> -----Original Message-----
> From: Eli Marmor [mailto:[EMAIL PROTECTED]
>
> Simon Ritchie wrote:
> >
> > > Is it possible to have 2 different SSL sessions (tunnels)
> - one with
> > > the server and one with the browser?
> > >
> > > I know that it may cause warnings, and that there is a
> danger of "a man
> > > in the middle", but sometimes there is no other option...
> >
> > You can do this using the rewrite module. There is an
> example of an HTTP to
> > HTTP reverse proxy in the rewrite module guide. Extending
> that to do what
> > you want is easy.
>
> No. Simple rewrite rule to proxy https traffic, generates
> https->https,
> which isn't decrypted to http, but passed as-is.
This is not true, as the apache acts as an https server, reads the get
request and applies all rules. The connection to the server behind the
reverse proxy will look as it would come from the apache (i.e. you can't use
certificate based authenication on this system, as the certificate can not
be used to establish this session. The following rules at least work this
way with 1.3.19.
<VirtualHost reverseproxy:443>
SSLEngine on
SSLEnable
[ ... ]
ReWriteRule ^/something/(.*)$ https://somehost.somedomain.com/other/$1
[P,L]
</VirtualHost>
All this will only work for reverseproxies as you will have to supply a
server certificate matching the request.
> Do you mean two different rules, one to rewrite the https request
> coming from the browser to simple http request to another port, and a
> second rule to rewite http requests of that "another port", to the
> target https port?
will only make it more complex.
> So I understand that if you want to proxy https traffic, but yet to
> able to parse and/or understand it, you must have two
> separate tiers of
> Apache (which means much more overhead); Is it true?
not for reverse proxy. You can't do it for a real proxy (because of protocol
reasons).
>
> Thanks,
> --
> Eli Marmor
Mit besten Grussen,
Kind regards,
Patrick Hildenbrand
