2017-02-15 166 views
0

我正在嘗試使用SSL配置Apache轉發代理。以下是我的虛擬主機配置。Apache 2.4轉發代理配置問題

Listen 192.168.2.1:12149 
<VirtualHost 192.168.2.1:12149> 
    ServerName ech-192-168-2-1.test.com 
    SSLEngine On 
    SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt 
    SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key 

    ProxyVia On 
    ProxyRequests On 
    SSLProxyEngine On 
    RewriteEngine On 

    RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] 
    RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC] 
    RewriteRule .* - [F] 
</VirtualHost> 

方案1:使用curl嘗試訪問https://www.goole.com

curl -v --proxy 192.168.2.1:12149 https://www.google.com 
* About to connect() to proxy 192.168.2.1 port 12149 (#0) 
* Trying 192.168.2.1... connected 
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0) 
* Establish HTTP proxy tunnel to www.google.com:443 
> CONNECT www.google.com:443 HTTP/1.1 
> Host: www.google.com:443 
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 
> Proxy-Connection: Keep-Alive 
> 
* Proxy CONNECT aborted 
* Closing connection #0 
curl: (56) Proxy CONNECT aborted 

Seenario 2:使用curl嘗試訪問http://www.google.com

curl -v --proxy 192.168.2.1:12149 http://www.google.com 
* About to connect() to proxy 192.168.2.1 port 12149 (#0) 
* Trying 192.168.2.1... connected 
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0) 
> GET http://www.google.com/ HTTP/1.1 
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 
> Host: www.google.com 
> Accept: */* 
> Proxy-Connection: Keep-Alive 
> 
< HTTP/1.1 400 Bad Request 
< Date: Wed, 15 Feb 2017 10:03:52 GMT 
< Server: Apache 
< Content-Length: 362 
< Connection: close 
< Content-Type: text/html; charset=iso-8859-1 
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
<html><head> 
<title>400 Bad Request</title> 
</head><body> 
<h1>Bad Request</h1> 
<p>Your browser sent a request that this server could not understand.<br /> 
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> 
Instead use the HTTPS scheme to access this URL, please.<br /> 
</p> 
</body></html> 
* Closing connection #0 

但是,當我禁用了SSL,在虛擬主機,並試圖連接出站http它的工作。

虛擬主機配置:

Listen 192.168.2.1:12149 
<VirtualHost 192.168.2.1:12149> 
    ServerName ech-192-168-2-1.test.com 
    #SSLEngine On 
    #SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt 
    #SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key 

    ProxyVia On 
    ProxyRequests On 
    #SSLProxyEngine On 
    RewriteEngine On 

    RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC] 
    RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC] 
    RewriteRule .* - [F] 
</VirtualHost> 

方案1:使用curl嘗試訪問https://www.goole.com

curl -v --proxy 192.168.2.1:12149 https://www.google.com 
* About to connect() to proxy 192.168.2.1 port 12149 (#0) 
* Trying 192.168.2.1... connected 
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0) 
* Establish HTTP proxy tunnel to www.google.com:443 
> CONNECT www.google.com:443 HTTP/1.1 
> Host: www.google.com:443 
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 
> Proxy-Connection: Keep-Alive 
> 
< HTTP/1.1 500 Internal Server Error 
< Date: Wed, 15 Feb 2017 10:13:15 GMT 
< Server: Apache 
< Content-Length: 546 
< Connection: close 
< Content-Type: text/html; charset=iso-8859-1 
< 
* Received HTTP code 500 from proxy after CONNECT 
* Closing connection #0 
curl: (56) Received HTTP code 500 from proxy after CONNECT 

Seenario 2:使用curl嘗試訪問http://www.google.com

curl -v --proxy 192.168.2.1:12149 http://www.google.com 
* About to connect() to proxy 192.168.2.1 port 12149 (#0) 
* Trying 192.168.2.1... connected 
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0) 
> GET http://www.google.com/ HTTP/1.1 
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 
> Host: www.google.com 
> Accept: */* 
> Proxy-Connection: Keep-Alive 
> 
< HTTP/1.1 302 Found 
< Date: Wed, 15 Feb 2017 10:14:20 GMT 
< Server: Apache 
< Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw== 
< Cache-Control: no-cache 
< Pragma: no-cache 
< Content-Type: text/html; charset=utf-8 
< Content-Length: 660 
< Via: 1.1 ech-192-168-2-1.test.com 
< 
<HTML><HEAD> 
<TITLE>Redirect</TITLE> 
</HEAD> 
<BODY> 
<FONT face="Helvetica"> 
<big><strong></strong></big><BR> 
</FONT> 
<blockquote> 
<TABLE border=0 cellPadding=1 width="80%"> 
<TR><TD> 
<FONT face="Helvetica"> 
<big>Redirect (authentication_redirect_to_virtual_host)</big> 
<BR> 
<BR> 
</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica"> 
You are being redirected to the authentication virtual host. 
</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica"> 

</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica" SIZE=2> 
<BR> 
For assistance, contact your network support team. 
</FONT> 
</TD></TR> 
</TABLE> 
</blockquote> 
</FONT> 
</BODY></HTML> 
* Connection #0 to host 192.168.2.1 left intact 
* Closing connection #0 

回答

0

使用這種在烏爾虛擬主機向前froxy配置:

將ProxyRequests在 ProxyPreserveHost在 訂單拒絕,允許 所有 ProxyRemote * https://hostname

允許