Apache 2.0.55 as SSL Forwarding Proxy for ASPNET Server: pb with<select> tag

Discussion in 'ASP .Net' started by Lou Gascou, Feb 18, 2008.

  1. Lou Gascou

    Lou Gascou Guest

    Hello,

    I configured Apache as a forwarding proxy with SSL in front of
    an ASPNET server.

    Forwarding Proxy Server
    Solaris 8
    Apache 2.0.55 + mod_ssl,mod_proxy,mod_proxy_html 3.0

    Forwarded Server
    Windows 2003
    IIS + ASPNET 2.0

    Help material given:
    + List of tests done
    + ASPNET source code extract
    + 2 Solaris Snoop trafic dumps
    + Apache forwarding proxy config


    Everything works fine but a page that contains a <select> field
    that does not work, only when the forwarding proxy server runs
    with mod_ssl.

    When I select an entry of the <select> list, if I use the proxy
    server in SSL mode, the ASPNET server does not receive the
    selected value.

    If mod_ssl is desactivated, the ASPNET server receives the selected
    value and send a refreshed page with the selected value in the
    <select> field.

    What should I do to make work the forwarding proxy with mod_ssl ?

    A last information. I'm a UNIX system administrator. I am new in
    forwarding proxy service and don't have any knowledge in ASPNET
    servers.

    Many thanks for your help.

    Pierre

    ---------------------------------------------------------------------
    List of other tests done
    ---------------------------------------------------------------------
    Forwarding Proxy + mod_ssl + ASPNET: POST method on an <input> field.
    - Works fine

    Forwarding Proxy + mod_ssl: <select> method in a Perl CGI page.
    The Perl CGI page is hosted by the Forwarding proxy server.
    - Works fine

    ---------------------------------------------------------------------
    Above is an extract of the source page generated by the ASPNET server
    ---------------------------------------------------------------------
    <TABLE id="Table1" align="center">
    <TR>
    <TD align="center" >
    <img id="Image1" src="../image/vague.jpg" style="border-width:
    0px;" /></TD>
    </TR>
    <tr>
    <td align="center" height=30px>
    </td>
    </tr>
    <TR>
    <TD align="center">
    <P>
    <span id="Label1">Dossiers :</span>&nbsp;&nbsp;
    <select name="DDDossier"
    onchange="javascript:setTimeout('__doPostBack(\'DDDossier\',\'\')',
    0)" id="DDDossier">
    <option selected="selected" value="000000000"></option>
    <option value="100000000">6266 - ACCOUNT ONE</option>
    <option value="100000001">5379 - ACCOUNT TWO</option>
    <option value="100000002">5238 - ACCOUNT THREE</option>
    </select>
    </P>
    </TD>
    </TR>
    </TABLE>

    There is also a lot of javascript that I omited to not overload this
    post.

    --------------------------------------------------------------------------
    Above are the dumps made with SNOOP of the trafic between the
    forwarding
    proxy and the ASPNET server. First without SSL, second with SSL.

