On Tue, Apr 18, 2000 at 03:52:45PM +0200, Joe Ammann wrote:
> I have a request from a customer to build a secure reverse proxy. The
> proxy (placed in the DMZ) should accept SSL connections from the
> outside (no problem, mod_ssl). It should then forward the HTTP request
> on another secure connection to an application server within the
> company network.
>
> Now mod_proxy can obviously not forward https connections. It doesn't
> know anything about SSL. And I could not find any information that
> such a thing has already been done.
>
> Does anybody know of some work that has been done in this direction?
> It seems to be possible with Netscape (see
> http://developer.netscape.com/docs/manuals/proxy/adminux/revpxy.htm#1009276). I'm
> perfectly willing to write a new module or extend mod_proxy, I just
> want to avoid duplicating efforts ;-)
>
If you just want HTTPS on the incomming connection and want to proxy
http servers that way, then that's no problem, and will work quite
fine with a Apache-mod_ssl + mod_proxy in front. An idea about how
to set this up can be found at:
http://www.geocrawler.com/archives/3/182/2000/4/0/3555632/
(a few extras have been included here to take care of some of the more
tricky problems).
If you also want SSL on the back end servers, then there actually has
been added some support for that in mod_ssl also. Look into the
changelog: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/CHANGES
for the notes about mod_ssl 2.6.0 - where this feature is described.
It is marked as '_EXPERIMENTAL_ stuff' and isn't documented in the
manual. If you want to do some work in this area, then testing of these
features would probably be a good place to start. NB! the latest
changes in the SSL_Proxy code is in 2.6.3, so you'd want to grab that
and compile with SSL_EXPERIMENTAL to get it to work.
vh
Mads Toftum
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
