asked on
Apache Reverse Proxy
On a customer's request I have to create a reverse proxy for following URL on customer's server running Apache on CentOS 6.
URL of the back end is https://94.57.252.195/gateway/order.json
I have added following lines in a virtualhost on Apache:
SSLProxyEngine On
ProxyPass / https://94.57.252.195/
ProxyPassReverse / https://94.57.252.195/
But when I access http://mydomain/gateway/order.json I get "Bad Request Your browser sent a request that this server could not understand." . No errors in error_logs of Apache.
I would be thankful if someone can help.
URL of the back end is https://94.57.252.195/gateway/order.json
I have added following lines in a virtualhost on Apache:
SSLProxyEngine On
ProxyPass / https://94.57.252.195/
ProxyPassReverse / https://94.57.252.195/
But when I access http://mydomain/gateway/order.json I get "Bad Request Your browser sent a request that this server could not understand." . No errors in error_logs of Apache.
I would be thankful if someone can help.
LinuxApache Web ServerWeb Servers
Last Comment
David Favor
You need to also add the certificate of the remote to your trusted list to avoid having issues.
ASKER
https://94.57.252.195/gateway/order.json alreday returns correct result therefore the default website is set and I have also tested replacing the IP with the hostname but it doesn't make any difference.
> You need to also add the certificate of the remote to your trusted list to avoid having issues.
Can you please tell me how can I download the certificate of the remote server and add to my trusted list?
> You need to also add the certificate of the remote to your trusted list to avoid having issues.
Can you please tell me how can I download the certificate of the remote server and add to my trusted list?
The IP, hostname when viewing the certificate match? You may have to disable certificate verification.
Oh, just looked at your configuration of the reverse proxy, you gave an error
Proxypass and proxypassreverse have to be mirror images of each other
Proxypass / https://destination
Proxypassreverse https://destination /
Look at the Apache logs, including error logs to see what the issue is.
You could potentially enable a more detailed logging before entering the reverse proxy, terminating after to see exactly what is being attempted and what is being received......
The ip has several certificates. The URL on the certificate is an alias yet to another domain/URL.
You might have settings/parameters that do not exist on other system and on these other system an error related to the certificate is the first thing presented.
Oh, just looked at your configuration of the reverse proxy, you gave an error
Proxypass and proxypassreverse have to be mirror images of each other
Proxypass / https://destination
Proxypassreverse https://destination /
Look at the Apache logs, including error logs to see what the issue is.
You could potentially enable a more detailed logging before entering the reverse proxy, terminating after to see exactly what is being attempted and what is being received......
The ip has several certificates. The URL on the certificate is an alias yet to another domain/URL.
You might have settings/parameters that do not exist on other system and on these other system an error related to the certificate is the first thing presented.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
This often is a setup where default website is not set, unless you request the correct hosted sore, you would get no information.
You have to use a specific name I.e sone reference.sonedomain.com
Once added, your rules will strip the URL to make sure the subsequent links will flow through the proxy.
The other issue, often reverse proxy protects an internal server from direct access, possible attack vector.
You are referencing a public ip, so a request will go over the wan to the ip, the response will flow back that will then be forwarded to the client who made the initial request.