You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Etienne <et...@gnulinux.fr> on 2009/08/26 16:48:41 UTC
[users@httpd] creating a proxy
hi all,
I would like to enable a proxy on my server with port forwarding.
The idea is to connect to my server through putty with ssh tunnel forwarding
localhost:80 to myproxyserver.com:80
I have enabled proxy module with a2enmod proxy command and setup a
virtualhost
my virtualhost (/etc/apache2/sites-available/myproxyserver) has been enabled
and is as follow
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName myproxyserver.com
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from localhost
</Proxy>
</VirtualHost>
when I set up proxy to 127.0.0.1 on firefox and try to access to a web site,
I get the following
Forbidden
You don't have permission to access / on this server.
how can I fix that ?
thanks
etienne
Re: [users@httpd] unsubscribe
Posted by Evan Platt <ev...@espphotography.com>.
At 11:28 AM 8/26/2009, you wrote:
>unsubscribe
As the headers to every message say:
list-unsubscribe: <ma...@httpd.apache.org>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] unsubscribe
Posted by Josh Gooding <jo...@gmail.com>.
unsubscribe
On Wed, Aug 26, 2009 at 2:25 PM, Michael Johnson <mc...@hotmail.com>wrote:
> unsubscribe
>
Re: [users@httpd] unsubscribe
Posted by Evan Platt <ev...@espphotography.com>.
At 11:25 AM 8/26/2009, you wrote:
>unsubscribe
As the headers say:
list-unsubscribe: <ma...@httpd.apache.org>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] unsubscribe
Posted by Michael Johnson <mc...@hotmail.com>.
unsubscribe
Re: [users@httpd] creating a proxy
Posted by Etienne <et...@gnulinux.fr>.
hi andre
sorry for this late reply.
Your analysis is not correct. I am not trying to bypass a corporate
proxy . I work independently and I have no restriction to my web
access either at work or at home.
In fact I had the opposite problem to solve during my vacations:
trying to access my server from an hotel with a web based SSH gateway
but this is another story.
During my search, I found the following article and I tried to improve
my understanding of apache by reproducing what is described in it.
(http://www.math.polytechnique.fr/spip.php?rubrique78)
Apparently the laboratory subscribed to on-line periodicals which use
IP address to grant access to their customers.
To provide remote access to their employees, the laboratory uses SSH +
proxy : the laboratory IP address is provided to the periodical's
server.
I am not sure however that the laboratory was using apache for that
and I did not succeed to do it myself.
I obtained the same result by setting up a SOCKS proxy as described in
the following article
http://embraceubuntu.com/2006/12/08/ssh-tunnel-socks-proxy-forwarding-secure-browsing/
It has nothing to do with apache but it is quite useful to secure
browsing from a public hotspot.
thanks
etienne
2009/8/26 André Warnier <aw...@ice-sa.com>:
> Etienne,
>
> I am not quite sure that anyone here really understand what you are trying
> to do, nor if your usage of the words "proxy" and "hosting" really matches
> the usual technical meanings of these words.
>
> I have a suspicion that your situation might be as follows :
>
> - you are working on a workstation located in some organisation's internal
> network
> - this workstation does not have direct access to Internet HTTP servers. In
> order to access an external HTTP server, you have to go through a corporate
> firewall/proxy.
> - that firewall/proxy does not allow you to connect to all the websites you
> want to connect to, or it records the connections, which you do not like.
> - so you are trying to figure out, using putty's port forwarding, if you can
> somehow bypass the corporation's HTTP proxy, by using another port than 80
> to get out, and still access the external HTTP server on it's port 80.
>
> If the above matches your situation, I feel that I must point out to you
> that
> - there may be very good reasons why such a scheme is in place. Protecting
> the organisation against break-ins by viruses and other nasties may be one
> of them.
> - by doing so, you may be violating organisation rules, and expose yourself
> to bad personal consequences
>
> If the above is not your situation, then please provide some clearer
> explanations of what you are trying to achieve, and someone might be able to
> help you.
> Although in principle, I don't think it has much to do with Apache.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] creating a proxy
Posted by André Warnier <aw...@ice-sa.com>.
Etienne,
I am not quite sure that anyone here really understand what you are
trying to do, nor if your usage of the words "proxy" and "hosting"
really matches the usual technical meanings of these words.
I have a suspicion that your situation might be as follows :
- you are working on a workstation located in some organisation's
internal network
- this workstation does not have direct access to Internet HTTP servers.
In order to access an external HTTP server, you have to go through a
corporate firewall/proxy.
- that firewall/proxy does not allow you to connect to all the websites
you want to connect to, or it records the connections, which you do not
like.
- so you are trying to figure out, using putty's port forwarding, if you
can somehow bypass the corporation's HTTP proxy, by using another port
than 80 to get out, and still access the external HTTP server on it's
port 80.
If the above matches your situation, I feel that I must point out to you
that
- there may be very good reasons why such a scheme is in place.
Protecting the organisation against break-ins by viruses and other
nasties may be one of them.
- by doing so, you may be violating organisation rules, and expose
yourself to bad personal consequences
If the above is not your situation, then please provide some clearer
explanations of what you are trying to achieve, and someone might be
able to help you.
Although in principle, I don't think it has much to do with Apache.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] creating a proxy
Posted by Etienne <et...@gnulinux.fr>.
yes, I want to do that. However my client is a windows XP machine. thus I
have to use putty
apparently this port forwarding is working well
I have a silly question : how can I configure apache to work as a proxy
without cancelling my current web hosting ?
I am only using virtual hosts for hosting and not sure to understand what is
the other way of doing ;-)
thanks
etienne
2009/8/26 Tom Evans <te...@googlemail.com>
>
>
> Simplest way is to forget trying to get apache to do that for you, and
> just let SSH do it for you, seeing as you can SSH to that box ok.
>
> ssh -D 3128 <yourproxybox>
>
> and then setup firefox to use 127.0.0.1:3128 as a SOCKS proxy.
>
> The reason apache is probably not working is that it never uses that
> vhost for the request. Does it work if you don't use vhosts?
>
> Cheers
>
> Tom
>
>
>
Re: [users@httpd] creating a proxy
Posted by Tom Evans <te...@googlemail.com>.
On Wed, 2009-08-26 at 16:48 +0200, Etienne wrote:
> hi all,
>
> I would like to enable a proxy on my server with port forwarding.
> The idea is to connect to my server through putty with ssh tunnel
> forwarding localhost:80 to myproxyserver.com:80
> I have enabled proxy module with a2enmod proxy command and setup a
> virtualhost
> my virtualhost (/etc/apache2/sites-available/myproxyserver) has been
> enabled and is as follow
>
> NameVirtualHost *:80
> <VirtualHost *:80>
> ServerAdmin webmaster@localhost
> ServerName myproxyserver.com
> ProxyRequests On
> ProxyVia On
>
> <Proxy *>
> Order deny,allow
> Deny from all
> Allow from localhost
>
> </Proxy>
> </VirtualHost>
>
> when I set up proxy to 127.0.0.1 on firefox and try to access to a web
> site, I get the following
>
>
> Forbidden
> You don't have permission to access / on this server.
>
> how can I fix that ?
>
>
> thanks
>
>
> etienne
>
>
Simplest way is to forget trying to get apache to do that for you, and
just let SSH do it for you, seeing as you can SSH to that box ok.
ssh -D 3128 <yourproxybox>
and then setup firefox to use 127.0.0.1:3128 as a SOCKS proxy.
The reason apache is probably not working is that it never uses that
vhost for the request. Does it work if you don't use vhosts?
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org