[Zope] Apache-Rewrite - Firewall - Problem

Garito garito at sistes.net
Fri Mar 23 11:33:52 EDT 2007


Activate your mod_proxy module

I have the same problem some days ago with the same trackback and the
activation of proxy module solves the problem

2007/3/23, Andreas Tille <tillea at rki.de>:
>
> Hi,
>
> I'm using an often recommended Apache-Zope rewrite setup to
> mask the internal folder structure in Zope.  The cruxial line
> in my apache (Debian Etch packaged version 2.2.3) is
>
>
> RewriteRule ^(.*)
> http://a.b.c.d:9673/VirtualHostBase/http/a.b.c.d:80/myfolder/VirtualHostRoot$1[P,L]
>
>
> where a.b.c.d is the visible address of the machine from
> outisde the firewall, myfolder the folder of my Zope
> application I want to provide under  a.b.c.d:80
> and as Debian users might are comfortable with 9673 the
> Zope port (default for Debian).
>
> This setup works fine for the old firewall which is not so
> strict as the new one, that causes the trouble.
> The new one exclusively enables port 80 (no 22, 25 etc.).
>
> If I try the rewrite rule above I get the following line in
> error.log:
>
> [<date>] [error] (110)Connection timed out: proxy: HTTP: attempt to
> connect to a.b.c.d:9673 (*) failed
>
> access.log says:
>
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] "GET / HTTP/1.0" 503 405
>
> For Debugging purpose I also write a debugging log:
>
>    (the IP-Adress is replaced by a.b.c.d and the visible DNS name by
> visible.name)
>
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] [
> visible.name/sid#81869c0][rid#81dc4c0/initial] (2) init rewrite engine
> with requested uri /
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] [
> visible.name/sid#81869c0][rid#81dc4c0/initial] (3) applying pattern
> '^(.*)' to uri '/'
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] [
> visible.name/sid#81869c0][rid#81dc4c0/initial] (2) rewrite '/' -> '
> http://a.b.c.d:9673/VirtualHostBase/http/a.b.c.d:80/agi/VirtualHostRoot/'
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] [
> visible.name/sid#81869c0][rid#81dc4c0/initial] (2) forcing
> proxy-throughput with
> http://a.b.c.d:9673/VirtualHostBase/http/a.b.c.d:80/agi/VirtualHostRoot/
> 194.95.177.123 - - [23/Mar/2007:13:46:58 +0100] [
> visible.name/sid#81869c0][rid#81dc4c0/initial] (1) go-ahead with proxy
> request proxy:
> http://a.b.c.d:9673/VirtualHostBase/http/a.b.c.d:80/agi/VirtualHostRoot/[OK]
>
>
> This is exactly the rewrite log I get on the machine that works
> perfectly behind the old firewall, but the niew one cases the
> strange error above.
>
> When I searched the web with the string in my error.log I stumbled upon
> the site
>
>       http://www.dharwadkar.com/weblog/apache_fc6_01
>
> which gives a slight hint, but there is no SELinux on my box at all but
> there is a hint to the firewall that might cause the problem.
>
> I have a vague suspection that this might be very slightly connected
> with the fact that when I formerly followed the recommendation of
>
>     http://plone.org/documentation/how-to/plone-with-apache-1.3
>
> to use "localhost" instead of the IP Adress of the server (or the FQDN)
> I blatantly failed because the localhost directive was interpreted by
> my browser that tried to access a local server (that did not existed).
> So I learned by this that these Rewrite directives are not addressed
> to the webserver to deliver a different page than requested but
> to tell the browser to ask for a different page on the server.  If
> I think about this I wonder whether this is a reasonable strategy of
> redirection and because I do not regard this as reasonable I'm wondering
> whether there is an option I could change this behaviour in a way that
> the server directly answers with the result that can be obtained at
> the rewritten location - which would probably solve my problem.
> If my suspection that the Browser is advised to obtain the
>     http://a.b.c.d:9673/...
> something address it is obviouse that this must fail because port
> 9673 is blocked and there would never be a chance to get any page.
>
> Kind regards
>
>           Andreas.
>
> --
> http://fam-tille.de
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>



-- 
Mis Cosas
http://blogs.sistes.net/Garito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070323/66f9a81a/attachment.htm


More information about the Zope mailing list