L
Lou Gascou
Hello,
I configured Apache as a forwarding proxy with SSL in front of
an ASPNET server.
Forwarding Proxy Server
Solaris 8
Apache 2.0.55 + mod_ssl,mod_proxy,mod_proxy_html 3.0
Forwarded Server
Windows 2003
IIS + ASPNET 2.0
Help material given:
+ List of tests done
+ ASPNET source code extract
+ 2 Solaris Snoop trafic dumps
+ Apache forwarding proxy config
Everything works fine but a page that contains a <select> field
that does not work, only when the forwarding proxy server runs
with mod_ssl.
When I select an entry of the <select> list, if I use the proxy
server in SSL mode, the ASPNET server does not receive the
selected value.
If mod_ssl is desactivated, the ASPNET server receives the selected
value and send a refreshed page with the selected value in the
<select> field.
What should I do to make work the forwarding proxy with mod_ssl ?
A last information. I'm a UNIX system administrator. I am new in
forwarding proxy service and don't have any knowledge in ASPNET
servers.
Many thanks for your help.
Pierre
---------------------------------------------------------------------
List of other tests done
---------------------------------------------------------------------
Forwarding Proxy + mod_ssl + ASPNET: POST method on an <input> field.
- Works fine
Forwarding Proxy + mod_ssl: <select> method in a Perl CGI page.
The Perl CGI page is hosted by the Forwarding proxy server.
- Works fine
---------------------------------------------------------------------
Above is an extract of the source page generated by the ASPNET server
---------------------------------------------------------------------
<TABLE id="Table1" align="center">
<TR>
<TD align="center" >
<img id="Image1" src="../image/vague.jpg" style="border-width:
0px;" /></TD>
</TR>
<tr>
<td align="center" height=30px>
</td>
</tr>
<TR>
<TD align="center">
<P>
<span id="Label1">Dossiers :</span>
<select name="DDDossier"
onchange="javascript:setTimeout('__doPostBack(\'DDDossier\',\'\')',
0)" id="DDDossier">
<option selected="selected" value="000000000"></option>
<option value="100000000">6266 - ACCOUNT ONE</option>
<option value="100000001">5379 - ACCOUNT TWO</option>
<option value="100000002">5238 - ACCOUNT THREE</option>
</select>
</P>
</TD>
</TR>
</TABLE>
There is also a lot of javascript that I omited to not overload this
post.
--------------------------------------------------------------------------
Above are the dumps made with SNOOP of the trafic between the
forwarding
proxy and the ASPNET server. First without SSL, second with SSL.
---------------------------------------------------------------
Client <-- HTTP --> Forwarding Proxy (mod_proxy,mod_proxy_html)
<-- HTTP --> ASPNET Server
----------------------------------------------------------------
892 0.01175 fwproxy-server -> aspnet-server HTTP POST /cgabds/
suivi/suiviinsp.aspx HTTP/1.1
.....
736: 3031 420d 0a43 6f6e 7465 6e74 2d54 7970 01B..Content-
Typ
752: 653a 2061 7070 6c69 6361 7469 6f6e 2f78 e:
application/x
768: 2d77 7777 2d66 6f72 6d2d 7572 6c65 6e63 -www-form-
urlenc
784: 6f64 6564 0d0a 4d61 782d 466f 7277 6172 oded..Max-
Forwar
800: 6473 3a20 3130 0d0a 582d 466f 7277 6172 ds: 10..X-
Forwar
816: 6465 642d 466f 723a 2031 302e 3130 302e ded-For:
10.100.
832: 312e 3133 340d 0a58 2d46 6f72 7761 7264 1.134..X-
Forward
848: 6564 2d48 6f73 743a 2077 7777 xxxxxxxxx ed-Host: www.xxx
864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
880: xxxxxxxxxxxxxxxxxxxxxxxx 6672 3a34 3433 xxxxxxxxx.fr:
443
896: 0d0a 582d 466f 7277 6172 6465 642d 5365 ..X-Forwarded-
Se
912: 7276 6572 3a20 7777 77xxxxxxxxxxxxxxxxx rver: www.xxxxxx
928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
944: xxxxxxxxxxxxxxxxx66 720d 0a43 6f6e 7465
xxxxxx.fr..Conte
960: 6e74 2d4c 656e 6774 683a 2033 3534 3931 nt-Length:
35491
976: 390d 0a0d 0a5f 5f45 5645 4e54 5441 5247
9....__EVENTTARG
992: 4554 3d44 4444 6f73 7369 6572 265f 5f45
ET=DDDossier&__E
1008: 5645 4e54 4152 4755 4d45 4e54 3d26 5f5f
VENTARGUMENT=&__
1024: 4c41 5354 464f 4355 533d 265f 5f56 4945
LASTFOCUS=&__VIE
1040: 5753 5441 5445 3d25 3246 7745 5044 7755 WSTATE=
%2FwEPDwU
1056: 4b4d 546b 354e 4455 784e 6a63 324e 6739
KMTk5NDUxNjc2Ng9
1072: 6b46 6749 4341 5139 6b46 6751 4342 5138
kFgICAQ9kFgQCBQ8
That works fine
----------------------------------------------------------------------------
Client <-- HTTP+SSL --> Forwarding Proxy
(mod_proxy,mod_proxy_html,mod_ssl)
<-- HTTP --> ASPNET Server
----------------------------------------------------------------------------
815 3.46144 fwproxy-server -> aspnet-server HTTP POST /cgabds/
suivi/suiviinsp.aspx HTTP/1.1^M
.....
736: 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-
Type:
752: 6170 706c 6963 6174 696f 6e2f 782d 7777 application/x-
ww
768: 772d 666f 726d 2d75 726c 656e 636f 6465 w-form-
urlencode
784: 640d 0a4d 6178 2d46 6f72 7761 7264 733a d..Max-
Forwards:
800: 2031 300d 0a58 2d46 6f72 7761 7264 6564 10..X-
Forwarded
816: 2d46 6f72 3a20 3130 2e31 3030 2e31 2e31 -For:
10.100.1.1
832: 3334 0d0a 582d 466f 7277 6172 6465 642d 34..X-
Forwarded-
848: 486f 7374 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Host: www.xxxxxx
864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
880: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2d46 6f72 xxxxxx.fr..X-
For
896: 7761 7264 6564 2d53 6572 7665 723a 2077 warded-
Server: w
912: 7777 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ww.xxxxxxxxxxxxx
928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
944: 6672 xxxxxxxxxxxxxxxxxxxxxxxd 4c65 6e67 fr..Content-
Leng
960: 7468 3a20 3335 3439 3139 0d0a 0d0a 556c th:
354919....Ul
976: 4e46 5655 7767 5155 7842 5355 345a 4d6a
NFVUwgQUxBSU4ZMj
992: 6367 4c53 4179 4e54 6331 4943 3067 5130
cgLSAyNTc1IC0gQ0
1008: 3954 5155 5653 5643 4242 5445 464a 5468
9TQUVSVCBBTEFJTh
That does not work
----------------------------------------------------------------------------
Above is the apache config
----------------------------------------------------------------------------
PidFile logs/httpd-cgabds.pid
ServerName www.xxxxxxxxxx.fr
ErrorLog logs/cgabds.error-log
Listen 192.168.150.106:443
DocumentRoot /usr/local/sites/cgabds
DirectoryIndex index.htm
ProxyRequests off
ProxyPass /demat/ http://artasp/
ProxyHTMLURLMap http://artasp /demat ce
<Location /demat/>
ProxyPassReverse /
ProxyHTMLURLMap / /demat/ ce
ProxyHTMLURLMap /demat /demat ce
RequestHeader unset Accept-Encoding
</Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin
SSLEngine on
SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed connect file:/dev/random 512
SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
SSLCertificateFile /usr/local/apache2/conf/ssl/thawte/cgabds-
certificate.cer
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/thawte/
www.xxxxxxxxxxxxxxxxx.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl/thawte/cgabds-cert-
chain.txt
SSLCipherSuite HIGH:-AES:MEDIUM:LOW:EXPORT:!ADH:!DSS:!
