Menu
▾
▴
Re: [webmin-l] how to configure apache reverse proxy to workwith webmin
|
From: Jamie C. <jca...@we...> - 2007-05-24 18:01:40
|
This is expected - it happens because Webmin detects what looks like a link from outside itself to one of its own CGIs, which is normally potentially dangerous. To fix it, login to the internal Webmin directly, go to the Webmin Configuration module, click on 'Trusted Referrers' and in the 'Trusted websites' field enter my.domain.com . - Jamie On 24/May/2007 08:07 Michael Conway wrote .. > Following Jamie's Instructions, when logging on to the proxy website > to use webmin, I type in my username and password into the auth box, > then i see this: > > Warning! Webmin has detected that the program > http://server1.mydomain.com:10000/right.cgi?open=system&open=status > was linked to from the URL http://my.domain.com, which appears to be > outside the Webmin server. This may be an attempt to trick your server > into executing a dangerous command. > > > When i click "continue anyway" i see this: > > > referer_save.cgi cannot be linked to directly! > > Any Ideas? > > > Quoting Jamie Cameron <jca...@we...>: > > > > > > > Hi Andrea, > > I've actually seen this exact problem myself too - for some reason, > > when Apache proxies a request to an SSL server, it won't pass the > > cookies along, which breaks Webmin's cookie-based authentication. > > > > The only work-arounds are : > > > > * Turn off SSL. Since you are connecting to Webmin over your > > internal network only, you don't really need it. > > * Switch to regular HTTP authentication mode, by going to Webmin -> > > Webmin Configuration -> Authentication and selecting DISABLE SESSION > > AUTHENTICATION. > > > > - Jamie > > > > On 23/May/2007 01:45 Andrea Lanza wrote .. > > > >> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">Hi all. > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">My problem is the following: I have to manage several > >> servers into a publically unreachable private intra-network. /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">One server of this network is publically NAT-ted, and I can > >> reach it via browser (on the apache server and on the webmin > >> server) > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">I tried to configure name-based reverse proxy in apache in > >> order to reach all the internal servers (both apache and webmin > >> server) > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">The apache part works perfectly, and I can reach all the > >> internal apache servers > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">I configured name based virtual hosts on the apache > >> listening port in\">11000, in http, and I tried to reverse to > >> the internal https:10000 port. > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">I succeded in getting the internal webmin logon page, but > > as > >> I entered user/pass I got an internal server error. /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">This is the configuration I am using (scrambled names): /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">cat internalserver-11000.conf > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"># BEGIN Virtual Host internalserver /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"><VirtualHost *:11000> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> SSLProxyEngine on > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ServerName internalserver > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ServerAlias internalserver.domain.dom /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ErrorLog /var/log/apache2/internalserver -error_log /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> CustomLog /var/log/apache2/internalserver -access_log > >> combined > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ProxyPreserveHost On > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ProxyPass / https://192.168.147.41:10000/ /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ProxyPassReverse / https://192.168.147.41:10000/ /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"></VirtualHost> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">I think the problem could be due to the https-->http > >> reverse translation. > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">If I DISABLE the ssl engine on the internal webmin servers > >> and I modified the reverse proxy configuration file into: /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ProxyPass / http://192.168.147.41:10000/ /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> ProxyPassReverse / http://192.168.147.41:10000/[1] /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">everything works fine, I can logon to the internal webmin > >> servers with no problem > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">What am I doing wrong in using ssl reversed ? /> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">Thanks in advance, > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\">Andrea > >> > >> lang=\"EN-GB\" style=\"font-size: 10pt; font-family: Arial; > > color: > >> navy;\"> > > > > > > > > Links: > > ------ > > [1] http://192.168.147.41:10000/ > > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |