Bruce Keats wrote, On 2007-12-10 07:58: > I was curious about the last scenario. > > 2. The Server Side Proxy (a.k.a., Reverse Proxy) > > Public Internet Intranet > [browser]---------------------[proxy]----------[server] > SSL plain > > In this case, does the proxy have to convert the URIs from browser as well > as terminate the SSL connection?
Terminate the SSL connection? Yes. Convert the URIs? No. > Specifically, does the proxy have to convert the URI from the browser > by changing https:// to http:// to the server? No. An https request is simply an http request sent over SSL. The "scheme" part of the URI (https:// or http://) is not sent. But the proxy does need to send the requests to the http port of the back end server. > Does the proxy have to convert the URI from the server by changing > http:// to https:// when going in the reverse direction? Generally, no, for two reasons. First: relative links don't require any scheme, so there's no conversion to be done. Second, the creator of the web pages in the back end creates them so that any non-relative links to this server use the https scheme. In other words, the web pages are designed with the fact in mind that the server will be accessible only through a reverse SSL-terminating proxy. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto