0
我正在嘗試使用SSL配置Apache轉發代理。以下是我的虛擬主機配置。Apache 2.4轉發代理配置問題
Listen 192.168.2.1:12149
<VirtualHost 192.168.2.1:12149>
ServerName ech-192-168-2-1.test.com
SSLEngine On
SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key
ProxyVia On
ProxyRequests On
SSLProxyEngine On
RewriteEngine On
RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC]
RewriteRule .* - [F]
</VirtualHost>
方案1:使用curl嘗試訪問https://www.goole.com
curl -v --proxy 192.168.2.1:12149 https://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted
Seenario 2:使用curl嘗試訪問http://www.google.com
curl -v --proxy 192.168.2.1:12149 http://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Date: Wed, 15 Feb 2017 10:03:52 GMT
< Server: Apache
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Closing connection #0
但是,當我禁用了SSL,在虛擬主機,並試圖連接出站http它的工作。
虛擬主機配置:
Listen 192.168.2.1:12149
<VirtualHost 192.168.2.1:12149>
ServerName ech-192-168-2-1.test.com
#SSLEngine On
#SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
#SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key
ProxyVia On
ProxyRequests On
#SSLProxyEngine On
RewriteEngine On
RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC]
RewriteRule .* - [F]
</VirtualHost>
方案1:使用curl嘗試訪問https://www.goole.com
curl -v --proxy 192.168.2.1:12149 https://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 15 Feb 2017 10:13:15 GMT
< Server: Apache
< Content-Length: 546
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
* Received HTTP code 500 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 500 from proxy after CONNECT
Seenario 2:使用curl嘗試訪問http://www.google.com
curl -v --proxy 192.168.2.1:12149 http://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Date: Wed, 15 Feb 2017 10:14:20 GMT
< Server: Apache
< Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw==
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Content-Length: 660
< Via: 1.1 ech-192-168-2-1.test.com
<
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
You are being redirected to the authentication virtual host.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>
* Connection #0 to host 192.168.2.1 left intact
* Closing connection #0