Talkback for article: 147, March2000

Using Apache ProxyPass to access servers behind a Masquerading

Back to: http://cgi.linuxfocus.org/English/March2000/article147.shtml

From: atif ghaffar <atif(at)developer.ch> [ date: 2000-03-09 ]
first talkback :)
From: Salvador Jimenez <sjimenez(at)spin.com.mx> [ date: 2000-03-10 ]
Great!!!
I was looking for a solution like this instead of punch
holes in my firewall.

Thanks.
From: Prashanth Nandavanam <pn(at)post.com> [ date: 2000-08-07 ]
Great article. I was able to use the cofig information right away! Look forward to more...
From: Conrad Hagemans <conrad(at)hagemans.com> [ date: 2000-09-30 ]
The article helped me a lot setting up a server behind my firewall.
But the CGI-SCRIPTS on that machine will not run. They run if I connect from an internal PC directly to that server but not with ProxyPass.
Who can help?
Here is a part of my httpd.conf:

NameVirtualHost www.hagemans.com

<VirtualHost www.hagemans.com>
ServerAdmin root@hagemans.com
DocumentRoot /schijf5/thuis/httpd/html
ServerName www.hagemans.com
ErrorLog logs/error_log
TransferLog logs/access_log
# ServerAlias hagemans.com *.hagemans.com
</VirtualHost>

<VirtualHost www.hagemans.com>
ServerName om.hagemans.com
ProxyPass / http://om.hagemans.com/
TransferLog logs/om_access_log
ErrorLog logs/om_error_log
DocumentRoot /home/httpd/html
ScriptAlias /cgi-bin /home/httpd/cgi-bin
</VirtualHost>


From: Atif Ghaffar <atif(at)developer.ch> [ date: 2000-09-30 ]
Find the line like
ScriptAlias /cgi-bin .... in the external server's
conf file, remove the line and restart the httpd process

Also, your configuration is not correct
It should be
NameVirtualHost ipaddress

and then for each virtualhost
<VirtualHost ipaddressThatYouDefinedAbove>
ServerName www.something.something

the rest is ok.
From: Christian Bienmueller <christian_bienmueller(at)acs-gmbh.de> [ date: 2000-11-20 ]
Hi

Does anyone have experiences with proxypass and both http and https? Thanks

Hallo

Hat schon jemand Erfahrung, wie man mittels ProxyPass auf einen webServer mit HTTP UND HTTPS zugreifen kann?

Danke für Antworten - Christian
From: Colin McCouig <colinmc(at)black-sun.cix.co.uk> [ date: 2000-11-20 ]
Hi,
I am trying to set up namevirtualhost to proxy onto another namevirtual host on the same server. Everything seems to work apart from passing QUERY_STRING.
In outline, I have a number of servers clustered by a cisco Localdirector. All servers have a namevirtualsite fred.com and each server also has a unique site www1.fred.com, www2.fred.com etc. The servers are running coldfusion which in turn is talking to a backend database. all communication is via the local director, so this is why I need the unique sites to establish the one to one relationship between coldfusion and the database. If we don't do this localdirector will loadbalance the connection and the responce will go to a different server.
I believed that running fred.com as a shell site with just
proxypass / http://www1.fred.com/
proxypassreverse / http://www1.fred.com/
would push the URL to www1.fred.com in a transparent manner and indeed it does. However if the URL contains query info e.g. http://fred.com/index.cfm?ID=1234,method=full
Then the query is split off and placed in the environmental variable QUERY_STRING. It then appears that the proxy pass occurs but the QUERY_STRING does not get passed.
Does anybody have any ideas.
Thanks in anticipation
Colin.
From: Indibil <cuidadin(at)altavista.com> [ date: 2000-12-31 ]
At work we access Internet through a Proxy Server in headquarters office.
We are interesting in making a PC with Linux acting as Proxy in our local office.
So that, this Linux proxy would connect to the actual proxy.

I have added this in http.conf:

ProxyRequests on
ProxyRemote * http://192.168.4.86:8080

I have setup the NetScape to access the linux proxy.
It ask me for user and password, but an error is returned.

Can you help me?
Thanks in advance

Indibil
From: Gary Argraves <gArgraves(at)earthlink.net> [ date: 2001-03-07 ]
Hi,

Help:
I use proxyPass, but have a problem I can not solve. The setup is a WWW server will send request to Class C network behind WWW server. The proxy requests are delayed 80 seconds before they are passed. I monitor the apache access log and the WWW inbound request does not get appended for about 80 seconds.

here is a URL that exhibits the problem:
http://www.arraygenetics.com/siFind3.html

The system is SuSE 7.0 Linux. The proxy machine is Win-ME running apache.
Can the problem have something to do with keep alives between systems ?

Any help will be greatly appreciated.

Thanks,
Gary

From: Jim Bradbury <jim(at)bradbury.org> [ date: 2001-09-14 ]
I have Apache running on my RedHat 7.1 box. I recently installed
a firewall box doing Network Address Translation (NAT) and now
I can't get Apache working again. This article will definitely
help me get things sorted out and working again.

