APACHE - 如何绕过特定原始IP的SSL?

时间:2017-01-27 12:13:02

标签: apache tomcat ssl weblogic

我有一个需要双向证书的apache:

    SSLVerifyClient require
    SSLVerifyDepth  2


    <Location /myws>
            SSLVerifyClient require
            SetOutputFilter DEFLATE
            Order Deny,Allow
            Allow from all
            SetHandler weblogic-handler
    </Location>

我有一个tomcat需要连接到这个apache,而不需要证书,我试试:

<If "-R 'xxx.xxx.xxx.xxx'">
  SSLVerifyClient none
</If>
<Else>
  SSLVerifyClient require
  SSLVerifyDepth  2
</Else>

        <Location /myws>
<If "-R 'xxx.xxx.xxx.xxx'">
                SSLVerifyClient none
                SetOutputFilter DEFLATE
                Order Deny,Allow
                Allow from all
                SetHandler weblogic-handler
</If>
<Else>
                SSLVerifyClient require
                SetOutputFilter DEFLATE
                Order Deny,Allow
                Allow from all
                SetHandler weblogic-handler
</Else>
        </Location>

但看起来它不起作用

我也尝试了一些重写规则,但SSL会先阻止连接。

有没有办法绕过特定原始IP的SSL认证?

在申请@ sundararaj-govindasamy推荐之后添加了退出: SSLOptions + StrictRequire 

    ##Como esta ahora, con ssl 2 vias##
    wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    --2017-01-30 08:14:15--  htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    Connecting to xx.xx.xx.xx:7998... connected.
    OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
    Unable to establish SSL connection.



    [Mon Jan 30 08:14:31.021132 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH01964: Connection to child 64 established (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:14:31.054671 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH02008: SSL library error 1 in handshake (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:14:31.054781 2017] [ssl:info] [pid 22302:tid 140333961410304] SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification?
    [Mon Jan 30 08:14:31.054803 2017] [ssl:info] [pid 22302:tid 140333961410304] [client invalid.client.server.ip:38728] AH01998: Connection closed to child 64 with abortive shutdown (server qaserver.mycompany.com.ar:443)





    ##Con la configuración:##
    wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    --2017-01-30 08:10:13--  htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    Connecting to xx.xx.xx.xx:7998... connected.
    WARNING: cannot verify xx.xx.xx.xx's certificate, issued by â/C=AR/ST=Ciudad Autonoma de Buenos Aires/O=mycompany SA/OU=Gerencia de Seguridad Informatica/CN=myapplicationC QA/emailAddress=seguridad@mycompany.com.arâ:
    Self-signed certificate encountered.
        WARNING: certificate common name âqaserver.mycompany.com.arâ doesn't match requested host name âxx.xx.xx.xxâ.
    HTTP request sent, awaiting response... No data received.
    Retrying.


    Log:
    [Mon Jan 30 08:10:13.495232 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH01964: Connection to child 130 established (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:10:13.528877 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(1812): [client valid.client.server.ip:56780] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    [Mon Jan 30 08:10:13.529595 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(224): [client valid.client.server.ip:56780] AH02034: Initial (No.1) HTTPS request received for child 130 (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:10:13.529773 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(572): [client valid.client.server.ip:56780] AH02255: Changed client verification type will force renegotiation
    [Mon Jan 30 08:10:13.529811 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02221: Requesting connection re-negotiation
    [Mon Jan 30 08:10:13.529844 2017] [ssl:debug] [pid 21880:tid 140505308329728] ssl_engine_kernel.c(772): [client valid.client.server.ip:56780] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
    [Mon Jan 30 08:10:13.529928 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02226: Awaiting re-negotiation handshake
    [Mon Jan 30 08:10:13.560943 2017] [ssl:error] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02261: Re-negotiation handshake failed: Not accepted by client!?
    [Mon Jan 30 08:10:13.561119 2017] [authz_core:debug] [pid 21880:tid 140505308329728] mod_authz_core.c(835): [client valid.client.server.ip:56780] AH01628: authorization result: granted (no directives)
    [Mon Jan 30 08:10:13.561264 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH02008: SSL library error 1 in handshake (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:10:13.561307 2017] [ssl:info] [pid 21880:tid 140505308329728] SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification?
    [Mon Jan 30 08:10:13.561329 2017] [ssl:info] [pid 21880:tid 140505308329728] [client valid.client.server.ip:56780] AH01998: Connection closed to child 130 with abortive shutdown (server qaserver.mycompany.com.ar:443)





    wget --no-check-certificate htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    --2017-01-30 08:11:08--  htt ps://xx.xx.xx.xx:7998/myapplication/CuentaVerifierBean
    Connecting to xx.xx.xx.xx:7998... connected.
    WARNING: cannot verify xx.xx.xx.xx's certificate, issued by â/C=AR/ST=Ciudad Autonoma de Buenos Aires/O=mycompany SA/OU=Gerencia de Seguridad Informatica/CN=myapplicationC QA/emailAddress=seguridad@mycompany.com.arâ:
    Self-signed certificate encountered.
        WARNING: certificate common name âqaserver.mycompany.com.arâ doesn't match requested host name âxx.xx.xx.xxâ.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: âCuentaVerifierBean.5â

        [ <=>                                                                                                                                                                                                                           ] 1,546       --.-K/s   in 0s

    2017-01-30 08:11:08 (16.6 MB/s) - âCuentaVerifierBean.5â saved [1546]


    [Mon Jan 30 08:11:08.468336 2017] [ssl:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] AH01964: Connection to child 132 established (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:11:08.500247 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_kernel.c(1812): [client invalid.client.server.ip:38632] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    [Mon Jan 30 08:11:08.500896 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_kernel.c(224): [client invalid.client.server.ip:38632] AH02034: Initial (No.1) HTTPS request received for child 132 (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:11:08.501109 2017] [authz_core:debug] [pid 22134:tid 140183680829184] mod_authz_core.c(835): [client invalid.client.server.ip:38632] AH01628: authorization result: granted (no directives)
    [Mon Jan 30 08:11:08.501206 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URLFactory.cpp(163): [client invalid.client.server.ip:38632] <2213014857746641> URLfactory Created: 22134
    [Mon Jan 30 08:11:08.501280 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(841): [client invalid.client.server.ip:38632] <2213414857746682> ================New Request: [GET /myapplication/CuentaVerifierBean HTTP/1.1] =================
    [Mon Jan 30 08:11:08.501322 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(997): [client invalid.client.server.ip:38632] <2213414857746682> Using Uri /myapplication/CuentaVerifierBean
    [Mon Jan 30 08:11:08.501338 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(1017): [client invalid.client.server.ip:38632] <2213414857746682> After trimming path: '/myapplication/CuentaVerifierBean'
    [Mon Jan 30 08:11:08.501346 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(1093): [client invalid.client.server.ip:38632] <2213414857746682> The final request string is '/myapplication/CuentaVerifierBean'
    [Mon Jan 30 08:11:08.501368 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1936): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: Socket Address hostnames 'ibsibqamyapplication01:7003,ibsibqamyapplication02:7003'
    [Mon Jan 30 08:11:08.501389 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2002): [client invalid.client.server.ip:38632] <2213414857746682> Host extracted from serverlist is [ibsibqamyapplication01]
    [Mon Jan 30 08:11:08.501592 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2053): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: trying IP addr app.weblogic.server.ip
    [Mon Jan 30 08:11:08.501996 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2089): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: socket and connect succeeded
    [Mon Jan 30 08:11:08.502074 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2110): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList:  IP from socket Address [app.weblogic.server.ip]
    [Mon Jan 30 08:11:08.502108 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2002): [client invalid.client.server.ip:38632] <2213414857746682> Host extracted from serverlist is [ibsibqamyapplication02]
    [Mon Jan 30 08:11:08.502198 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2053): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: trying IP addr node2.weblogic.server.ip
    [Mon Jan 30 08:11:08.502532 2017] [weblogic:error] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> parseServerList: ibsibqamyapplication02:7003 apr_socket_connect error [111] Connection refused
    [Mon Jan 30 08:11:08.502564 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(2110): [client invalid.client.server.ip:38632] <2213414857746682> parseServerList:  IP from socket Address [node2.weblogic.server.ip]
    [Mon Jan 30 08:11:08.502597 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3028): [client invalid.client.server.ip:38632] <2213414857746682> Initializing lastIndex=1 for a list of length=2
    [Mon Jan 30 08:11:08.502615 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(525): [client invalid.client.server.ip:38632] <2213414857746682> getListNode: created a new server node: id='ibsibqamyapplication01:7003,ibsibqamyapplication02:7003' server_name='xx.xx.xx.xx', port='7998'
    [Mon Jan 30 08:11:08.502657 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(512): [client invalid.client.server.ip:38632] <2213414857746682> attempt #0 out of a max of 5
    [Mon Jan 30 08:11:08.502679 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2485): [client invalid.client.server.ip:38632] <2213414857746682> keepAlive = 1, canRecycle = 1
    [Mon Jan 30 08:11:08.502691 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2488): [client invalid.client.server.ip:38632] <2213414857746682> Trying a pooled connection for 'app.weblogic.server.ip/7003/7003'
