httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 29744] CONNECT does not work over existing SSL connection
Date Wed, 05 Mar 2008 17:39:13 GMT

--- Comment #58 from Per Gunnar Hans <>  2008-03-05 09:39:12 ---
(In reply to comment #55)
> (In reply to comment #54)

> If anyone wants a patch, you have to convince us it's
> worth our time and effort to review it.
> I took a look, because the sheer number of people subscribed seems to indicate
> a real demand.  But when I see numerous competing patches, and lots of comments
> about them not working, it's too much effort to figure out where to start.

Thanks for taking a look. The two patches I attach here, positively work for us
on their respective Apache versions, daily and with concurrent users on several
servers. Using .deb install of Apache2 on Debian with kernel 2.6.18-5-686.

I once upon a time downloaded these patches from the attachments on this
thread, but I fail to remember exactly which post, which is why I post these
two again.

What this patch solves for us:

We host a web based service that uses Apache2 to serve Java Applets that in
turn connects back to the server on port 443. The Java applets use CONNECT and
mod_proxy to connect to other Java applets connected to that server. This works
like a charm, even with the network restrictions of unsigned Java applets.
Since we use port 443, our service work behind most corporate firewalls too.

The reason we in some cases use unsigned Java applets is that they work on all
jre (even 1.1.7 from MS), while signed Java applets fail on some of them.
Regrettably, there are still a lot of 1.1.7 in active use.

The alternative would be to implement encryption and a decent web server into
our simple home-brewed proxy component. Which would be expensive enough to make
the whole project infeasible.

Well, that's our story.

I believe a generic use case is that you can bind any service to the loopback
interface and use Apache and mod_proxy to provide secure access, without
sacrificing secure web hosting on that very server.

Many corporate firewalls allow only port 80 and 443 for outbound connections.

An additional bonus is that user access can be administered by using
certificates and existing Apache management tools.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message