thanx a lot for all but (yes there is a but :( )
i use Websphere to authenticate client from there certificat ... (websphere does evrything here ... ) and so i need to share information on the server between mod_app_server and mod_ssl ... (it works on Iplanet ... i need the same fonctionnality) but i don't knew how i could use mod_proxy so ... thanxs a lot anyway :) ---------- Original Message ---------------------------------- From: "Marco A. Zamora Cunningham" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 16 Jul 2002 17:32:47 -0500 >> >You'll have to either get IBM to provide you with an EAPI-compiled >> >WebSphere DSO or set up two copies of Apache, one SSL and >> one non-SSL. >> >> yes i've think about this (when i was testing) >> but the point is : I need to provide Https pages with Websphere >> and i need to use Apache as "front" server > >You can always put up the SSL-aware Apache in front of the non-SSL Websphere >one: > >Config inside the "frontmost" SSL Apache: > ProxyPass / http://127.0.01:<websphere_server_port>/ > ProxyPassReverse / http://127.0.01:<websphere_server_port>/ > >And set up the "backend" Websphere one to listen only on the loopback >interface: > Listen 127.0.0.1:<websphere_server_port> > >(Obviously, substitute <websphere_server_port> with whatever port you'd like >it to listen on.) > >Additionally, if you really need to see the IP of the connecting client on >the backend server (for example, so your access logs show the real IP), you >can do a little trick with mod_perl (provided, of course, you've got >mod_perl on both servers): > >On the "front" SSL server (single line in case it wraps)[1]: > > PerlHeaderParserHandler "sub >{my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->connection->remote_ >ip())}" > >On the "back" Websphere server (also on a single line)[2]: > > PerlHeaderParserHandler "sub >{my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->headers_in->merge( >'X-Forwarded-For')))[-1])}" > >In case there isn't mod_perl on the backend server, there might be some >other way to act on the standard proxying "X-Forwarded-For" header (maybe >websphere can do it by itself?). > >Hope it helps... Marco Zamora > >[1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember >that on proxy connections, the INcoming headers are the ones forwarded on to >the target server. > >[2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the >*last* IP in the possible chain of X-Forwarded-For headers. We can't just >use the header_in method because it returns the first one. >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > __________________________________________________ D O T E A S Y - "Join the web hosting revolution!" http://www.doteasy.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