    ---------------------------------------------------------------
    Client <-- HTTP --> Forwarding Proxy (mod_proxy,mod_proxy_html)
    <-- HTTP --> ASPNET Server
    ----------------------------------------------------------------
    892 0.01175 fwproxy-server -> aspnet-server HTTP POST /cgabds/
    suivi/suiviinsp.aspx HTTP/1.1
    .....
    736: 3031 420d 0a43 6f6e 7465 6e74 2d54 7970 01B..Content-
    Typ
    752: 653a 2061 7070 6c69 6361 7469 6f6e 2f78 e:
    application/x
    768: 2d77 7777 2d66 6f72 6d2d 7572 6c65 6e63 -www-form-
    urlenc
    784: 6f64 6564 0d0a 4d61 782d 466f 7277 6172 oded..Max-
    Forwar
    800: 6473 3a20 3130 0d0a 582d 466f 7277 6172 ds: 10..X-
    Forwar
    816: 6465 642d 466f 723a 2031 302e 3130 302e ded-For:
    10.100.
    832: 312e 3133 340d 0a58 2d46 6f72 7761 7264 1.134..X-
    Forward
    848: 6564 2d48 6f73 743a 2077 7777 xxxxxxxxx ed-Host: www.xxx
    864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxx
    880: xxxxxxxxxxxxxxxxxxxxxxxx 6672 3a34 3433 xxxxxxxxx.fr:
    443
    896: 0d0a 582d 466f 7277 6172 6465 642d 5365 ..X-Forwarded-
    Se
    912: 7276 6572 3a20 7777 77xxxxxxxxxxxxxxxxx rver: www.xxxxxx
    928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxx
    944: xxxxxxxxxxxxxxxxx66 720d 0a43 6f6e 7465
    xxxxxx.fr..Conte
    960: 6e74 2d4c 656e 6774 683a 2033 3534 3931 nt-Length:
    35491
    976: 390d 0a0d 0a5f 5f45 5645 4e54 5441 5247
    9....__EVENTTARG
    992: 4554 3d44 4444 6f73 7369 6572 265f 5f45
    ET=DDDossier&__E
    1008: 5645 4e54 4152 4755 4d45 4e54 3d26 5f5f
    VENTARGUMENT=&__
    1024: 4c41 5354 464f 4355 533d 265f 5f56 4945
    LASTFOCUS=&__VIE
    1040: 5753 5441 5445 3d25 3246 7745 5044 7755 WSTATE=
    %2FwEPDwU
    1056: 4b4d 546b 354e 4455 784e 6a63 324e 6739
    KMTk5NDUxNjc2Ng9
    1072: 6b46 6749 4341 5139 6b46 6751 4342 5138
    kFgICAQ9kFgQCBQ8
    That works fine
    ----------------------------------------------------------------------------
    Client <-- HTTP+SSL --> Forwarding Proxy
    (mod_proxy,mod_proxy_html,mod_ssl)
    <-- HTTP --> ASPNET Server
    ----------------------------------------------------------------------------
    815 3.46144 fwproxy-server -> aspnet-server HTTP POST /cgabds/
    suivi/suiviinsp.aspx HTTP/1.1^M
    .....
    736: 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-
    Type:
    752: 6170 706c 6963 6174 696f 6e2f 782d 7777 application/x-
    ww
    768: 772d 666f 726d 2d75 726c 656e 636f 6465 w-form-
    urlencode
    784: 640d 0a4d 6178 2d46 6f72 7761 7264 733a d..Max-
    Forwards:
    800: 2031 300d 0a58 2d46 6f72 7761 7264 6564 10..X-
    Forwarded
    816: 2d46 6f72 3a20 3130 2e31 3030 2e31 2e31 -For:
    10.100.1.1
    832: 3334 0d0a 582d 466f 7277 6172 6465 642d 34..X-
    Forwarded-
    848: 486f 7374 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Host: www.xxxxxx
    864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxx
    880: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2d46 6f72 xxxxxx.fr..X-
    For
    896: 7761 7264 6564 2d53 6572 7665 723a 2077 warded-
    Server: w
    912: 7777 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ww.xxxxxxxxxxxxx
    928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxx
    944: 6672 xxxxxxxxxxxxxxxxxxxxxxxd 4c65 6e67 fr..Content-
    Leng
    960: 7468 3a20 3335 3439 3139 0d0a 0d0a 556c th:
    354919....Ul
    976: 4e46 5655 7767 5155 7842 5355 345a 4d6a
    NFVUwgQUxBSU4ZMj
    992: 6367 4c53 4179 4e54 6331 4943 3067 5130
    cgLSAyNTc1IC0gQ0
    1008: 3954 5155 5653 5643 4242 5445 464a 5468
    9TQUVSVCBBTEFJTh
    That does not work
    ----------------------------------------------------------------------------
    Above is the apache config
    ----------------------------------------------------------------------------


    PidFile logs/httpd-cgabds.pid
    ServerName www.xxxxxxxxxx.fr
    ErrorLog logs/cgabds.error-log
    Listen 192.168.150.106:443

