"Proxy proxy"!

Fri Sep 26 15:10:51 MSD 2008

Hi Denis, thanks for your suggestions. I tried all these but they  
didn't make any difference.

(Incidentally X-Real-Remote-IP is used in one of our applications, but  
I tried both with and without, and neither worked.)

Any other thoughts?

Thanks very much,
Igor

On 26 Sep 2008, at 11:50, Denis F. Latypoff wrote:

> Hello Igor,
>
> Friday, September 26, 2008, 5:37:28 PM, you wrote:
>
>> Hi,
>
>> We have a linux box hosted at an ISP which has been running various
>> sites on Apache for some time. I'm in the process of porting the  
>> sites
>> on it to nginx. At the moment I just have the default ('_') nginx
>> server proxy_pass-ing everything to Apache on a local high port  
>> like so:
>
>>        server {
> -                 listen                  x.x.x.x:80;
> -                 server_name     _       default;
> +                 listen                  x.x.x.x:80 default;
> +                 server_name     _;
>
>>                location / {
>>                        proxy_pass                      http://127.0.0.1:8080 
>> ;
>>                        proxy_set_header        Host                 
>> $http_host;
> -                         proxy_set_header        X-Real-Remote- 
> IP    $remote_addr;
> +                         proxy_set_header        X-Real- 
> IP           $remote_addr;
>>                        proxy_set_header        X-Forwarded-For      
>> $proxy_add_x_forwarded_for;
>>                }
>>        }
>
>> and I'm just implementing new specific server {} blocks identified
>> with server_name for each site as I go. All the sites work fine, so
>> far so good.
>
>> The Apache setup is configured to act as a forward proxy, restricted
>> to our network and with basic auth, as we occasionally need to check
>> how things look from outside our network, or to be able to look back
>> at our network from outside.
>
>> I've added the local address in the Allow from list in the Apache
>> proxy config, but I can't seem to get it to allow proxy requests for
>> remote URLs; it just says 403. It allows proxy requests for sites
>> hosted on that machine, but nothing else. I'm fairly sure the Apache
>> config is otherwise good, as we've been using it like this for a  
>> while
>> and it hasn't changed other than the new local Allow address.
>
>> Perhaps it's something to do with host-header mangling, or  
>> similar ...
>> Is there a way to get this to work? I guess we could open port 8080  
>> on
>> the firewall so that we can access the Apache proxy directly, but I'm
>> interested to know if there's another way.
>
>> Thanks,
>> Igor
>
>
> -- 
> Best regards,
> Denis                            mailto:denis at gostats.ru
>
>

--
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355  
• www.pokelondon.com