Title: Proxy does not allow access to name based virtual hosts on VPN Post by: Mitton Pienaar on Monday 15 March 2010, 07:46:16 pm Hi,
I'm using Endian Firewall 2.3 at a satellite office and Endian Firewall 2.2 at the main office with a net to net OpenVPN. We are hosting a number of websites on an Apache 2 server at the main office. Users can ping the web server. When the transparent HTTP proxy is enabled at the satellite office, users cannot access web sites hosted at the main office name based virtual hosts. They can access the organization's main website which is hosted on the same server as the other websites. The main website is the default website on Apache and the first VirtualHost entry in the /etc/apache2/sites-enable/000-default file on the web server. However, all the other virtual hosts are not accessible. When I disable the HTTP proxy they can access all the websites. How can I enable the transparent HTTP proxy and still be able to access these websites? Title: Re: Proxy does not allow access to name based virtual hosts on VPN Post by: Steve on Monday 15 March 2010, 09:33:09 pm Run a trace route to see where the traffic is trying to go. It sounds like its DNS related.
Title: Re: Proxy does not allow access to name based virtual hosts on VPN Post by: Mitton Pienaar on Monday 15 March 2010, 11:47:55 pm No, it does not seem to be DNS related.
I can access myorganisationname.com on the server, but not intranet. The tracert for myorganisationname.com and intranet is exactly the same. The only difference is that myorganisationname is the first virtual host on Apache. It's on the same server, with the same IP address. The two domain names resolve to the same IP address when pinging. I think it might be related to cache, where apache caches and squid also caches. The error message I get is as follows: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http: // intranet/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. |