hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: http-core proxy server
Date Mon, 22 Jan 2007 20:13:38 GMT
On Mon, 2007-01-22 at 12:40 +0100, Stojce Dimski wrote:
> Hi Roland,
> 
> Purpose of this proxy is very simple:
> We use some kind of ASP ERP via web interface, our service provider
> doesn't give us other means of interfacing... We need to store some data
> which flows during the use of this applications... Some part of flow is
> trough https but it not involves any kind of payment processing or
> personal information, I am not looking for trouble ;-)...
> My intention is to setup a proxy which inspects the traffic and save to
> our db all the pertinent data. As I don't want any doubts about a
> possibility to spy on company, I thought to make possibility where sys
> admins will give their cert to proxy (which I don't have) which will
> then be used when communicating with the clients, and  proxy will
> establish  ssl connections versus ASP. The users will be warned that in
> browser screen there will appear message about company certificate...
> But my main requirement is that I can inspect all http AND https messages...
> Is that OK and possible ?
> 

Stojce,

Essentially you are describing a reverse (transparent) proxy [1]. This
has been done before and should certainly be doable with HttpCore. You
may want to try to find an existing reverse proxy that fulfills the
requirements out of the box or put together a custom reverse proxy using
HttpCore. I suggest you should start with the blocking HttpCore first,
get the SSL stuff worked out, and only if you really find yourself
having to deal with many hundreds of concurrent connections, you should
consider moving to the non-blocking I/O model. By that time we should
have SSL support for HttpCore NIO.

Hope this helps.

Oleg

[1] http://en.wikipedia.org/wiki/Reverse_proxy

> Thanks,
> Stojce
> 
>  Weber wrote:
> > Hello Stojce,
> >
> > > 2) make it work trough ssl but would have to 'see' the request/response
> > > 'in clear'
> >
> > Before I answer this question, would you please explain the purpose
> > of your project? You see, TLS/SSL connections are there for a reason:
> > they are used for *secure* communication of *confidential* data.
> >
> > cheers,
> >   Roland
> >
> > PS: Years ago, somebody asked on the OpenCard mailing list whether
> >     he could use the software to copy SIM cards for mobile phones...
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
> >
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message