Return-Path: Delivered-To: apmail-httpd-users-de-archive@www.apache.org Received: (qmail 45977 invoked from network); 27 Feb 2009 15:27:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Feb 2009 15:27:56 -0000 Received: (qmail 54015 invoked by uid 500); 27 Feb 2009 15:27:55 -0000 Delivered-To: apmail-httpd-users-de-archive@httpd.apache.org Received: (qmail 54006 invoked by uid 500); 27 Feb 2009 15:27:54 -0000 Mailing-List: contact users-de-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: users-de@httpd.apache.org List-Id: Delivered-To: mailing list users-de@httpd.apache.org Received: (qmail 53994 invoked by uid 99); 27 Feb 2009 15:27:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Feb 2009 07:27:54 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of R.Sokoll@intershop.de designates 217.17.202.241 as permitted sender) Received: from [217.17.202.241] (HELO mailgate.intershop.de) (217.17.202.241) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Feb 2009 15:27:46 +0000 Received: from localhost.localdomain ([10.0.88.158]) by mailgate.intershop.de (8.14.3/8.13.6) with ESMTP id n1RFRKfg027232 for ; Fri, 27 Feb 2009 16:27:20 +0100 Received: from localhost.localdomain (j [127.0.0.1]) by localhost.localdomain (8.14.3/8.14.3/Debian-4) with ESMTP id n1RFRJCN004765 for ; Fri, 27 Feb 2009 16:27:20 +0100 Received: (from rainer@localhost) by localhost.localdomain (8.14.3/8.14.3/Submit) id n1RFRJ6o004764 for users-de@httpd.apache.org; Fri, 27 Feb 2009 16:27:19 +0100 X-Authentication-Warning: localhost.localdomain: rainer set sender to R.Sokoll@intershop.de using -f Date: Fri, 27 Feb 2009 16:27:19 +0100 From: Rainer Sokoll To: users-de@httpd.apache.org Subject: mod_proxy und authorization Message-ID: <20090227152719.GA4024@j.intershop.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-War: is not the answer X-homepage: http://rainer.sokoll.com/ X-pgp-fingerprint: A5 AC C6 70 DA 42 EB 8A 4F B3 65 31 28 C6 57 87 X-Geek-Code-1: -----BEGIN GEEK CODE BLOCK----- X-Geek-Code-2: Version: 3.1 X-Geek-Code-3: GCM$/C d- s: a? C++ UL++++$ P->+++ L+++ E--- W+ N++ o-- K- w !O M- !V X-Geek-Code-4: PS+ PE Y+ PGP+ t- !5 X- R- tv- b+>+++ !DI D+ G e+++ h---- r+++ y+++ X-Geek-Code-5: ------END GEEK CODE BLOCK------ X-MimeOLE: Ole, Ole, Ole X-Backscatter-Tag: And now for something completely different User-Agent: Mutt/1.5.18 (2008-05-17) X-Virus-Checked: Checked by ClamAV on apache.org Hallo, ich stehe hier vor einem trivialen Problem und sehe den Wald vor Bäumen nicht :-( Ein interner Webserver soll von außen zugänglich sein, aber nur via https und mit Authentifizierung. Der Webserver selber macht weder https noch Authentifizierung, und das soll auch so bleiben. Mein Plan: Ein von außen erreichbares stunnel (für den HTTPS-Teil), das die Requests per HTTP an einen reverse proxy auf localhost weiterleitet, der seinerseits nach erfolgreicher Nutzerauthentifizierung an den wirklichen Webserver übergibt. Stunnel funktioniert, auch der reverse proxy, allerdings verlangt er keine Authentifizierung, sondern reicht alles direkt weiter. (die fehlenden Auth-Optionen sind im Original natürlich korrekt ausgefüllt) AuthName AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPBindDN AuthLDAPBindPassword AuthLDAPUrl AuthUserFile /dev/null ProxyPass / http://intern.example.com/ ProxyPassReverse / http://intern.example.com/ Wäre nett, wenn jemand die Bäume wegräumen könnte :-) Danke, Rainer -------------------------------------------------------------------------- Apache HTTP Server Mailing List "users-de" unsubscribe-Anfragen an users-de-unsubscribe@httpd.apache.org sonstige Anfragen an users-de-help@httpd.apache.org --------------------------------------------------------------------------