Thanks,

-= Jim =-
From: Chris [ date: 2001-10-11 ]
Just wanted to say thanks! I was actually searching for something else when I came across the page, but this was on my todo list. I knew there was an easy way to go about it, but using mod_proxy never occured to me.
From: obi-1-kenobi [ date: 2001-11-14 ]
Wait a second,
Using this i should be able to run a webserver, dns behind a firewall router??
From: Michael Mowbay <talkback(at)michaelmowbray.net> [ date: 2002-01-01 ]
This all works really well for me except in the case where the "target" of the ProxyPass is a VirtualHost defined on the internal machine. I just can't get that going - it always goes to the default (first) VirtualHost definition. Anyone had any luck with that?
From: Tim <none(at)noemail.com> [ date: 2002-03-17 ]
Excellent. Quick. Concise. I was looking for a way to proxy netsaint through to two other datacenter netsaint boxes already connected via encrypted tunnels on the backend --had to add the specific vhost on the backend. Works well and no need for ACL changes :)
Apache.orgs documentation is excellent, but sometimes they do not get to the point.

...that should help with Michaels problem as well.


Thanks,

Tim
FreeBSD, Linux Solaris, NT admin
*a top ten internet property via unique visitors (media metrix)

From: Ian [ date: 2002-04-05 ]
Excellent! I used ssh -R to punch though a firewall to an external web server, and proxypass on that server to forward requests to the ssh port:

On the local (firewalled) machine:

ssh -R 8000:localhost:80 -N user@webserver

and on the webserver:

ProxyPass /test http://127.0.0.1:8000

So requests for /test on the webserver are forwarded over ssh to the machine inside the firewall.

Ian

From: Jitendra <jitendrac(at)kpit.com> [ date: 2002-04-29 ]
Hi,
what sort of cofiguration will be needed for the following case:
A single instance of apache connected to different instances of weblogic running on different ports? Does weblogic plugin will help in this situation or need to use ProxyPass or ProxyRemote directives??
What can be the solution to this problem?

Thanks in advance,
Jitendra
From: serge <sergey(at)verisity.com> [ date: 2002-05-26 ]
I can't see images from passed site.
Who can help?
Here is a part of my httpd.conf :

ProxyPass /internal http://external.com
ProxyPassReverse /internal http://external.com
CacheDefaultExpire 24
All <img=/images/foo.gif> and link look like http:/bar/internal/images/foo.gif.
But link broken.
From: Mpume Msimanga <mmsimanga(at)ufh.ac.za> [ date: 2002-05-30 ]
Hi there

I am a new user of the Apache web server. My computer is behind a firewall and I just wanted to confirm whether I have performed the correct steps to make my server visible to the outside would.

1. Enabled mod_proxy
2. Enabled proxies i.e. I added the following code to my config file
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
3.This is the configuration for my virtual host
NameVirtualHost 196.21.105.197
<VirtualHost 196.21.105.197>
ServerAdmin mmsimanga@ufh.ac.za
DocumentRoot C:/Nambya
ServerName www.nambya.za.net
ProxyPass / http://www.nambya.za.net
</VirtualHost>

PLEASE help me, I am going insane!!!
Mpume, South Africa







From: Rene Visscher <r.g.w.visscher(at)rgvisscher.dhs.org> [ date: 2002-08-06 ]
Dear Atif,

i've read your article and I tried to implement it to my machine. I'va the same construction you mentioned, a extern webserver with behind a firewall a webcam on http://192.168.0.11 (http://siemens.rgvisscher.dhs.org)

But I can not refer to the machine behind the firewall. Could it be that squid (8080) also the cause or how can I check that mod_proxy is active?
<VirtualHost 24.132.196.212>
ServerAdmin root@rgvisscher.dhs.org
DocumentRoot "/usr/local/apache/htdocs/familie"
ServerName familie.rgvisscher.dhs.org
ServerPath /familie/
RewriteEngine On
RewriteRule ^(/familie/.*) /usr/local/apache/htdocs/subdomain$1
ErrorLog /home/familie/html/error_log
CustomLog /usr/local/apache/logs/access_log common
</VirtualHost>

<VirtualHost 24.132.196.212>
ServerAdmin root@rgvisscher.dhs.org
ServerName webcam.rgvisscher.dhs.org
ProxyPass /siemens/ http://siemens.rgvisscher.dhs.org/
TransferLog /usr/local/apache/logs/proxpass.log
ErrorLog /usr/local/apache/logs/proxerror.log
</VirtualHost>
<VirtualHost 24.132.196.212>
ServerName webcam.rgvisscher.dhs.org
ProxyPass / http://siemens.rgvisscher.dhs.org/
TransferLog /usr/local/apache/logs/proxpass.log
ErrorLog /usr/local/apache/logs/proxerror.log
</VirtualHost>

From: fer <ferdiab(at)ieee.org> [ date: 2002-10-17 ]
the problem is that we have frontserver on solaris machine and apache. we setuped the proxypass on this server to two remote servers which are another solaris machine and a windows machine with IIS. we have the second two machines in secure zone while the first frontserver is in the semisecure zone. we have this configuration and it is working. suddenly we have electricity problem and the front server shutdown. we start it again but we surprised that it is working to pass requests to the solaris machine but not to the windows machine. we have page not found error when we try to acess the configuraion with the windows proxypass from out side the LAN but have no problem when accessing it from inside the LAN. what could be the configuration which will affect this....

please try to respond as fast possible and i am thankful for u........


