Hi all,
I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error.
My actual httpd's config for this virtualhost is:
NameVirtualHost 192.168.1.5:444
<VirtualHost 192.168.1.5:444>
ServerName myweb01.local.domain
ErrorLog logs/ssl_error.log
CustomLog logs/ssl_access.log combined
CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel info
SSLEngine on
SSLProxyEngine On
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/httpd/certs/server.crt
SSLCertificateKeyFile /etc/httpd/certs/server.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.1.5:5100/
ProxyPassReverse / http://192.168.1.5:5100/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "444"
RewriteEngine On
RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]
</VirtualHost>
As you can see, I need to do a redirection to port 5100 from 444 port and protect it using ssl.
I've configured iptables rules to drop connections to port 5100 directly:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 444 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Any idea how to accomplish/resolve this?
Thanks.
--
Greetings,
C. L. Martinez