2 Replies Latest reply on Nov 12, 2009 11:52 PM by 709552

    Apache as Reverse proxy error. Error reading from remote server.

      Hello members,
      We have Apache 1.3.31 on Oracle Application Server release and it is serving as a reverse proxy to IIS at a remote location. This Oracle application server and Apache are on Windows 2003 server platform.

      We can test a simple test.gif or hello.html page on the remote IIS server from application server machine (our local machine that is hosting apache)

      I am replacing actual servernames with localserver and remoteserver to illustrate my example:

      Ex: https://remoteserver/appnet/test.gif

      Both the above links work fine.

      However if I test the actual applictaion link that uses apache as a proxy server, it is throwing out the error pasted below.

      ------------ Error ------------

      Proxy Error
      The proxy server received an invalid response from an upstream server.
      The proxy server could not handle the request POST /appnet/Login.aspx.

      Reason: Error reading from remote server

      The actual application link is : https://remoteserver/appnet/document/login.aspx

      It hangs first and then it will automatically change itself to https://localserver/appnet/document/login.aspx (because of the proxy setup) and then shows the above error.

      Also pasted below is our ssl.conf file. I've again replaced the apache proxy server names as localserver and remote IIS machine as remoteserver. I have also removed some commented lines in the file to make it small. The code is enclosed inside the <code> tags.

      Can someone please tell why this error is showing up? Any replies willl be much appreciated. Thank you very much.


      <IfDefine SSL>
      ## SSL Global Context
      ## All SSL configuration in this context applies both to
      ## the main server and all SSL-enabled virtual hosts.

      # Pass Phrase Dialog:
      # Configure the pass phrase gathering process.
      # The filtering dialog program (`builtin' is a internal

      # Some MIME-types for downloading Certificates and CRLs
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl .crl
      ## SSL Support

      Listen 444

      <VirtualHost default:444>
      # General setup for the virtual host
      DocumentRoot "D:\oracle\oracleas\Apache\Apache\htdocs"
      ServerName localserver
      ErrorLog "|D:\oracle\oracleas\Apache\Apache\bin\rotatelogs logs/error_log 43200"
      TransferLog "|D:\oracle\oracleas\Apache\Apache\bin\rotatelogs logs/access_log 43200"
      Port 443
      # SSL Engine Switch:
      # Enable/Disable SSL for this virtual host.
      SSLEngine on
      # SSL Cipher Suite:
      # List the ciphers that the client is permitted to negotiate.
      # Server Wallet:
      # The server wallet contains the server's certificate, private key
      # and trusted certificates. Set SSLWallet at the wallet directory
      # using the syntax: file:<path-to-wallet-directory>
      SSLWallet file:c:\wallet

      # Certificate Revocation Lists (CRL):
      # Set the CA revocation path where to find CA CRLs for client
      # authentication or alternatively one huge file containing all
      #SSLCARevocationPath conf\ssl.crl
      #SSLCARevocationFile conf\ssl.crl\ca-bundle.crl

      # Client Authentication (Type):
      # Client certificate verification type and depth. Types are
      # none, optional and require
      #SSLVerifyClient require

      # Access Control:
      # With SSLRequire you can do per-directory access control based
      # for more details.
      #<Location />
      #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
      # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
      # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
      # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
      # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
      # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

      # SSL Engine Options:
      # Set various options for the SSL engine.
      # o FakeBasicAuth:
      # Translate the client X.509 into a Basic Authorisation. This means that
      # the standard Auth/DBMAuth methods can be used for access control. The

      #SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire
      <Files ~ "\.(cgi|shtml)$">
      SSLOptions +StdEnvVars

      <Directory "D:\oracle\oracleas\Apache\Apache\cgi-bin">
      SSLOptions +StdEnvVars

      SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
      # Per-Server Logging:
      # The home of a custom SSL log file. Use this when you want a
      # compact non-error SSL logfile on a virtual host basis.
      CustomLog D:\oracle\oracleas\Apache\Apache\logs\ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
      RewriteEngine on
      RewriteOptions inherit

      <IfModule mod_proxy.c>
      ProxyRequests Off
      ProxyPass /appnet/ https://remoteserver:443/appnet/
      ProxyPassReverse /appnet/ https://remoteserver:443/appnet/
      ProxyPass /appnetjava/ https://remoteserver:443/appnetjava/
      ProxyPassReverse /appnetjava/ https://remoteserver:443/appnetjava/
      ProxyPass /test/ https://remoteserver:443/test/
      ProxyPassReverse /test/ https://remoteserver:443/test/
      #SetEnv force-proxy-request-1.0 1
      #SetEnv proxy-nokeepalive 1
      #RewriteEngine On
      #RewriteRule ^/cmsdms/(.*) https://remoteserver:443/$1 [P]
      SSLProxyCipherSuite ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
      SSLProxyWallet file:C:\wallet