[CLUE-Tech] apache & ssl problem

Match Grun match at dimensional.com
Sun Oct 28 21:11:57 MST 2001 

Randy,

This looks like the one we found at the InstallFest on Saturday. The RedHat 7.1 default firewalls do not allow ports 80. We adjusted the firewall rules with "setup" to allow port 80 through. Everything was fine.

You will probably have to adjust your firewall rules to allow port 443 to get through the firewall filters.

-- 
Match Grun
"How long 'til you buy me that beer?"
-------------------------------------

On Sun, 28 Oct 2001 16:28:42 -0700 (MST)
Randy Arabie <rrarabie at home.com> wrote:

> Hi all,
> 
> I've got a redhat 7.1 system running apache-1.3.19-5.
> This is a default apache install, standalone configuration, 
> with ssl running on port 443 as a virtual host.
> 
> I can connect to my standard port 80, but can't to 
> the ssl port 443.
> 
> I can't seem to find relevant error messages to resolve 
> the issue.
> 
> An attempted lynx connection reports:
> 
> 	Looking up 192.168.1.200
> 	Making HTTPS connection to 192.168.1.200
> 	Retrying connection.
> 	Looking up 192.168.1.200
> 	Making HTTPS connection to 192.168.1.200
> 	Alert!: Unable to make secure connection to remote host.
> 
> 	lynx: Can't access startfile https://192.168.1.200/
> 
> An attempted IE 5.x connection results in the standard 
> "Cannot find server or DNS Error" message.
> 
> An attempted telnet connection to port 443 shows that httpd is 
> running on port 443:
> 
> 	Trying 192.168.1.200...
> 	Connected to 192.168.1.200.
> 	Escape character is '^]'.
> 	sald
> 	<html>
> 	<head>
>         <title>Voldemort Login</title>
> 	</head>
> 	<body>
>         <form action="index.html" method="POST">
>         <h1 align="center">Welcome to Voldemort</h1>
>         <H2 ALIGN="CENTER">
>         <FONT COLOR="#FF0000" SIZE="6" FACE="ARIAL">
>         <U>W A R N I N G !</U>
>         </FONT>
>         </H2>
> 
>         <p><b>You are attempting to access a private web site protected by an intrusion 
>         detection system.  Access to and use of this facility requires explicit, current 
>         authorization and is strictly limited.</b></p>
> 
>         <p><b>Unauthorized, or any attempt at unauthorized access, usage, copying, alteration,
>         destruction, or damage to its data, programs or equipment may violate the Federal 
>         Computer Fraud and Abuse Act of 1986 as well as applicable state law and/or civil 
>         liability.</b></p>
> 
>         <p><b>With the before mentioned understood, should you proceed further, you may subject 
>         yourself to investigation that could lead to prosecution should you not have 
>         authorization or violate any of these restrictions.</b></p>
> 
>         <h3>Please Login</h3>
>         User Name: <input type="text" name="user_name">
>         <br>Password: <input type="password" name="password">
>         <input type="submit" name="submit" value="Login!">
>         </form>
>         </body>
> 	</html>
> 	Connection closed by foreign host.
> 
> These failed connections do not show up in any of my 
> /var/log/httpd logfiles.  My ssl_request_log files are empty.
> 
> I've pasted in the virtualhost section of my httpd.conf file below:
> (comments excluded)
> 
> <***----------------SNIP----------------***>
> 
> <VirtualHost 192.168.1.200:443>
> 
> DocumentRoot "/var/www/html"
> 
> SSLEngine on
> 
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> 
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> 
> SSLCACertificatePath /etc/httpd/conf/ssl.crt
> 
> SSLCARevocationPath /etc/httpd/conf/ssl.crl
> 
> SSLVerifyClient require
> 
> SSLVerifyDepth  10
> 
> <Files ~ "\.(cgi|shtml)$">
>     SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
> 
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> 
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> </VirtualHost>
> 
> </IfDefine>
> 
> <***----------------SNIP----------------***>
> 
> Does anyone see something there that may help me out?
> 
> Thanks in advance.
> 
> ------- 
> 
> Cheers!
> 
> Randy Arabie
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list