From nobody@hyperreal.com Thu Feb 13 14:02:58 1997 Received: by taz.hyperreal.com (8.8.4/V2.0) id OAA29818; Thu, 13 Feb 1997 14:02:58 -0800 (PST) Message-Id: <199702132202.OAA29818@taz.hyperreal.com> Date: Thu, 13 Feb 1997 14:02:58 -0800 (PST) From: Dara Gallagher Reply-To: Dara@internet-ireland.ie To: apbugs@hyperreal.com Subject: ProxyRemote doesn't seem to work for https X-Send-Pr-Version: 3.2 >Number: 173 >Category: mod_proxy >Synopsis: ProxyRemote doesn't seem to work for https >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Feb 13 14:10:01 1997 >Last-Modified: Thu Jan 22 09:15:36 PST 1998 >Originator: Dara@internet-ireland.ie >Organization: >Release: 1.2b6 >Environment: FreeBSD 2.1, gcc >Description: using ProxyRemote https http://ios.internet-ireland.ie:8080 in http.conf doesn't seem to have any effect; the proxy seems to try to tunnel directly to the server requested. This probably isn't really a bug; it's just that we have a few subnets with firewalls and it would make things easier to administer if this would work. We have quite restrictive routing for security purposes. >How-To-Repeat: set up two proxies and see whether one will tunnel https through to the other. >Fix: I'm not very knowledgable about the code; I'll get back to you once I've developed some understanding of it >Audit-Trail: Responsible-Changed-From-To: gnats-admin (GNATS administrator)-chuck Responsible-Changed-By: marc Responsible-Changed-When: Fri Feb 14 20:44:44 PST 1997 Responsible-Changed-Why: Chuck's area State-Changed-From-To: open-analyzed State-Changed-By: chuck State-Changed-When: Wed Feb 19 21:39:35 PST 1997 State-Changed-Why: The CONNECT mode specification states that the HTTPS proxy should not connect on ports other than the 'well-known' port numbers for HTTPS (443) and SNEWS (563). This should work OK if the ProxyPass target connect is made on port 443. State-Changed-From-To: analyzed-closed State-Changed-By: chuck State-Changed-When: Mon Feb 24 20:27:51 PST 1997 State-Changed-Why: Dara reported things worked OK when he changed to port 443 as recommended. State-Changed-From-To: closed-analyzed State-Changed-By: chuck State-Changed-When: Sun Apr 13 21:26:02 PDT 1997 State-Changed-Why: This is actually still broken; Martin Kraemer brought it to my attention. State-Changed-From-To: analyzed-closed State-Changed-By: Lars.Eilebrecht@unix-ag.org State-Changed-When: Tue Sep 9 07:27:23 PDT 1997 State-Changed-Why: A patch has been applied to the current 1.3 source tree to fix the problem. Responsible-Changed-From-To: chuck-apache Responsible-Changed-By: coar Responsible-Changed-When: Thu Jan 22 09:15:35 PST 1998 Responsible-Changed-Why: Putting back into mainstream bugdb >Unformatted: