httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James " <jamesbond_...@hotmail.com>
Subject RE: [users@httpd] Ssl proxy
Date Wed, 15 Jan 2003 23:20:27 GMT
Hi,
Thanks for your reply. How can I configure proxy server to make
connection between client and final server on ssl connection without
modifying the request. I should  be able to specify port proxyserver:443
in my browser proxy setting. Will stunnel do this work?

james

-----Original Message-----
From: Laurent Blume [mailto:laurent.blume@infores.com] 
Sent: 15 January 2003 12:34
To: users@httpd.apache.org
Subject: Re: [users@httpd] Ssl proxy


This looks like a typical "man in the middle" attack on a secure
connection. However, it can't work that way, because SSL is not only
encrypting, but 
also authenticating connection to a secure server: the browser on the 
client will notice that the proxy server is pretending to be another 
server, and the certificate won't match.

The only possible SSL proxying is when the proxy server just transmit 
the content of the connection between the client and the final server, 
without trying to read or modify it in anyway way.

If it were different, SSL and certificates would be barely more secure 
than plain text, and would have no object at all, isn't it ?
:-)

HTH,

Laurent

James wrote:
> Hi Guys,
> I am looking for ssl reverse proxy server. I want a ssl connection 
> between client with browser and my proxy server. Then the proxy server

> should connect to request site in http/https. So the proxy server 
> rules will look like as follows
> 		
> 		Sends request
> get request from internet
> Client------------------------------->Proxy server
> ------------------------------------------->Internet
> Browser 	SSL				Apache with Proxy and
> Any site on the internet
> 						mod_ssl +Rewrite module
> i.e. IE
> 
> 
> Is it possible? Can I have a ssl proxy setup on apache?
> 
> Please help
> 


-- 
   IRI-Secodip                  www.infores.com
   4, rue André Derain          mailto:laurent.blume@infores.com
   78240 Chambourcy             tel: +33 (0) 130 06 26 52
   France                       fax: +33 (0) 130 65 09 45


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message