Hello,
I consume web services from an outside-of-my-firewall SSL server that requires
clients to be SSL-authenticated (clients must pre-register). My application
server resides inside of my firewall. I would like to access the
aforementioned web services through a proxy in order to not
have come is proxy to an
ssl server. I want to have the proxy server do the ssl stuff for me.
Hi,
you can not use SSL with virtual hosting, see
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
You'll have to get a dedicated ip for every single ssl host. You could
play around with one ssl
play around with one ssl proxy on your single ip with a common name
and do some rewriting according to an url praefix matching the secure
parts of your backend virtual hosts; decide yourself if this config
work is worth it.
I thought that using wildcard or multi-cn certificates will work
Cuesta Gilles schrieb:
I thought that using wildcard or multi-cn certificates will work ?
No.
In this case, only one certificate is needeed for a range of Vhost
If you only have one ip this won't make things better because virtual
hosting is still not possible. Wildcard certs do not
Eckard Wille a écrit :
Cuesta Gilles schrieb:
I thought that using wildcard or multi-cn certificates will work ?
No.
In this case, only one certificate is needeed for a range of Vhost
If you only have one ip this won't make things better because virtual
hosting is still not possible.
Cuesta Gilles schrieb:
*MULTIPLE CN (SAN) SERVER CERTIFICATES*
This type of certificate (also called /Subject Alternative Name/ (SAN) )
enables to secure not only one website but a large number of sites (a
list of sites) hosted on a shared infrastructure (server with multiple
names, reverse
achive your goal by using the preconditions
of mod_rewrite rules. If your ssl proxy has one single host entry with
such a multi-named cert, it may be possible to rewrite via proxy after
a look at the host header:
RewriteEngine on
RewriteCond %{HTTP_HOST} www.vhost1.com
RewriteRule
It seem like you might be confusing shared infrastructure with
single ip. As others have said, you need a distinct address for each
SSL-enabled httpd or proxy, although they can reside on the same hardware.
A good example of this is the typical configuration for larger server
farms. You find
Hi, first time mailer but hoping for some good advice from experienced
users.
Basically Im looking to implement a solution that will redirect SSL
requests coming into my apache server (listening on 443) and forward
them on to a backend server.
I have reverse proxying setup but I cant seem to get
Hey there,
thought people might like to note this quick doco on setting up a
ssl proxy / ssl accelerator to protect web servers, also allowing
nips/nids to sniff http streams to 'https' servers, among many
other benefits
there wasn't much doco online so i thought i'd write something
quick up
Hello All,
I want to provide updated information to my earlier described scenario using
mod_ssl + mod_proxy + mod_headers:
Component: Web Browser --- Proxy (mod_proxy) --- Web Server
SSL Role: SSL Client --- SSL server | SSL Client --- SSL Server
The following discussion
Cool..
Can you please post the patch to the list, so that ppl can review the
code,
and give their comments.
-Madhu
No problem!
Here is my short README describing the patch and its history form Apache
version 2.0.43 to 2.0.44:
Hello!
This is the distribution point for the Apache 2.0 as SSL
Hi, I have the following problem. I configured Apache 2.0.40 + openssl
0.9.6g as a reverse proxy to a secure server (e.g. it receives http requests
from clients and sends https requests to the server), and got some
performance problems. I noticed that the https requests don't reuse SSL
sessions,
To: [EMAIL PROTECTED]
Subject: RE: ssl proxy
As a followup to below, what directives would be needed to accomplish
this proxy or tunnel or whatever i should call it? Incidentally,
if it matters, the client here is not a browser - it's just a
c-program that writes raw http-headered request
Tried ProxyPass and ProxyPassReverse on my proxy box and my test fails
(even with just plain http) with 404. To test I use MSIE against the
proxy host: http://www.myprox.com:8080/cgi-bin/myscript
It does work when i point directly at the destination host:
(which i DO get
successfully if i point directly at the destination, again, as i note below.
