Hi there,

I set up an apache on a debian lenny.
I do have a virtual host that uses the redirect module.

Now all access to that virtual host is blocked.
only when I alter the config file of the proxy module to allow access from
everywhere I can access the site:
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off

<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from wv.opensourcevista.net
Allow from all <------- this I belive is bad
</Proxy>

# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via:
headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>

now this is for sure wrong.
So could somebody please give me a hint what should be in the <Proxy /> stanza?

thanks a lot
robert

here is the virtual host stanza I am using:

<VirtualHost *:80>
ServerName wv.opensourcevista.net
ServerAdmin robert [at] redcor.ch

DocumentRoot /var/www/
ErrorLog /var/log/apache2/wv_error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug

CustomLog /var/log/apache2/wv_access.log combined


# don't loose time with IP address lookups
HostnameLookups Off

# needed for named virtual hosts
UseCanonicalName Off

# configures the footer on server-generated documents
ServerSignature On

RewriteEngine On

# use #RewriteLog to debug problems with your rewrite rules
# disable it after you found the error our your harddisk will be filled
*very fast*
#RewriteLog "/var/log/apache2/rewrite_log"
#RewriteLogLevel 2

RewriteRule /(.*)/$
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80 /wv/VirtualHostRoot/$1
[L,P]
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80 /wv/VirtualHostRoot/$1
[L,P]
</VirtualHost>


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

On 29 Dec 2009, at 10:38, robert rottermann wrote:

> Hi there,
>
> I set up an apache on a debian lenny.
> I do have a virtual host that uses the redirect module.

Ugly!

> Now all access to that virtual host is blocked.
> only when I alter the config file of the proxy module to allow access from
> everywhere I can access the site:

That's what you (usually) want for a reverse proxy.

> <IfModule mod_proxy.c>

Drop <IfModule>. It only serves to confuse, if you're editing your config
"by hand" (as opposed to purely with tools like debian's a2enmod).

> now this is for sure wrong.
> So could somebody please give me a hint what should be in the <Proxy /> stanza?

You're confusing forward and reverse proxies. Forward proxies are
dangerous and need to be restricted, but you've correctly set
ProxyRequests Off, so you don't have a forward proxy. Reverse
proxies are, to all intents and purposes, equivalent to origin servers.

But put all your proxy directives inside the <VirtualHost>.
And <Proxy> is usually a bad idea: use <Location> instead.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

Am 29.12.2009 12:48, schrieb Nick Kew:
>
> On 29 Dec 2009, at 10:38, robert rottermann wrote:
>
>> Hi there,
>>
>> I set up an apache on a debian lenny.
>> I do have a virtual host that uses the redirect module.
>
> Ugly!
>
>> Now all access to that virtual host is blocked.
>> only when I alter the config file of the proxy module to allow access from
>> everywhere I can access the site:
>
> That's what you (usually) want for a reverse proxy.
>
>> <IfModule mod_proxy.c>
>
> Drop <IfModule>. It only serves to confuse, if you're editing your config
> "by hand" (as opposed to purely with tools like debian's a2enmod).
>
>> now this is for sure wrong.
>> So could somebody please give me a hint what should be in the <Proxy /> stanza?
>
> You're confusing forward and reverse proxies. Forward proxies are
> dangerous and need to be restricted, but you've correctly set
> ProxyRequests Off, so you don't have a forward proxy. Reverse
> proxies are, to all intents and purposes, equivalent to origin servers.
>
> But put all your proxy directives inside the <VirtualHost>.
> And <Proxy> is usually a bad idea: use <Location> instead.
>
thanks a lot,
I never used such an proxy directive and was wondering whether I was always
creating an open proxy.
now the only thing I had to do, was to delete the config file provided by debian..

by the way: why is using the redirect module ugly?

thanks again
robert


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org