Apache 2.0.39 forward proxy, ftp not obeying ProxyRemote

Apache 2.0.39 forward proxy, ftp not obeying ProxyRemote

Post by Jeffre » Tue, 09 Jul 2002 22:59:20



Apache 2.0.39 with mod_auth_ldap2 on Solaris 8:

Attempting to access an FTP site using the FTP proxing abilities results in
the following errors in error_log:
(Identifying marks removed)

[Mon Jul 08 17:31:46 2002] [error] (145)Connection timed out: proxy: FTP:
attempt to connect to 204.167.114.15:21 (ftp.rsa.com) failed
[Mon Jul 08 17:31:46 2002] [error] [client xxx.xxx.xx.xxx] proxy: Could not
connect to remote machine: ftp.rsa.com port 21 returned by
ftp://ftp.rsa.com/

The browser sees a 502 Bad Gateway response, but with embeded HTML tags with
the text of the first line above (The tags don't render they are in a PRE).
Most disturbing is that the ServerSignature line generated by the server
calls itself "ftp.rsa.com" (Reflects whatever ftp host you connect to)

I just finished installing and converting the config below to Apache 1.3.26
and it works as expected.  I can't find any documentation regarding changes
to the ftp forward proxying ability.  (Also tried with LDAP directives
commented out, included for completeness).  Browsing through the code, it
looks like it understands the FTP protocol now, rather than just
encapsulating in HTML, doesn't the ftp proxy respect the ProxyRemote
directive anymore?  Anyone have further information?  I've currently fallen
back to Apach 1.3.x and auth_ldap, but I thought it best to raise a query in
case its a bug.  Then again I've probably just done something incredibly
stupid.

Config used:
(Identifying information removed)
(prefork mpm, compiled as DSO, see end of email for modules loaded )
(Main server is a web server listening on port 80)

<VirtualHost _default_:8201>
    ServerName xxxxxx.xxxxxx.xxx.xxx.au:8201
    CustomLog logs/proxy_access_log combined

    ProxyRequests On
    NoProxy localhost xxx.xxx.xxx.xx
    ProxyRemote * http://127.0.0.2:8002/
# Forwards via virtual loopback to Symantec Web Security proxy

    <Proxy *>
        Order deny,allow
        Deny from all
        Allow from xxx.xx xxx.x.x xxx.xxx.xxx.xx xxx.xxx.xx

        AuthName "xxxxxxx Internet Access"
        AuthType Basic
        LDAP_Server 127.0.0.1
        LDAP_Port 389
        Base_DN "ou=Users,ou=xxxxxxx,ou=xxxxx,o=xxxxxxxx"
        UID_Attr uid
         require valid-user
    </Proxy>
   ProxyVia On
</VirtualHost>

LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule auth_ldap_module   modules/mod_auth_ldap.so

--

 Jeffrey
 Queensland, Australia.

 
 
 

1. proxyremote : chain of caching apache proxies possible ?

Hi,

I've been using Apache as a proxy for quite some time and it
works fine. Now I'm trying to do the same like Squid is capable of :

Creating a chain of proxies who all cache files and only forward a
request when their own cache does not have the file(s) in it.

When one uses the "proxyremote * http://other.faster.apache.server.com"
then the local proxy does NOT cache the files. In other words : when a
user requests a file using the 1st proxy, and the 1st proxy has a
proxyremote
to the 2nd server, then the 2nd server ALWAYS has to get the file. (from
it's cache, or from the net)

The situation is simple ; the local network has a slow connection to the
ISP,
the ISP has a fast backbone and a proxy. (also Apache) The idea is too
cache as much as possible at the local network and only to talk to
the ISP proxy when files are missing. At the moment the 1st proxy only
works as a non-caching-proxy.

Is there a way to let all proxies in the chain cache the files they get
and deliver them to the users immediately instead of talking to the
"parent" proxy for every request ?

Regards,
Walter Tak

2. konqu and java ...

3. apache proxy https ProxyRemote

4. Running Linux off a removeable SCSI drive

5. Apache with access control vs proxy (Not apache AS proxy)

6. Report Writer for a Database Application

7. Apache FTP proxy not working

8. Window Manager(s) is broken

9. Apache ftp proxy not yet done?

10. Can't upload (via FTP) to a Proxy Apache Server...

11. Apache: can't proxy FTP

12. Apache's proxy keeps ftp connections

13. COMPLIAINT: Why doesn't Sun's PPP obey the UUCP locking conventions?