    [Mon Jan 30 08:11:08.502702 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3058): [client invalid.client.server.ip:38632] <2213414857746682> getPooledConn: found a host and port/securePort match
    [Mon Jan 30 08:11:08.502714 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3109): [client invalid.client.server.ip:38632] <2213414857746682> getPooledConn: No more connections in the pool for Host[app.weblogic.server.ip] Port[7003] SecurePort[7003]
    [Mon Jan 30 08:11:08.502727 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2520): [client invalid.client.server.ip:38632] <2213414857746682> general list: trying connect to 'app.weblogic.server.ip'/7003/7003 at line 2520 for '/myapplication/CuentaVerifierBean'
    [Mon Jan 30 08:11:08.503055 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1785): [client invalid.client.server.ip:38632] <2213414857746682> URL::Connect: Connected successfully
    [Mon Jan 30 08:11:08.503094 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1824): [client invalid.client.server.ip:38632] <2213414857746682> SSL is not configured for this connection
    [Mon Jan 30 08:11:08.503116 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1844): [client invalid.client.server.ip:38632] <2213414857746682> Local Port of the socket is 56043
    [Mon Jan 30 08:11:08.503123 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1850): [client invalid.client.server.ip:38632] <2213414857746682> Remote Host app.weblogic.server.ip Remote Port 56043
    [Mon Jan 30 08:11:08.503138 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(2554): [client invalid.client.server.ip:38632] <2213414857746682> general list: created a new connection to 'app.weblogic.server.ip'/7003 for '/myapplication/CuentaVerifierBean', Local port:56043
    [Mon Jan 30 08:11:08.503149 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(583): [client invalid.client.server.ip:38632] <2213414857746682> Entering method BaseProxy::sendRequest
    [Mon Jan 30 08:11:08.503168 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1234): [client invalid.client.server.ip:38632] <2213414857746682> Entering method BaseProxy::parse_headers
    [Mon Jan 30 08:11:08.503180 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1252): [client invalid.client.server.ip:38632] <2213414857746682> No of headers =5
    [Mon Jan 30 08:11:08.503191 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[User-Agent]=[Wget/1.14 (linux-gnu)]
    [Mon Jan 30 08:11:08.503207 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Accept]=[*/*]
    [Mon Jan 30 08:11:08.503220 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Host]=[xx.xx.xx.xx:7998]
    [Mon Jan 30 08:11:08.503231 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[Connection]=[Keep-Alive]
    [Mon Jan 30 08:11:08.503238 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from client:[canalid-myapplication]=[]
    [Mon Jan 30 08:11:08.503250 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(1428): [client invalid.client.server.ip:38632] <2213414857746682> Exiting method BaseProxy::parse_headers
    [Mon Jan 30 08:11:08.503256 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(593): [client invalid.client.server.ip:38632] <2213414857746682> parse_client_headers is done
    [Mon Jan 30 08:11:08.503268 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(697): [client invalid.client.server.ip:38632] <2213414857746682> Method is GET
    [Mon Jan 30 08:11:08.503277 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> URL::sendHeaders(): meth='GET' file='/myapplication/CuentaVerifierBean' protocol='HTTP/1.1'
    [Mon Jan 30 08:11:08.503285 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [User-Agent]=[Wget/1.14 (linux-gnu)]
    [Mon Jan 30 08:11:08.503291 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Accept]=[*/*]
    [Mon Jan 30 08:11:08.503297 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Host]=[xx.xx.xx.xx:7998]
    [Mon Jan 30 08:11:08.503303 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [canalid-myapplication]=[]
    [Mon Jan 30 08:11:08.503309 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [Connection]=[Keep-Alive]
    [Mon Jan 30 08:11:08.503315 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-SSL]=[true]
    [Mon Jan 30 08:11:08.503321 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-Forwarded-For]=[invalid.client.server.ip]
    [Mon Jan 30 08:11:08.503326 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-Client-IP]=[invalid.client.server.ip]
    [Mon Jan 30 08:11:08.503332 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [WL-Proxy-Client-Port]=[38632]
    [Mon Jan 30 08:11:08.503338 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-KeepAliveSecs]=[30]
    [Mon Jan 30 08:11:08.503344 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-Force-JVMID]=[unset]
    [Mon Jan 30 08:11:08.503349 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header to WLS: [X-WebLogic-Request-ClusterInfo]=[true]