EXPORT56
STRENGTH:+3DES:+DES
SSLProtocol all -SSLv2
I configured Apache as a forwarding proxy with SSL in front of
an ASPNET server.
Forwarding Proxy Server
Solaris 8
Apache 2.0.55 + mod_ssl,mod_proxy,mod_proxy_html 3.0
Forwarded Server
Windows 2003
IIS + ASPNET 2.0
Help material given:
+ List of tests done
+ ASPNET source code extract
+ 2 Solaris Snoop trafic dumps
+ Apache forwarding proxy config
Everything works fine but a page that contains a <select> field
that does not work, only when the forwarding proxy server runs
with mod_ssl.
When I select an entry of the <select> list, if I use the proxy
server in SSL mode, the ASPNET server does not receive the
selected value.
If mod_ssl is desactivated, the ASPNET server receives the selected
value and send a refreshed page with the selected value in the
<select> field.
What should I do to make work the forwarding proxy with mod_ssl ?
A last information. I'm a UNIX system administrator. I am new in
forwarding proxy service and don't have any knowledge in ASPNET
servers.
Many thanks for your help.
Pierre
---------------------------------------------------------------------
List of other tests done
---------------------------------------------------------------------
Forwarding Proxy + mod_ssl + ASPNET: POST method on an <input> field.
- Works fine
Forwarding Proxy + mod_ssl: <select> method in a Perl CGI page.
The Perl CGI page is hosted by the Forwarding proxy server.
- Works fine
---------------------------------------------------------------------
Above is an extract of the source page generated by the ASPNET server
---------------------------------------------------------------------
<TABLE id="Table1" align="center">
<TR>
<TD align="center" >
<img id="Image1" src="../image/vague.jpg" style="border-width:
0px;" /></TD>
</TR>
<tr>
<td align="center" height=30px>
</td>
</tr>
<TR>
<TD align="center">
<P>
<span id="Label1">Dossiers :</span>
<select name="DDDossier"
onchange="javascript:setTimeout('__doPostBack(\'DDDossier\',\'\')',
0)" id="DDDossier">
<option selected="selected" value="000000000"></option>
<option value="100000000">6266 - ACCOUNT ONE</option>
<option value="100000001">5379 - ACCOUNT TWO</option>
<option value="100000002">5238 - ACCOUNT THREE</option>
</select>
</P>
</TD>
</TR>
</TABLE>
There is also a lot of javascript that I omited to not overload this
post.
--------------------------------------------------------------------------
Above are the dumps made with SNOOP of the trafic between the
forwarding
proxy and the ASPNET server. First without SSL, second with SSL.
---------------------------------------------------------------
Client <-- HTTP --> Forwarding Proxy (mod_proxy,mod_proxy_html)
<-- HTTP --> ASPNET Server
----------------------------------------------------------------
892 0.01175 fwproxy-server -> aspnet-server HTTP POST /cgabds/
suivi/suiviinsp.aspx HTTP/1.1
.....
736: 3031 420d 0a43 6f6e 7465 6e74 2d54 7970 01B..Content-
Typ
752: 653a 2061 7070 6c69 6361 7469 6f6e 2f78 e:
application/x
768: 2d77 7777 2d66 6f72 6d2d 7572 6c65 6e63 -www-form-
urlenc
784: 6f64 6564 0d0a 4d61 782d 466f 7277 6172 oded..Max-
Forwar
800: 6473 3a20 3130 0d0a 582d 466f 7277 6172 ds: 10..X-
Forwar
816: 6465 642d 466f 723a 2031 302e 3130 302e ded-For:
10.100.
