Are you trying to set up a Forward Proxy or a Reverse Proxy (explanation: http://www.jscape.com/blog/bid/87783/Forward-Proxy-vs-Reverse-Proxy)?
Your configuration looks like a forward proxy but your email implies that you really want a reverse proxy. See this part of the HTTPD manual for more about reverse proxy setup: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse A reverse proxy is activated using the ProxyPass<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass> directive or the [P] flag to the RewriteRule<http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule> directive. It is *not* necessary to turn ProxyRequests<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests> on in order to configure a reverse proxy. - Y On Tue, Feb 11, 2014 at 7:51 AM, Sittampalam, Nagu < [email protected]> wrote: > Hello > > > > WE are trying to setup HTTPS tunnelling to a backend server through > Apache proxy but we are finding the client connect but Apache does not > send through the traffic the backend server. > > > > The config we have on our Apache proxy virtual host is > > > > <VirtualHost 172.19.1.136:443> > > > > DocumentRoot "/usr/local/apache2221/htdocs/ibcm/" > > ServerName test.testdom.local > > ErrorLog logs/ibcm > > ServerAdmin [email protected] > > ProxyRequests On > > AllowConnect 443 > > SSLEngine on > > SSLHonorCipherOrder On > > SSLProtocol -ALL +SSLv3 +TLSv1 > > SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM > > > > SSLCertificateFile "/etc/ssl/crt/ibcm.crt" > > > > SSLCertificateKeyFile "/etc/ssl/crt/testdom.key" > > > > SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.crt" > > > > <proxy *> > > Order deny,allow > > Deny from all > > </proxy> > > > > <ProxyMatch (webssl.testdom.com|192.168.50.100)> > > Order deny,allow > > Allow from all > > </ProxyMatch> > > </VirtualHost> > > > > Anybody know what we are not doing correctly. Also we found Apache would > not start without us putting in the root certificate. Thought it would not > need any certificate for tunnelling so wonder if we have missed something. > > > > > > > > > > Nagu Sittampalam | Security Team Leader , IT Solutions Division | > Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax: > 02380 832973 | e-mail [email protected] | e-mail > [email protected] | post Capita ITS, 1st Floor, One Guildhall > Square, Above Bar, Southampton, SO14 7FP > This email and any files transmitted with it are confidential, and may be > subject to legal privilege, and are intended solely for the use of the > individual or entity to whom they are addressed. > If you have received this email in error or think you may have done so, > you may not peruse, use, disseminate, distribute or copy this message. > Please notify the sender immediately and delete the original e-mail from > your system. > > >
