Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.2.2, Win2000 Server, OpenSSL - outside LAN |
|
| Author |
|
batfastad
Joined: 13 Feb 2007
Posts: 1
|
 Posted: Wed 14 Feb '07 3:06 Post subject: Apache 2.2.2, Win2000 Server, OpenSSL - outside LAN |
 |
|
Hi everyone
Over the past couple of weeks I've been experiencing a strange problem with our installation of Apache at work.
We use it for serving an intranet database application over our network.
The whole thing is protected by htpasswd authentication and a self-signed SSL certificate.
We have some users who work from the States so they access it.
The full server string is...
Apache/2.2.2 (Win32) mod_ssl/2.2.2 OpenSSL/0.9.8b
And it's running on Windows 2000 Server
I have PHP 5.2.0-dev and MySQL 4 installed as well.
From within our network the system has been perfect. Flying along as usual.
But we've recently been experiencing drop-outs when trying to access from outside of our LAN.
It's not a port forwarding problem as it used to work perfectly from outside the LAN.
Now 9/10 requests end in a DNS error / timeout no matter if it's a user in the US, or us from our home locations.
Because we already have Exchange webmail occupying ports 80 and 443 on our static IP, I had to open another port for this application.
The port I chose was 999 as I wasn't aware it technically made too much difference.
I have SSL configured and enabled, and also using an SSL cache.
Here's some excerpts from my httpd.conf
Yep the server is set to listen on 80 and 999 - but only port 999 is accessible from outside.
| Code: |
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<Location /server-status>
SetHandler server-status
Order Allow,Deny
Allow from 192.168.1
Allow from domain.com
Deny from all
Require valid-user
Satisfy Any
</Location>
ExtendedStatus On
<Location /server-info>
SetHandler server-info
Order Allow,Deny
Allow from 192.168.1
Allow from domain.com
Deny from all
Require valid-user
Satisfy Any
</Location>
<Location /webalizer>
DirectoryIndex index.html
Order Allow,Deny
Allow from 192.168.1
Allow from domain.com
Deny from all
Require valid-user
Satisfy Any
</Location>
PHPIniDir "c:/php5/"
ServerSignature Off
ServerTokens Prod
SSLSessionCache dbm:c:/Apache/logs/ssl_cache
<VirtualHost _default_:999>
DocumentRoot c:/htdocs/fmintranet
SSLEngine On
SSLCertificateFile conf/ssl/web.domain.com.crt
SSLCertificateKeyFile conf/ssl/web.domain.com.key
SSLProtocol SSLv3
SSLCipherSuite HIGH:MEDIUM
SSLOptions +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost> |
Because we run Microsoft small business server, all our computers are members of a domain.
This server is called web.domain.com internally, so I also set up the appropriate DNS records to allow the web.domain.com subdomain to point to our static IP.
So users both internally and externally use the same address for access...
https://web.domain.com:999
Our LAN is protected by an IPCop firewall box, which gives us some good port forwarding options and can ensure traffic on port 999 is treated as high priority through our firewall with it's traffic shaping system.
It had been working fine for several months and only recently I started getting these timeout problems.
The strange thing is, sometimes it will respond straight away at lightning speed.
So 9/10 of the time it times out, then it will suddenly process a request straight away.
But then it will go through a period of a few hours where it works fine!
And it's not just isolated to pages containing PHP. The server-status and server-info pages have the same problem.
What's also weird is that I have an FTP server, and VNC running on the same machine, with the ports forwarded in the same way.
And I never experience these problems with those services, so it's definitely something with my Apache installation.
Also, it's not as if our connection goes down or is busy receiving data, because the Exchange webmail service hosted over SSL by a different server works absolutely fine all the time.
Looking through the error.log and there's no problems - only the occassional PHP syntrax warning.
The only difference that rebooting our firewall, restarting apache, rebooting the server makes is that it will work fine for a couple of minutes, then start seizing up again. Then later in the day it will work fine for a bit.
Throughout this time it runs perfectly within our LAN.
I was wondering if you can see anything obvious from the snippet of my httpd.conf above that might suggest a problem?
This Apache installation is only temporary (though it's been temporary for a year now  ) whilst I migrate our database system over to PHP/MySQL. Once that's completed I'll swap it over to a Linux distro, probably CentOS.
Has anyone experienced anything like this before?
Any suggestions?
Any problems with my SSL config?
Thanks
Ben
There is something I else need to clarify with my access control settings on the server-status, server-info and webalizer sections, but I'll save that for another post  |
|
| Back to top |
|
|
|
|
|
|
