Hi, Some proxy servers, mainly filters and content manipulators, need to get readable documents.
In the case of SSL, the document is not readable. Currently, Apache's proxy can do https->https (i.e. the encrypted content is transferred as-is), which may be good for passing through firewalls and maybe other purposes which don't require the proxy to read the content, but not acceptable for filtering proxies. Apache's proxy can also receive the response in SSL, and pass it to the browser unencrypted (https->http). However, in this case there is no tunnel between the proxy and the client, and the content is not secure. Is it possible to have 2 different SSL sessions (tunnels) - one with the server and one with the browser? I know that it may cause warnings, and that there is a danger of "a man in the middle", but sometimes there is no other option... I also know that it is easy to do it with two different ports, one does https->http, and the other http->https, but I'm looking to do it in one tier and not in two separate tiers. An example of use: some application servers or other web-based servers, insist of sending their responses (or sensitive responses) only through SSL. Such a proxy may allow to change the responses IN THE SERVER'S SIDE (e.g. to add a banner), and send the result to the browser, using the certificate of the host where the proxy runs (assuming that this is the official hostname/IP of the site). (the question is about Apache 2.0) Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
