As an Apache2/mod_proxy user (not developer), I can speak for the following:

> 1) SSL proxying. Due to security policies, we have a number 
> of back end app servers that require SSL from the client to 
> the server. Therefore SSL based proxying is a requirement. I 
> have never seen a definitive statement as to whether SSL 
> proxying is supported, but I've seen indications it is not, 
> and confirmed in my tests that it did not work. Is there any 
> plans to implement this feature?

We're using Apache2 mod_proxy as a reverse proxy with mod_ssl enabled,
proxying to a back-end WWW server over https.  My understanding is
that the proxy is an SSL termination point, and it then opens a
new SSL connection to the back-end.  You need to install certs on
both Apache and the back-end (although they can be the exact
same cert.)  You also need to specify the "SSLProxyEngine On" directive
in your httpd.conf file.

A fact that you should also be aware of is that, technically speaking,
the request/response are being decrypted and re-encrypted in the
Apache mod_proxy process before being proxied onward to network.
Theoretically, this exposes you to man-in-the-middle issues... so good
host security and the latest patches are essential.

cheers
Eric

Reply via email to