Hi Steve
1. one thing that I might have failed to mention is this proxy needs to be
able to intercept and look at the request before it is being sent to the
origin server. The whole idea behind this proxy is to be a security tool to
be able to look and manipulate the request that has been sent by the
browser before it gets sent to the origin server. Now having said that in
this case wouldn't the proxy server need to establish an SSL handshake with
the browser so that the browser will trust and send that encrypted request
and your proxy will be able to decrypt the encrypted request?
The way SSL operates is that end to end the path would be secured from
the client making the request to the actual endpoint its talking to.
Hence, there is no possibility for the proxy to look at the actual
request or manipulate it - as it violates the whole purpose of SSL.
I am not sure of your exact requirement - but for example if your
clients are within an intranet wanting to talk to an external endpoint,
maybe a compromise is that they "explicitly" talk to a well known proxy
server over SSL (for security), which can then look at or manipulate the
requests/responses and forward them to the external proxy again over
*another* SSL connection. Is this acceptable?
cheers
asankha
--
Asankha C. Perera
AdroitLogic, http://adroitlogic.org
http://esbmagic.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
