Eldad Chai wrote:
Hi,
I am using Apache reverse proxy.
I want to perform the following and wondering if it is possible:
1) Extract a field (Subject Name) from a client certificate sent over
SSL and compare it to a local list I have
2) Add parts of the certificate to headers or parameters in the HTTP
request to the backend server
I don't know SSL and HTTPS, and how Apache handles this, well enough to
answer your question precisely.
But I can contribute this :
If the result of the HTTPS handshake is such that, for Apache, this HTTP
request ends up "authenticated" (iow it has a user-id), then yes, you
could get that Apache request user-id and pass it on to a back-end.
The exact way in which you might do this depends very much on a whole
series of other criteria, which you might want to indicate in a future
post :
- which platform(s) ?
- Apache version ?
- which back-end ? (and version)
- how you connect the front-end to the back-end ?
- does your front-end Apache have (for instance) mod_perl active ?
(there are also a host of ways other than mod_perl to do things like
that, such a mod_rewrite, setenvif, mod_headers, mod_proxy, mod_jk,
etc..; I'm just mentioning mod_perl because it is my own preferred
toolbox for that kind of thing).
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