-george
-Original Message-
From: Owen Boyle [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 11:18 AM
To: [EMAIL PROTECTED]
Subject: Re: ssl proxy
Petryczka, George wrote:
Tried
What i type in the browser is the url to myscript (see original note
below).
What i want displayed is simply the output of myscript (which i DO
get successfully if i point directly at the destination, again, as i
note below.
-george
If you show us your exact proxy directive, it would
As a followup to below, what directives would be needed to accomplish
this proxy or tunnel or whatever i should call it? Incidentally,
if it matters, the client here is not a browser - it's just a
c-program that writes raw http-headered request messages directly. An
illustrative example
As a followup to below, what directives would be needed to accomplish this
proxy or tunnel or whatever i should call it? Incidentally, if it
matters, the client here is not a browser - it's just a c-program that
writes raw http-headered request messages directly. An illustrative example
would
Can a httpd be set up as a secure proxy? Ie.: forward requests
from a client (a client that doesn't get involved with any ssl
stuff itself) on to an HTTPS site?
Yes. With Apache 1.3 / mod_ssl 2.8.x, you _might_ have to enable
SSL_EXPERIMENTAL or something like that, I'm not sure.
Hello,
Can a httpd be set up as a secure proxy? Ie.: forward requests from a
client (a client that doesn't get involved with any ssl stuff itself) on
to an HTTPS site?
-george
__
Apache Interface to OpenSSL (mod_ssl)
On Fri, 17 May 2002, Petryczka, George wrote:
Can a httpd be set up as a secure proxy? Ie.: forward requests from a
client (a client that doesn't get involved with any ssl stuff itself) on
to an HTTPS site?
Yes. With Apache 1.3 / mod_ssl 2.8.x, you _might_ have to enable
SSL_EXPERIMENTAL
Mike Murray
Inviato: venerdì 25 gennaio 2002 0.49
A: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Oggetto: SSL Proxy with Strong Authentication
*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0xE7BB55BE
*** Signed: 25/01/2002 0.48.38
*** Verified: 25/01/2002 10.27.05
*** BEGIN PGP
PROTECTED]
Agnostic (Greek) = Ignoramus (Latin)
-Original Message-
From: Mike Murray [mailto:[EMAIL PROTECTED]]
Sent: 24 January 2002 23:49
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: SSL Proxy with Strong Authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I'm investigating using Apache and SSL for (reverse) proxying HTTPS requests;
however, one of the requirements of the task is to have a strong auth
mechanism in place.
I had two ideas, both of which have lead me to a dead end:
1. Use
ermore, I'm sure if I don't do it here someone somewhere else
will do it. Maybe you?
Deb
-Original Message-
From: Scott Miles [mailto:[EMAIL PROTECTED]]
Sent: September 14, 2000 9:01 PM
To: [EMAIL PROTECTED]
Subject: filtering SSL proxy?
This may sound like a strange request (and a klu
SSL proxy?
Basically I have two questions:
- Would it be possible (and even better, does
anyone know if this has already been done somewhere), to use modssl to
encrypt/decrypt ssl proxy requests so that filtering can be performed on the
content? I do realize that this would trigger browser
On Fri, Sep 01, 2000, Lars Steinke wrote:
the problem with the bad mac decode error message I posted here earlier
seems to be connected with the broken SSL implementation in Netscape
Enterprise Server 3.5. As there was no resonance at all, I had to switch
to SSL Proxy from http
On Fri, Sep 01, 2000 at 11:08:51AM +0200, Ralf S. Engelschall wrote:
What you're speaking about is sslproxy's -C option which
internally does:
SSL_CTX_set_options(sslContext, SSL_OP_ALL);
But mod_ssl actually does the same (see ssl_engine_init.c). So I'm surprised
that OpenSSL
Hi all,
After switching on the experimental code in mod_ssl, it becomes possible
to connect to an SSL webserver on the backend using mod_proxy and
ProxyPass.
