RE: [users@httpd] mod_proxy for rpc over https

Lindsay Hausner Tue, 26 Jun 2007 12:26:35 -0700


-----Original Message-----
From: Lokesh K B Reddy [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 26, 2007 9:56 AM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: RE: [EMAIL PROTECTED] mod_proxy for rpc over https


Hi,

        Forgot to update Apache details..

Server version: Apache/2.0.52
Server built:   Jan 30 2007 09:56:16
OS : RHEL4 Update 4
Apache : Using Redhat RPM..


Regards,
 
Lokesh 

-----Original Message-----
From: Lokesh K B Reddy 
Sent: Tuesday, June 26, 2007 9:54 AM
To: '[email protected]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: [EMAIL PROTECTED] mod_proxy for rpc over https

Hi,

        Still RPC over HTTPS is not working after adding AllowCONNECT
443. Here is my configuration, with this OWA (Outlook Web Access) is
working fine , only problem with RPC over HTTPS.

<VirtualHost 158.218.128.115:443>
        ServerName exchange.sensata.com:443
        # This secures the server from being used as a third party
        # proxy server
        ProxyRequests Off

        # Allows the proxying of a SSL connection
        AllowCONNECT 443 80 593 60001 60002 60003 60004
        SSLProxyEngine On
        ProxyVia On

        # Header Stuff
        AddDefaultCharset UTF-8
        RequestHeader unset Accept-Encoding
        #RequestHeader set Front-End-Https "On"
        HostnameLookups Off
        UseCanonicalName Off

        # Proxy Preserving the hostname
        ProxyPreserveHost On

        # SSL Stuff
        SSLProtocol All
        SSLEngine On

        DocumentRoot /opt/www/exchange

        # Configuration of RPC over HTTPS #
        ###
        ProxyPass / https://myexch.roof.com/
        ProxyPassReverse / https://myexch.roof.com/
        CacheDisable *
        ###
        # SSL Certificate #
        SSLCertificateFile /opt/www/exchange/exchange.cer
        SSLCertificateKeyFile /opt/www/exchange/exchange.key
        # Extras Stuff #
        ###
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        ###
        # Log file
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" com
        CustomLog /opt/www/logs/exchange/access_log combined
env=!dontlog
        ErrorLog /opt/www/logs/exchange/error_log

</VirtualHost>


158.218.128.115 --> My Virtual IP address.
Myexch.roof.com --> My F5 Load Balancer

Here is the design structure :

Exterbal IP --> Apache:443(DMZ) --> F5 Load Balancer:443(internal
network)-SSL Offloading --> Exchange Front-end server:80

Here is the website , I say BUG info:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
http://issues.apache.org/bugzilla/show_bug.cgi?id=40029

Error Logs :

[Mon Jun 25 17:43:11 2007] [error] (104)Connection reset by peer: proxy:
pass request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun
25 17:45:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:48:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:52:46 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com) [Mon Jun 25
17:55:21 2007] [error] (104)Connection reset by peer: proxy: pass
request data failed to 10.41.0.131:443 (Myexch.roof.com)

Access Logs :

158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 503 - "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:36:10 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?sdcpad02.sso.sensata.ad:593 HTTP/1.1" 104 628 "-"
"MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:06 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_IN_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 104 628 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6001 HTTP/1.1" 200 128 "-" "MSRPC"
158.218.168.103 - - [26/Jun/2007:09:35:07 -0400] "RPC_OUT_DATA
/rpc/rpcproxy.dll?mailbox.roof.com:6002 HTTP/1.1" 200 128 "-" "MSRPC"

mailbox.roof.com --> My Mailbox server.

Please guide me , how to go further..

Thanks in advance,..
Regards,
 
Lokesh 

You may need a 'Listen 443' directive in you main server configuration...

lh..

smime.p7s
Description: S/MIME cryptographic signature

RE: [users@httpd] mod_proxy for rpc over https

Reply via email to