Apache proxy: Why is one vhost returning Forbidden while the other one works?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Stefan Majewsky on Super User See other posts from Super User or by Stefan Majewsky
Published on 2014-06-04T09:18:09Z Indexed on 2014/06/04 9:28 UTC
Read the original article Hit count: 251

Filed under:
|
|
|

I have a Java application that needs to talk to another intranet website using HTTPS in both directions. After fighting with Java's SSL implementations for some time, I gave up on that, and have now set up an Apache that's supposed to act as a bidirectional reverse proxy:

external app ---(HTTPS request)---> Apache ---(local HTTP request)---> Java app

This direction works just fine, however the other direction does not:

Java app ---(local HTTP request)---> Apache ---(HTTPS request)---> external app

This is the configuration for the vhost implementing the second proxy:

Listen 127.0.0.1:8081

<VirtualHost appgateway:8081>
   ServerName appgateway.local

   SSLProxyEngine on
   ProxyPass        / https://externalapp.corp:443/
   ProxyPassReverse / https://externalapp.corp:443/
   ProxyRequests Off
   AllowEncodedSlashes On

   # we do not need to apply any more restrictions here, because we listened on
   # local connections only in the first place (see the Listen directive above)
   <Proxy https://externalapp.corp:443/*>
      Order deny,allow
      Allow from all
   </Proxy>
</VirtualHost>

A curl http://127.0.0.1:8081/ should serve the equivalent of https://externalapp.corp, but instead results in 403 Forbidden, with the following message in the Apache error log:

[Wed Jun 04 08:57:19 2014] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/

This message completely puzzles me: Yes, I have not set up any permissions on the DocumentRoot of this vhost, but everything works fine for the other proxy direction where I haven't. For reference, here's the other vhost:

Listen this_vm_hostname:443

<VirtualHost javaapp:443>
   ServerName javaapp.corp

   SSLEngine on
   SSLProxyEngine on
   # not shown: SSLCipherSuite, SSLCertificateFile, SSLCertificateKeyFile
   SSLOptions +StdEnvVars

   ProxyPass        / http://localhost:8080/
   ProxyPassReverse / http://localhost:8080/
   ProxyRequests Off
   AllowEncodedSlashes On

   # Local reverse proxy authorization override
   <Proxy http://localhost:8080/*>
      Order deny,allow
      Allow from all
   </Proxy>
</VirtualHost>

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about apache

Related posts about proxy

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle