Ap1.3.27: ProxyPass/VIrtHost problem

Ap1.3.27: ProxyPass/VIrtHost problem

Post by Mathias Koerbe » Fri, 02 May 2003 20:24:58



I have a problem with my Apache 1.3.27 (Linux) to forward requests
from the outside network to a host on the inside network.

General setup:

Firewall/Main Webserver:
        Apache 1.3.27

        This server is also used as proxy for my intranet to proxy requests
        to the outside:

                ProxyRequests On
                proxyRemote * http://proxy.myisp.example:8080

                ExpiresActive   on
                ExpiresDefault "modification plus 1 day"
                ExpiresByType image/jpeg "access plus 1 day"
                ExpiresByType text/html "modificatin plus 14 days"

                # To enable the cache as well, edit and uncomment the following lines:

                #CacheRoot /usr/local/apache/var/proxy
                CacheRoot /u6/proxy
                CacheSize 5
                CacheGcInterval 4
                CacheMaxExpire 24
                CacheLastModifiedFactor 0.1
                CacheDefaultExpire 1

                # only allow the intranet site to use the proxy
                <Directory proxy:*>
                order deny,allow
                deny from all
                allow from 172.22.22.0/24 localhost 127.0.0.1
                </Directory>

        This server then is set up to sevr multiple virtual hosts to
        the outside world. A few are still hosted on this machine
        while others are to be transparently forwarded to the
        internal webserver which will server those also in a virtual
        host setup

                # The WWW server
                NameVirtualHost 172.22.22.1:80
                NameVirtualHost mypublicIP:80
                NameVirtualHost 127.0.0.1:80

                # new HOME
                <Virtualhost 172.22.22.1 mypublicIP:80 127.0.0.1:80>
                ServerAdmin webmas...@site.example
                ServerName home.site.example
                ErrorLog logs/home-error_log
                TransferLog logs/home-access_log
                CustomLog logs/home-custom_log request

                # allow the outside world to access this (need to override the global
                # proxy perms denying the outside world for this!
                <Directory proxy:http://home.site.example*>
                order deny,allow
                allow from all
                </Directory>

                # now pass all requests for home.koerber.org to the internal
                # home.koerber.org. Hopefully it resolves to the internal IP
                # address here (it does, at least from the commandline/dig :-)
                ProxyPass / http://home.site.example/
                </VirtualHost>

                <Virtualhost 172.22.22.1 mypublicIP:80 127.0.0.1:80>
                ServerAdmin webmas...@site.example
                ServerName testwiki.site.example
                ErrorLog logs/testwiki-error_log
                TransferLog logs/testwiki-access_log
                CustomLog logs/testwiki-custom_log request

                <Directory proxy:http://testwiki.site.example*>
                order deny,allow
                allow from all
                </Directory>

                ProxyPass /     http://testwiki.site.example/
                </VirtualHost>

The actual webserver is set up similar, ie it has virtual host
definitions. This too is Apache 1.3.27:

                NameVirtualHost *

                # the first VH is the default
                <VirtualHost *>
                ServerName home.site.example
                ServerALias ...
                DocumentRoot ...
                </VirtualHost>

                # the next VH is a TWIKI and needs its own script-dirs etc:
                <VirtualHost *>
                ServerName testwiki.site.example
                DocumentRoot /var/www/testwiki/html

                <Directory "/var/www/testwiki/html">
                    Options Indexes FollowSymLinks
                    AllowOverride None
                    Order allow,deny
                    Allow from all
                </Directory>

                <IfModule mod_alias.c>
                    Alias /icons/ "/var/www/testwiki/icons/"

                    <Directory "/var/www/testwiki/icons">
                        Options Indexes MultiViews
                        AllowOverride None
                        Order allow,deny
                        Allow from all
                    </Directory>
                    ScriptAlias /cgi-bin/ "/var/www/testwiki/cgi-bin/"

                    <Directory "/var/www/testwiki/cgi-bin">
                        AllowOverride None
                        Options None
                        Order allow,deny
                        Allow from all
                    </Directory>

                </IfModule>

                ScriptAlias /twiki/bin/ "/u1/twiki/testwiki/bin/"
                Alias /twiki/ "/u1/twiki/testwiki/"
                <Directory "/u1/twiki/testwiki/bin">
                   Options +ExecCGI
                   SetHandler cgi-script
                   Allow from all
                   AllowOverride All
                </Directory>
                <Directory "/u1/testwiki/pub">
                   Options FollowSymLinks +Includes
                   AllowOverride None
                   Allow from all
                </Directory>
                <Directory "/u1/twiki/testwiki/data">
                   deny from all
                </Directory>
                <Directory "/u1/twiki/testwiki/templates">
                   deny from all
                </Directory>
                </VirtualHost>

When I directly connect to the internal server (home.site.example resolves
directly to it on the intranet), everything works fine.

Whenever I connect to the public IP address from an outside system and
issue a HTTP/1.2 GET, like this:

        $ telnet mypublicIP 80
        Trying mypublicIP...
        Connected to mypublicIP.
        Escape character is '^]'.
        GET http://home.site.example/twiki/Main/ HTTP/1.1
        Host: home.site.example

the external webserver goes into a loop trying to look up the
page in its cache instead of forwarding it to the internal
server:

        home-error_log:
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
                [Wed Jan  8 21:53:22 2003] [debug] proxy_util.c(1450): File /u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not present or expired. Declining.
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
                [Wed Jan  8 21:53:22 2003] [debug] proxy_util.c(1450): File /u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not present or expired. Declining.
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1045): Request for http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
                [Wed Jan  8 21:53:22 2003] [debug] proxy_util.c(1450): File /u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
                [Wed Jan  8 21:53:22 2003] [debug] proxy_cache.c(1308): Local copy not present or expired. Declining.
                [Wed Jan  8 21:53:23 2003] [debug] proxy_cache.c(1045): Request for http://home.site.example/twiki/Main/, pragma_req=(unset), ims=0
                [Wed Jan  8 21:53:23 2003] [debug] proxy_util.c(1450): File /u6/proxy/u/A/Y/cLSoEwNm2OH6z7H71UA not found
                [Wed Jan  8 21:53:23 2003] [debug] proxy_cache.c(1308): Local copy not present or expired. Declining.

ad infinitum (until the server quickly reaches some limit and dies)

How can I make it NOT try to always look up this URL in its cache
(or go and fetch the data as it is not found in the cache)?

I tried adding
        NoCache home.site.example
to the global proxy configuration and to the VirtualHost definition for
home.site.example, w/o luck. I also tried using ProxyRequests On

I am stumped. Can anyone help point out the problem?

is there a way to debug Apache's internal rewriting/proxying and DNS
lookups etc?

thanks