Re: how make backend applications aware about tls-offloading

Am 08.01.2017 um 11:01 schrieb Stefan Eissing: There is the reverse situation which is called opportunistic encryption, namely the transfer of a http: request over a TLS connection. Both cases are tricky on HTTP/1.x because the URI scheme is not transported in requests (commonly. the spec

Re: how make backend applications aware about tls-offloading

There is the reverse situation which is called opportunistic encryption, namely the transfer of a http: request over a TLS connection. Both cases are tricky on HTTP/1.x because the URI scheme is not transported in requests (commonly. the spec would allow it but no one does it, so no one is

Re: how make backend applications aware about tls-offloading

> On Jan 7, 2017, at 3:25 PM, Reindl Harald wrote: > > > > Am 07.01.2017 um 22:53 schrieb Yann Ylavic: >> On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: >>> >>> something like below where "X-TLS-Offloading" is only evaluated from >>>

Re: how make backend applications aware about tls-offloading

On Sun, Jan 8, 2017 at 12:39 AM, Reindl Harald wrote: > > Am 08.01.2017 um 00:31 schrieb Yann Ylavic: >> >> On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald >> wrote: >>> >>> >>> ok, so we need to continue the code below and set the option in every

Re: how make backend applications aware about tls-offloading

Am 08.01.2017 um 00:31 schrieb Yann Ylavic: On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote: ok, so we need to continue the code below and set the option in every tls-offloaded application - intention of this thread was maybe get this transparent which seems not

Re: how make backend applications aware about tls-offloading

On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote: > > ok, so we need to continue the code below and set the option in every > tls-offloaded application - intention of this thread was maybe get this > transparent which seems not to be possible It is "technically"

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 23:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote: Am 07.01.2017 um 22:53 schrieb Yann Ylavic: Wouldn't something like this work? RewriteRule on RewriteCond %{ENV:remoteip-proxy-ip-list} . RewriteCond

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote: > > Am 07.01.2017 um 22:53 schrieb Yann Ylavic: >> >> Wouldn't something like this work? >> >> RewriteRule on >> RewriteCond %{ENV:remoteip-proxy-ip-list} . >> RewriteCond %{HTTP:X-TLS-Offloading} ^true$ >> RewriteRule

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 22:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: something like below where "X-TLS-Offloading" is only evaluated from "RemoteIPInternalProxy" pyhsical addressess RemoteIPHeader X-Forwarded-For RemoteTLSHeader

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: > > something like below where "X-TLS-Offloading" is only evaluated from > "RemoteIPInternalProxy" pyhsical addressess > > RemoteIPHeader X-Forwarded-For > RemoteTLSHeaderX-TLS-Offloading >

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 17:04 schrieb Jered Floyd: Does the "sslheaders" experimental plugin meet your needs? https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/sslheaders.en.html not really beause it's not transparent to the application and so i can continue fake the $_SERVER

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote: > * Apache Trafficserver in front > * ATS configured for TLS-offloading > * connection to backend-httpd on the LAN unencrypted > * mod_remoteip correctly configured on backend httpd > > is there any way to make the

how make backend applications aware about tls-offloading

* Apache Trafficserver in front * ATS configured for TLS-offloading * connection to backend-httpd on the LAN unencrypted * mod_remoteip correctly configured on backend httpd is there any way to make the backend php application aware that in fact $_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME']