You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by o haya <oh...@yahoo.com> on 2011/02/11 04:42:54 UTC
Re: [users@httpd] Problem solved was Re: [users@httpd] Problem configuring proxy (forbidden error locally)
James,
Thanks, but the system is locked down, and pre-provisioned by another group, i.e., we don't get to do yum, so we had to basically work with what was there.
Thanks again,
Jim
--- On Thu, 2/10/11, james@nixsecurity.org <ja...@nixsecurity.org> wrote:
> From: james@nixsecurity.org <ja...@nixsecurity.org>
> Subject: Re: [users@httpd] Problem solved was Re: [users@httpd] Problem configuring proxy (forbidden error locally)
> To: users@httpd.apache.org
> Date: Thursday, February 10, 2011, 3:28 PM
> There should be a mod_ssl RPM
> available for the Apache RPM which enables mod_ssl.
>
> [root@myhost ~]# yum search apache | grep ssl
> mod_ssl.i386 : SSL/TLS module for the Apache HTTP server
>
>
> >---- Original Message ----
> >From: o haya <oh...@yahoo.com>
> >To: users@httpd.apache.org
> >Sent: Thu, Feb 10, 2011, 3:24 PM
> >Subject: [users@httpd] Problem solved was Re:
> [users@httpd] Problem configuring proxy (forbidden error
> locally)
> >
> >Hi,
> >
> >We figured out the problem.
> >
> >As mentioned earlier, we were using the Redhat Apache
> 2.0.52 (httpd) RPM.
> >
> >Apparently, that doesn't come with mod_ssl support
> (either built-in or DSO), but we had the
> ProxyPass/ProxyPassReverse directives pointing to SSO/https
> URLs, i.e., the Apache2 had no support for SSL at all.
> >
> >We modified the ProxyPass/ProxyPassReverse directives
> to point to non-SSL URLs, and that eliminated the
> 403/Forbidden errors.
> >
> >So, the bottom line was that pointing the
> ProxyPass/ProxyPassReverse to SSL URLs, when the Apache
> didn't have SSL support, causes Apache2 to respond with
> 403/Forbidden responses...
> >
> >Thanks,
> >Jim
> >
> >
> >
> >
> >--- On Wed, 2/9/11, o haya <oh...@yahoo.com>
> wrote:
> >
> >> From: o haya <oh...@yahoo.com>
> >> Subject: Re: [users@httpd] Problem configuring
> proxy (forbidden error locally)
> >> To: users@httpd.apache.org
> >> Date: Wednesday, February 9, 2011, 11:09 PM
> >> Hi,
> >>
> >> BTW, to help guide me on what to look for, my
> understanding
> >> is that there are basically two things that can
> cause Apache
> >> to provide the 403/Forbidden response:
> >>
> >> - Linux permissions
> >> - Something in the Apache .conf files that sets a
> "deny"
> >>
> >> For the former, and assuming the we don't have any
> local
> >> resources in the <VirtualHost>s (i.e., no
> >> <DocumentRoot>), and only a bunch of
> >> ProxyPass/ProxyPassReverse directives, I think
> that the
> >> <VirtualHost> would "inherit" the
> <DocumentRoot>
> >> from the server configuration, so what we'd have
> to do is to
> >> look at where the <DocumentRoot> is pointing
> to, and
> >> confirm that the user and group specified in the
> User and
> >> Group directives in the Apache .conf files have
> >> read/write/execute perms on that and all of its
> parent
> >> directories.
> >>
> >> Is that correct?
> >>
> >> For the latter, we need to look for all "deny",
> and check
> >> that none of them apply to the <Location>
> directives
> >> in the <VirtualHost> sections.
> >>
> >> Is that correct?
> >>
> >> Thanks,
> >> Jim
> >>
> >>
> >> --- On Wed, 2/9/11, o haya <oh...@yahoo.com>
> >> wrote:
> >>
> >> > From: o haya <oh...@yahoo.com>
> >> > Subject: Re: [users@httpd] Problem
> configuring proxy
> >> (forbidden error locally)
> >> > To: users@httpd.apache.org
> >> > Date: Wednesday, February 9, 2011, 10:23 PM
> >> > Eric,
> >> >
> >> > Sorry for that. The system is at work, so
> I'll have
> >> > to get that tomorrow.
> >> >
> >> > Jim
> >> >
> >> >
> >> > --- On Wed, 2/9/11, Eric Covener <co...@gmail.com>
> >> > wrote:
> >> >
> >> > > From: Eric Covener <co...@gmail.com>
> >> > > Subject: Re: [users@httpd] Problem
> configuring
> >> proxy
> >> > (forbidden error locally)
> >> > > To: users@httpd.apache.org
> >> > > Date: Wednesday, February 9, 2011, 9:58
> PM
> >> > > On Wed, Feb 9, 2011 at 8:26 PM, o
> >> > > haya <oh...@yahoo.com>
> >> > > wrote:
> >> > > >
> >> > > > Hi Eric and Igor,
> >> > > > The Apache proxy logs show "403"
> errors.
> >> > >
> >> > > Don't paraphrase the logs. Include them
> verbatim
> >> in
> >> > your
> >> > > response.
> >> > >
> >> > >
> >> >
> >>
> ---------------------------------------------------------------------
> >> > > The official User-To-User support forum
> of the
> >> Apache
> >> > HTTP
> >> > > Server Project.
> >> > > See <URL:http://httpd.apache.org/userslist.html> for more
> >> > > info.
> >> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> > > " from the digest: users-digest-unsubscribe@httpd.apache.org
> >> > > For additional commands, e-mail: users-help@httpd.apache.org
> >> > >
> >> > >
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> ---------------------------------------------------------------------
> >> > The official User-To-User support forum of
> the Apache
> >> HTTP
> >> > Server Project.
> >> > See <URL:http://httpd.apache.org/userslist.html> for more
> >> > info.
> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> >> > For additional commands, e-mail: users-help@httpd.apache.org
> >> >
> >> >
> >>
> >>
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the
> Apache HTTP
> >> Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more
> >> info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> " from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache
> HTTP Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org