> >You'll have to either get IBM to provide you with an EAPI-compiled > >WebSphere DSO or set up two copies of Apache, one SSL and > one non-SSL. > > yes i've think about this (when i was testing) > but the point is : I need to provide Https pages with Websphere > and i need to use Apache as "front" server
You can always put up the SSL-aware Apache in front of the non-SSL Websphere one: Config inside the "frontmost" SSL Apache: ProxyPass / http://127.0.01:<websphere_server_port>/ ProxyPassReverse / http://127.0.01:<websphere_server_port>/ And set up the "backend" Websphere one to listen only on the loopback interface: Listen 127.0.0.1:<websphere_server_port> (Obviously, substitute <websphere_server_port> with whatever port you'd like it to listen on.) Additionally, if you really need to see the IP of the connecting client on the backend server (for example, so your access logs show the real IP), you can do a little trick with mod_perl (provided, of course, you've got mod_perl on both servers): On the "front" SSL server (single line in case it wraps)[1]: PerlHeaderParserHandler "sub {my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->connection->remote_ ip())}" On the "back" Websphere server (also on a single line)[2]: PerlHeaderParserHandler "sub {my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->headers_in->merge( 'X-Forwarded-For')))[-1])}" In case there isn't mod_perl on the backend server, there might be some other way to act on the standard proxying "X-Forwarded-For" header (maybe websphere can do it by itself?). Hope it helps... Marco Zamora [1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember that on proxy connections, the INcoming headers are the ones forwarded on to the target server. [2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the *last* IP in the possible chain of X-Forwarded-For headers. We can't just use the header_in method because it returns the first one. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]