Methode Nicht Zulässig, wenn die Verbindung zum ssh-host mit Apache-proxy
Ich versuche zum herstellen einer ssh-tunnel über einen HTTP-proxy.
Beim testen das setup mithilfe eines squid-proxy localhost ich erhalte eine "Methode Nicht Erlaubt" aus (ich vermute) der Apache-remote proxy:
$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache"
Local proxy localhost resolves to 127.0.0.1
Connected to localhost:3128 (local proxy)
Tunneling to torno.example.com:80 (remote proxy)
Communication with local proxy:
-> CONNECT torno.example.com:80 HTTP/1.0
-> Proxy-Connection: Keep-Alive
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
<- HTTP/1.0 200 Connection established
Tunneling to ssh.example.com:22 (destination)
Communication with remote proxy:
-> CONNECT ssh.example.com:22 HTTP/1.0
-> Proxy-Connection: Keep-Alive
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
<- HTTP/1.1 405 Method Not Allowed
HTTP return code: 405 Method Not Allowed
<- Date: Thu, 25 Aug 2011 17:17:07 GMT
<- Server: Apache/2.2.15 (CentOS)
<- Allow: GET,HEAD,POST,OPTIONS,TRACE
<- Content-Length: 352
<- Connection: close
<- Content-Type: text/html; charset=iso-8859-1
Dies ist mein Apache virtual host config:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName torno.example.com
ServerSignature Off
HostnameLookups Off
LogLevel Warn
ErrorLog logs/torno.example.com-error_log
CustomLog logs/torno.example.com-access_log combined
ProxyRequests On
AllowConnect 22
<Proxy *>
Order deny,allow
Deny from all
</Proxy>
<Proxy ssh.example.com>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /http://www.ibm.com/
ProxyPassReverse /http://www.ibm.com/
<Proxy http://www.ibm.com/>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Irgendwelche Ideen? Wie zu Lesen, die den Körper der 405-Antwort um sicher zu sein es kommt von der remote Apache-proxy in der anstelle des lokalen squid-proxy?
EDIT:
Die Anfrage landet in der default-server log:
189.99.135.105 - - [25/Aug/2011:17:17:07 +0000] "CONNECT ssh.example.com:22 HTTP/1.0" 405 352 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\\nHost: ssh.example.com\\nContent-Length: 0\\nPragma: no-cache"
Neuer EDIT:
Machen die proxy-virtual-server-Standard-server macht es funktioniert !!!:
$ proxytunnel -v -p localhost:3128 -r torno.example.com:80 -d ssh.example.com:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache"
Local proxy localhost resolves to 127.0.0.1
Connected to localhost:3128 (local proxy)
Tunneling to torno.example.com:80 (remote proxy)
Communication with local proxy:
-> CONNECT torno.example.com:80 HTTP/1.0
-> Proxy-Connection: Keep-Alive
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
<- HTTP/1.0 200 Connection established
Tunneling to ssh.example.com:22 (destination)
Communication with remote proxy:
-> CONNECT ssh.example.com:22 HTTP/1.0
-> Proxy-Connection: Keep-Alive
-> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nHost: ssh.example.com\nContent-Length: 0\nPragma: no-cache
<- HTTP/1.0 200 Connection Established
<- Proxy-agent: Apache/2.2.15 (CentOS)
Tunnel established.
SSH-2.0-OpenSSH_5.3
Was ist hier passiert? Einige proxytunnel bug?
EDIT:
Ist es nicht proxytunnel ist Schuld. Das gleiche passiert, wenn telneting zu verbinden:
$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com
HTTP/1.1 405 Method Not Allowed
Date: Fri, 26 Aug 2011 12:34:24 GMT
Server: Apache/2.2.15 (CentOS)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method CONNECT is not allowed for the URL /.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at <a href="mailto:[email protected]">ssh.example.com</a> Port 22</address>
</body></html>
Connection closed by foreign host.
Nun verschieben Sie die config-Datei aaa.torno.Beispiel.com.conf zu machen, die Standardeinstellung und es funktioniert:
$ telnet torno.example.com 80
Trying 1.2.3.4...
Connected to torno.example.com.
Escape character is '^]'.
CONNECT ssh.example.com:22 HTTP/1.1
Host: ssh.example.com
HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.2.15 (CentOS)
SSH-2.0-OpenSSH_5.3
InformationsquelleAutor Clodoaldo Neto | 2011-08-25
Du musst angemeldet sein, um einen Kommentar abzugeben.
Sehen Sie "Server: Apache/2.2.15 (CentOS)" Kopf-in-405-Antwort, so dass, wenn Sie Tintenfisch, dann muss die Antwort vom server kommt.
On a side note, würde ich diese Frage stellte ServerFault eher als hier.
InformationsquelleAutor Eugene Mayevski 'Allied Bits
Methode nicht zulassen, weil proxytunnel ist nicht Unterstützung von HTTP/1.1 in der binary-Version.
Bewegen Sie sich in den Teil aus dem VirtualHost.
InformationsquelleAutor Chiu Speq