From: sam <painkil(at)hotmail.com> [ date: 2002-10-20 ]
Hi, I am on a network but I don`t have access to the server and the server has a firewall. I want to make other users to conect to my computer but because of the firewall and the localhost I can`t do it. can you tall me how to do it?
From: Marcel Petersen <M.Petersen(at)Karolinenhof.de> [ date: 2002-10-21 ]
Hi, I've big problem with the mod_proxy-Module. My Apache-definitions seems to work as a free global proxy and on top of that it is posted in Google-groups. How can I restrict the connections to my remote servers ?

<VirtualHost *>
ServerName www.virgenius.de
ProxyRequests on
ProxyPass / http://192.168.0.206/xy/abc/
<Directory proxy*>
Order deny,allow
Deny from all
Allow from all
</Directory>
ErrorLog /var/log/httpd/virgenius-err_log
CustomLog /var/log/httpd/virgenius-log common
</VirtualHost>

Thanks in advance, Marcel



From: Rene Cunningham <rene(at)dcnut.com> [ date: 2002-12-01 ]
Great tute. Was exactly what i was looking for!

--
Rene
From: Antoine Megens [ date: 2003-02-04 ]
Great howto, worked the first try right!
Apache rulez.

From: Martin <martin.zemljic(at)astec.si> [ date: 2003-02-18 ]
Thank you for this clear howto.
I am using using ProxyPass to link environments in a laaarge enterprise network. Method to "publish" an intranet http server between parts of network that are not visible to each other is to combine ProxyPass directive and <Directory /> ACLs.

Martin

From: Farhad Saberi <f.saberi(at)ville.laval.qc.ca> [ date: 2003-03-20 ]
Hi, does anyone know if I can pass variables in the ProxyPass URL ? This
is what I mean :

ProxyPass /csat http://www.ville.laval.qc.ca/pls/adml.a_wlaval.show?p_no=6

It seems that the http post (p_no=6), apache 1.3.17 does not like. No
syntax error is given and httpd can be restarted, but /csat is passed
to "/" instead of the specifed URL, and I think it's because of the variable
at the end. Does anybody know ? Thanks,
--Farhad from Canada.
From: abs <uaefox18(at)yahoo.com> [ date: 2003-06-11 ]
الى الاخ عاطف ممكن تعطيني اي مساعده لاجتياز البروكسي
واعتبرني مبتدا في هذا المجال
وشكرا
From: drcyc [ date: 2003-08-17 ]
Thanks so much for all the suggestions given in this thread -- using them I was able to get my development web server (behind a firewall) proxied through another public server using a remote ssh tunnel.
From: Glenn [ date: 2003-10-02 ]
In the real world example, both ProxyPass lines are identical, and there is none for /image.

For Serge's issue (2002-05-26, <img src="/image/foo.gif"> broken), my understanding is that a separate ProxyPass statement is needed for /image.

Thanks for posting the tutorial!
From: kokounonou [ date: 2004-01-24 ]
Very helpful and interesting article. Will try to implement it at work.
Thanks
From: Alex [ date: 2004-05-17 ]
How to control ProxyPass priority, i have one name for example foo.com
and i need to make something like this:

ProxyPass /mirror http://internal.foo.lan:8080/
ProxyPass / http://internal2.foo.lan/

ProxyPassReverse /mirror http://internal.foo.lan:8080/
ProxyPassReverse / http://internal2.foo.lan/

But then i do this, i get error: mirror not found, becouse everything goes thrue "/" (internal2.foo.lan and there is no /mirror)

Meybe somebody knows how to solve this problem ?
From: Nick [ date: 2004-10-12 ]
Hmm, I thought this was a comments page, not a "help I'm lame and can't read documentation" page?
From: abdou <abd_mo_anwar(at)yahoo.com> [ date: 2005-02-13 ]
انا اقطرح على حضرتك انك تدعم الشرح بصور وخطوات كلى يسهل على المستخدم العادى الوصول الى الغرض المطلوب بيسر وشكرا على هذا الموضوع الجميل ورجاء اكون من اول من ترسل لهم النسخه المدعمه بالصور القوائم والشرح الوافر مع الشكرر

33 talkbacks in English
Other talkbacks:   Italiano Castellano Francais




Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to http://cgi.linuxfocus.org/English/March2000/article147.shtml

Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback

lftalkback version 3.10