I had a big problem getting an Ubuntu Feisty Fawn Apache2 instance to use proxying rewrite rules. Firstly, mod_rewrite is not enabled by default, which is probably no bad thing. So ’sudo a2enmod rewrite’ fixes that. Now I can use a rule to allow my main server to proxy requests through to a smaller server: ‘RewriteRule ^(.*)$ http://192.168.1.16$1 [P]‘ but no - I’m getting a ‘403 Forbidden’ error. Checking the Apache error log I find ‘attempt to make remote request from mod_rewrite without proxy enabled’ So proxying needs enabling. If I do ’sudo a2enmod proxy’ the error changes to ‘client denied by server configuration’ so I try changing ProxyRequests to on in /etc/apache2/mods-available/proxy.conf, and the very insecure ‘Allow from all’ in the proxy block. Now I’m getting a warning ‘proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.’ in the error log - so I try ’sudo ln -s ../mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load’ to manually add the http sub_module and bingo! Now to tidy up the mess - other than the manually created symbolic link, all I’ve done is tweak /etc/apache2/mods-available/proxy.conf thusly:
#turning ProxyRequests on and allowing proxying from all may allow #spammers to use your proxy to send email. ProxyRequests On #
# AddDefaultCharset off # Order deny,allow # Deny from all # #Allow from 192.168.1. #
Order deny,allow Allow from all
# Enable/disable the handling of HTTP/1.1 “Via:” headers. # (”Full” adds the server version; “Block” removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block ProxyVia On
That seems to be working, although I’m sure there must have been a tidier way. Postscript - WARNING: This has just had unintended consequences - I seem have enabled some grebs to use my network to proxy requests. Other than cloaking the original destination of the traffic (and it seems to be most banner ads and clickthru redirects, from a few IP addresses) I don’t see what has been gained, and if I hadn’t been closely examining logs and traffic recently it could have slipped past my attention. So with hindsight - think very carefully about enabling proxy-http modules - I don’t know exact details of what went on, but I now regret doing it!
Ubuntu mod-rewrite has no right to access remote url(403 forbidden)
最新推荐文章于 2021-07-25 07:20:11 发布