On Tue, Nov 24, 1998, Philp Gwyn wrote:
> Here's a question : would it be possible to operate a transparent
> caching proxy with mod_ssl. I realise this is "silly" because it
> sort of by-passes certification of the host.
>
> Setup :
> Internet -(https)-> Linux Server (mod_ssl) -(http)-> NT server (CF)
>
> The Linux server is acting as a sort of firewall for the NT server.
> The Linux server already has a functionnal certificate. The goal is
> twofold :
> - put as little "tricky" stuff on the NT server, a platform I don't
> trust
> - not be required to have 2 certificates for the same company.
No, it's not silly IMHO. We do a similar approach on one of the production
servers I maintain. As long as you have a secure connection between your Linux
and your NT server it's ok, i.e. when you use the above approach you should
allow only the Linux server to access the NT server or someone can by-pass the
Linux server.
But then just do the following: Put a ProxyPass (or alternatively a
RewriteRule with the [P] flag) into the SSL-enabled <VirtualHost> on the Linux
server. This way you pass certain URLs to the NT box in the background. You
can even use HTTPS for this, because with mod_ssl the ProxyPass is
HTTPS-aware, too. Use plain ProxyPass when the URLs for the NT box can be
determined with a prefix-match. When it's a more complicated decision, use a
RewriteRule. This way you can even map the NT box' pages into some particular
pages on the Linux server, e.g. all pages with a fixed file extension, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