    DocumentRoot /usr/local/sites/cgabds
    DirectoryIndex index.htm

    ProxyRequests off
    ProxyPass /demat/ http://artasp/
    ProxyHTMLURLMap http://artasp /demat ce

    <Location /demat/>
    ProxyPassReverse /
    ProxyHTMLURLMap / /demat/ ce
    ProxyHTMLURLMap /demat /demat ce
    RequestHeader unset Accept-Encoding
    </Location>

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin

    SSLEngine on
    SSLRandomSeed startup file:/dev/random 512
    SSLRandomSeed connect file:/dev/random 512

    SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
    SSLSessionCacheTimeout 300
    SSLMutex file:/usr/local/apache2/logs/ssl_mutex

    SSLCertificateFile /usr/local/apache2/conf/ssl/thawte/cgabds-
    certificate.cer
    SSLCertificateKeyFile /usr/local/apache2/conf/ssl/thawte/
    www.xxxxxxxxxxxxxxxxx.key
    SSLCertificateChainFile /usr/local/apache2/conf/ssl/thawte/cgabds-cert-
    chain.txt

    SSLCipherSuite HIGH:-AES:MEDIUM:LOW:EXPORT:!ADH:!DSS:!
    EXPORT56:mad:STRENGTH:+3DES:+DES
    SSLProtocol all -SSLv2
     
    Lou Gascou, Feb 18, 2008
    #1
    1. Advertising

  2. Lou Gascou

    C. Guest

    On 18 Feb, 09:55, Lou Gascou <> wrote:
    > Hello,
    >
    > I configured Apache as a forwarding proxy with SSL in front of
    > an ASPNET server.
    >
    > Forwarding Proxy Server
    > Solaris 8
    > Apache 2.0.55 + mod_ssl,mod_proxy,mod_proxy_html 3.0
    >
    > Forwarded Server
    > Windows 2003
    > IIS + ASPNET 2.0
    >
    > Help material given:
    > + List of tests done
    > + ASPNET source code extract
    > + 2 Solaris Snoop trafic dumps
    > + Apache forwarding proxy config
    >
    > Everything works fine but a page that contains a <select> field
    > that does not work, only when the forwarding proxy server runs
    > with mod_ssl.
    >
    > When I select an entry of the <select> list, if I use the proxy
    > server in SSL mode, the ASPNET server does not receive the
    > selected value.
    >
    > If mod_ssl is desactivated, the ASPNET server receives the selected
    > value and send a refreshed page with the selected value in the
    > <select> field.
    >
    > What should I do to make work the forwarding proxy with mod_ssl ?
    >
    > A last information. I'm a UNIX system administrator. I am new in
    > forwarding proxy service and don't have any knowledge in ASPNET
    > servers.
    >
    > Many thanks for your help.
    >
    > Pierre
    >


    Very freaky. I don't have an answer - but I'd strongly suggest you
    look at your architecture - openSSL just doesn't do keepalives which
    will work with Microsoft's clients (Microsofts fault - again).
    Generally I'd much prefer to use any of the better products out there
    at serverside but MSIE is still pervasive as a client. So you may be
    introducing performance problems instead of solving them. Swapping
    Apache for stunnel + squid would be a (relatively) painless way to get
    more info about what's happenning.

    A dump of what is being sent across (from ieHTTPHeaders or, in
    Firefox, TamperData / Firebug) might be more useful than an HTML
    snippet.

    C.
     
    C., Feb 22, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWluaA==?=
    Replies:
    1
    Views:
    482
    Mr Newbie
    Sep 22, 2005
  2. Oleg Konovalov
    Replies:
    0
    Views:
    436
    Oleg Konovalov
    Apr 27, 2005
  3. shruds
    Replies:
    1
    Views:
    829
    John C. Bollinger
    Jan 27, 2006
  4. Andrew Tomazos
    Replies:
    5
    Views:
    581
  5. M Wells
    Replies:
    0
    Views:
    141
    M Wells
    Oct 6, 2004
Loading...

Share This Page