httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39723] - Forward proxy does not work in tranparent mode
Date Mon, 05 Jun 2006 18:28:15 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39723>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39723





------- Additional Comments From rpluem@apache.org  2006-06-05 18:28 -------
(In reply to comment #7)

> > 1. only if https is not proxied (meaning I can't proxy ports where I don't know
> > if the connection will be http or https : squid,svn,http-alt,webcache)
> 
> You need to know beforehand anyway if the connection is http or https because
> the virtual host you are redirecting your traffic to for transparent proxying
> needs to know at configuration time whether it needs to speak http or https.
> But, if you use the rule 
> 
> RewriteRule (.*) https://%{HTTP_HOST}$1 [P]
> 
> in a SSL enabled virtual host, the client browser will get the wrong certificate
> (the one from your proxy).
> 

Another thought on transparent SSL proxying: Even if httpd would be capable of
doing this, I think this functionality would look very similar to what netfilter
does with masquerading (and masquerading is handled better on the kernel level
IMHO). 

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message