I need though to connect to a backend SSL server through an HTTP proxy -
is mod_ssl's mod_proxy integration capable of using the CONNECT
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 09 February 2000 20:24
To: [EMAIL PROTECTED]
Subject: Re: setting up non-ssl proxy for https use
Hi,
Regarding my experience it is impossible to run HTTPS server (including
proxy server) without SSL support.
The problem is that you server
Dear Rossen,
Thanx for these clear words. From an older thread, which I found
in the archives, I thought the scheme
web client --HTTPS-- proxy (apache) --HTTPS-- httpd internal
should work WITHOUT ssl enabled on the proxy, because http,ftp and
connect are just passed by the proxy without
ting.
How can I get a request like https://proxy/html_root/ passed from
a NON-ssl proxy to a mod-ssl internal server?
It is kind of painful to ask the question over and over again but I have
still hope that someone could show me what I have missed.
Thanx,
Oli
[EMAIL PROTECTED] wrote:
Hi,
I b
Heil [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
02/09/00 06:19 AM
Please respond to modssl-users
To: [EMAIL PROTECTED]
cc:
Subject:Re: setting up non-ssl proxy for https use
Hi,
It still does not work.
I still get "Invalid method in request F" at t
some times)
...
Rossen
Oliver Heil [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
02/07/00 10:13 AM
Please respond to modssl-users
To: [EMAIL PROTECTED]
cc:
Subject:Re: setting up non-ssl proxy for https use
Dear Ralf,
Thanx for the prompt answer
Dear Ralf,
Thanx for the prompt answer but it still does not help me any further.
A year ago you answered to a similar problem the following:
For the plain HTTPS proxy functionality you don't need mod_ssl, because that's
done with the standard HTTP CONNECT method. So all you need is mod_proxy.
Hi,
I am trying to set up a proxy server (P) without mod-ssl to proxy also
https-requests to another machine/server (S) with mod-ssl.
Searching through the docs and list-archives the only hint I found is
that it should work naturaly with the HTTP CONNECT
method, which I figured out, is used for
On Fri, Feb 04, 2000, Oliver Heil wrote:
[...]
I always get "connection refused" from the browser.
The access log on (P) shows "[04/Feb/2000:10:42:23 +0100] "F" 501 365".
The access log on (S) shows "[04/Feb/2000:10:42:23 +0100] "F / HTTP/1.0" 501 365".
The error log on (S) shows "Invalid
e https connection to another
would make the security next to useless.
(Actually I'd like to authenticate users via TACACS+, but that's another
question altogether).
John
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 19/01/00 16:57
Subject: ssl proxy .. again
Hi there,
Actually I am using scheme like this one for redirecting public SSL
connection to my internal none SSL network:
internet -- HTTPS -- apache proxy -- HTTP -- internal network web
server
My SSL Proxy related directives are:
ProxyVia Block
IfDefine SSL
AddType application/x-x509-ca
An: [EMAIL PROTECTED]
Betreff: Re: ssl proxy .. again
Hi,
Is you apache SSL enabled?
I've configuration like this one but without usage of authorization an it
works fine for me.
I am using apache 1.3.9, mod_ssl 2.4.10 and openssl 0.9.4.
Rossen
[EMAIL PROTECTED]
Sent
PROTECTED]
Betreff: Re: ssl proxy .. again
[EMAIL PROTECTED] 01/19/00 11:57AM
The reason for doing this is, that I want my users to authenticate
against apache through some module ( mod_auth_nds, actually,
but it could be any auth module ) and by their authentication /
authorization define
Hi there,
in the mail archive I found a discussion about using a https connection from browser
to proxy, regardless of the request type. ( browser - ssl - proxy - whatever -
server).
Actually, I am trying to set this up myself, without success so far, and would like to
ask, if it can
[EMAIL PROTECTED] 01/19/00 11:57AM
The reason for doing this is, that I want my users to authenticate
against apache through some module ( mod_auth_nds, actually,
but it could be any auth module ) and by their authentication /
authorization define, how ca use which Internet resources.
I do not
44 matches
Mail list logo