProxyPassReverseCookiePath / /
LogLevel warn
CustomLog /var/log/apache2/TOMCATWEBSITE_access.log vhost_combined
ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log
RewriteEngine on
RewriteRule ^/TOMCATWEBSITE/(.*)$ http://www.TOMCATWEBSITE.com/$1
[L]
<location "/WEB-INF/">
# AllowOverride None
deny from all
</location>
</VirtualHost>