On Feb 14, 9:22pm, NickM wrote: > Subject: Re: Can Apache proxy authentication be done via SSL? > Im not skilled in this at all, but thought I throw a few thoughts down. > > OK, if I understand you. You have a standard server and have set a proxy dir > to an secure server. well I dont expect that to work as the browser will still > be talking http to the proxy which simply passes it on. > > I think what would be better is one of two things. Have the password entry > page on the secure server and then redirect back on authenticated. Or, in the > way hotmail does it, have some javascript to post the details to the secure > server and then again redirect back to normal (either to re-enter or to entry > pages). > > It doesnt matter if the port is 443 that the proxy is on if its not speaking > ssl, youd need that server to have an ssl version of the server and then > redirect any non secure requests to the https alternative and then proxy from > there. But I still dont see why the proxy in the first place, why not directly > access it seeing as its only for the password authentication.
The purpose of this proxy is so many remote users can access web-based online scientific journals to which subscription is based on the source IP address. I need them to gain access to the proxy and protect the password via SSL, then the rest of the access can be via non-SSL proxy. I will try to consume your suggestions of using two servers, but I don't see how that can make the browser send authentication via SSL, althought I do it often for directly-accessed non-proxy Apache/mod_ssl servers. I assume proxy auth (407) works different than normal (401) auth. Thanks for the input. > Quoting Kyle Tucker <[EMAIL PROTECTED]>: > > > Hi, > > I am trying to set up Apache as a proxy server and have > > people authenticate (407 Proxy-Authenticate) via SSL and basic auth > > so the passwords are not sent clear text. The SSL works fine directly > > as a web server and mod_proxy works for normal HTTP traffic, but I > > can't seem to get authentication to work via SSL. I am trying a bunch > > of combinations, even setting the browser (Netscape 4.72) proxy port > > to 443, but for the most part all I get is failures with "Hint: > > speaking > > HTTP to HTTPS port!" in the logs. So before I continue to work on > > this, > > I just want to know is if it's even possible to make this work via > > SSL? > > If so,any hints greatly appreciated. This is Apache 1.3.23, > > mod_ssl-2.8.6-1.3.23 and openssl-0.9.6c on Solaris 8. Thanks. -- - Kyle ---------------------------------------------------------------------- Kyle Tucker - Manager of IT Tel: (978) 816-0229 Incyte Genomics - Proteome Division Fax: (978) 922-3971 100 Cummings Center, Suite 420B Email - [EMAIL PROTECTED] Beverly, MA 01915 Web - http://www.incyte.com ---------------------------------------------------------------------- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