    [Mon Jan 30 08:11:08.503382 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(782): [client invalid.client.server.ip:38632] <2213414857746682> About to call parseHeaders
    [Mon Jan 30 08:11:08.503414 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
    [Mon Jan 30 08:11:08.505266 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 153
    [Mon Jan 30 08:11:08.505304 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(842): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 200 OK]
    [Mon Jan 30 08:11:08.505312 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(844): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: StatusLine set to [200 OK]
    [Mon Jan 30 08:11:08.505319 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(852): [client invalid.client.server.ip:38632] <2213414857746682> URL::parseHeaders: StatusLineWithoutStatusCode set to [OK]
    [Mon Jan 30 08:11:08.505326 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Date]=[Mon, 30 Jan 2017 11:11:08 GMT]
    [Mon Jan 30 08:11:08.505335 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Transfer-Encoding]=[chunked]
    [Mon Jan 30 08:11:08.505341 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[Content-Type]=[text/html; charset=utf-8]
    [Mon Jan 30 08:11:08.505350 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Header from WLS:[X-WebLogic-JVMID]=[543890065]
    [Mon Jan 30 08:11:08.505356 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(966): [client invalid.client.server.ip:38632] <2213414857746682> parsed all headers OK
    [Mon Jan 30 08:11:08.505361 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(856): [client invalid.client.server.ip:38632] <2213414857746682> Exiting method BaseProxy::sendRequest
    [Mon Jan 30 08:11:08.505367 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ApacheProxy.cpp(255): [client invalid.client.server.ip:38632] <2213414857746682> sendResponse() : r->status = '200'
    [Mon Jan 30 08:11:08.505376 2017] [weblogic:info] [pid 22134:tid 140183680829184] [client invalid.client.server.ip:38632] <2213414857746682> Hdrs to client (add):[Date]=[Mon, 30 Jan 2017 11:11:08 GMT]
    [Mon Jan 30 08:11:08.505383 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> for app.weblogic.server.ip/7003/7003, updated JVMID: 543890065
    [Mon Jan 30 08:11:08.505390 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
    [Mon Jan 30 08:11:08.505405 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 781
    [Mon Jan 30 08:11:08.505616 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(221): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): first=0 last=0 toRead=4096
    [Mon Jan 30 08:11:08.505662 2017] [weblogic:debug] [pid 22134:tid 140183680829184] Reader.cpp(270): [client invalid.client.server.ip:38632] <2213414857746682> Reader::fill(): sysRecv returned 789
    [Mon Jan 30 08:11:08.505714 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(720): [client invalid.client.server.ip:38632] <2213414857746682> calling closeConn() with non-null URL* at 720
    [Mon Jan 30 08:11:08.505735 2017] [weblogic:debug] [pid 22134:tid 140183680829184] URL.cpp(1860): [client invalid.client.server.ip:38632] <2213414857746682> canRecycle: conn=1 status=200 isKA=1 clen=-1 isCTE=1
    [Mon Jan 30 08:11:08.505748 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3147): [client invalid.client.server.ip:38632] <2213414857746682> closeConn: pooling for 'app.weblogic.server.ip/7003'
    [Mon Jan 30 08:11:08.505759 2017] [weblogic:debug] [pid 22134:tid 140183680829184] BaseProxy.cpp(3161): [client invalid.client.server.ip:38632] <2213414857746682> closeConn: pooling '0'
    [Mon Jan 30 08:11:08.505774 2017] [weblogic:debug] [pid 22134:tid 140183680829184] ap_proxy.cpp(735): [client invalid.client.server.ip:38632] <2213414857746682> request [/myapplication/CuentaVerifierBean] processed successfully..................
    [Mon Jan 30 08:11:08.505925 2017] [ssl:debug] [pid 22134:tid 140183680829184] ssl_engine_io.c(992): [client invalid.client.server.ip:38632] AH02001: Connection closed to child 132 with standard shutdown (server qaserver.mycompany.com.ar:443)
    [Mon Jan 30 08:11:08.506987 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(776): BEFORE acquire_lock
    [Mon Jan 30 08:11:08.507015 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(786): AFTER acquire_lock
    [Mon Jan 30 08:11:08.507022 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(789): List size is 1
    [Mon Jan 30 08:11:08.507028 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(796): Cleaning up the list node 'ibsibqamyapplication01:7003,ibsibqamyapplication02:7003'list Length '2''
    [Mon Jan 30 08:11:08.507038 2017] [weblogic:debug] [pid 22134:tid 140183504582400] ap_proxy.cpp(816): stale connections: KA = 20, delta = 0'

它应该在握手失败时退出,而不是重试

1 个答案:

答案 0 :(得分:0)

Apache 2.4或更高版本中,您可以这样做,

<If "%{REMOTE_ADDR} != 'xx.xx.xx.xx">
SSLVerifyClient      require
            SSLOptions           +StrictRequire
            SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128

              ...
              ...
</If>
相关问题
最新问题