832: 312e 3133 340d 0a58 2d46 6f72 7761 7264 1.134..X-
Forward
848: 6564 2d48 6f73 743a 2077 7777 xxxxxxxxx ed-Host: www.xxx
864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
880: xxxxxxxxxxxxxxxxxxxxxxxx 6672 3a34 3433 xxxxxxxxx.fr:
443
896: 0d0a 582d 466f 7277 6172 6465 642d 5365 ..X-Forwarded-
Se
912: 7276 6572 3a20 7777 77xxxxxxxxxxxxxxxxx rver: www.xxxxxx
928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
944: xxxxxxxxxxxxxxxxx66 720d 0a43 6f6e 7465
xxxxxx.fr..Conte
960: 6e74 2d4c 656e 6774 683a 2033 3534 3931 nt-Length:
35491
976: 390d 0a0d 0a5f 5f45 5645 4e54 5441 5247
9....__EVENTTARG
992: 4554 3d44 4444 6f73 7369 6572 265f 5f45
ET=DDDossier&__E
1008: 5645 4e54 4152 4755 4d45 4e54 3d26 5f5f
VENTARGUMENT=&__
1024: 4c41 5354 464f 4355 533d 265f 5f56 4945
LASTFOCUS=&__VIE
1040: 5753 5441 5445 3d25 3246 7745 5044 7755 WSTATE=
%2FwEPDwU
1056: 4b4d 546b 354e 4455 784e 6a63 324e 6739
KMTk5NDUxNjc2Ng9
1072: 6b46 6749 4341 5139 6b46 6751 4342 5138
kFgICAQ9kFgQCBQ8
That works fine
----------------------------------------------------------------------------
Client <-- HTTP+SSL --> Forwarding Proxy
(mod_proxy,mod_proxy_html,mod_ssl)
<-- HTTP --> ASPNET Server
----------------------------------------------------------------------------
815 3.46144 fwproxy-server -> aspnet-server HTTP POST /cgabds/
suivi/suiviinsp.aspx HTTP/1.1^M
.....
736: 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-
Type:
752: 6170 706c 6963 6174 696f 6e2f 782d 7777 application/x-
ww
768: 772d 666f 726d 2d75 726c 656e 636f 6465 w-form-
urlencode
784: 640d 0a4d 6178 2d46 6f72 7761 7264 733a d..Max-
Forwards:
800: 2031 300d 0a58 2d46 6f72 7761 7264 6564 10..X-
Forwarded
816: 2d46 6f72 3a20 3130 2e31 3030 2e31 2e31 -For:
10.100.1.1
832: 3334 0d0a 582d 466f 7277 6172 6465 642d 34..X-
Forwarded-
848: 486f 7374 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Host: www.xxxxxx
864: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
880: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2d46 6f72 xxxxxx.fr..X-
For
896: 7761 7264 6564 2d53 6572 7665 723a 2077 warded-
Server: w
912: 7777 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ww.xxxxxxxxxxxxx
928: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx
944: 6672 xxxxxxxxxxxxxxxxxxxxxxxd 4c65 6e67 fr..Content-
Leng
960: 7468 3a20 3335 3439 3139 0d0a 0d0a 556c th:
354919....Ul
976: 4e46 5655 7767 5155 7842 5355 345a 4d6a
NFVUwgQUxBSU4ZMj
992: 6367 4c53 4179 4e54 6331 4943 3067 5130
cgLSAyNTc1IC0gQ0
1008: 3954 5155 5653 5643 4242 5445 464a 5468
9TQUVSVCBBTEFJTh
That does not work
----------------------------------------------------------------------------
Above is the apache config
----------------------------------------------------------------------------
PidFile logs/httpd-cgabds.pid
ServerName www.xxxxxxxxxx.fr
ErrorLog logs/cgabds.error-log
Listen 192.168.150.106:443
DocumentRoot /usr/local/sites/cgabds
DirectoryIndex index.htm
ProxyRequests off
ProxyPass /demat/ http://artasp/
ProxyHTMLURLMap http://artasp /demat ce
<Location /demat/>
ProxyPassReverse /
ProxyHTMLURLMap / /demat/ ce
ProxyHTMLURLMap /demat /demat ce
RequestHeader unset Accept-Encoding
</Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin
SSLEngine on
SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed connect file:/dev/random 512
SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
SSLCertificateFile /usr/local/apache2/conf/ssl/thawte/cgabds-
certificate.cer
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/thawte/
www.xxxxxxxxxxxxxxxxx.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl/thawte/cgabds-cert-
chain.txt
SSLCipherSuite HIGH:-AES:MEDIUM:LOW:EXPORT:!ADH:!DSS:!
EXPORT56
STRENGTH:+3DES:+DESSSLProtocol all -SSLv2