httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurent Blume <laurent.bl...@infores.com>
Subject Re: [users@httpd] Ssl proxy
Date Thu, 16 Jan 2003 09:31:25 GMT
Since I've never configured Apache as a proxy myself, I can't give you a 
very detailed help, but at least a good direction.

First, proxy servers are not simulating the server in any way. Actually, 
most proxy servers are using port 8080 (it's just a tradition, not a 
standard :-)
You configure that value in your client browser (proxy address and port 
number), so that for *any* URL you type in the browser, it first 
connects to the proxy on its address/port, the proxy then processes the 
data in any way.
So, even if you have HTTPS, or are connecting to a non standard port, 
the browser will send data to the proxy on its usual address, telling it 
"hey, here is some data to send to that URL, can you do that for me?".

To my (limited) knowledge on proxies, there is no special configuration 
to do this (except, of course, allowing it - most proxies can deny 
connection to/from addresses and port as a security measure).

I hope this makes it clearer on how it works, I think you will find 
detailed instructions in FAQ/How-tos now that you have a better idea 
about it all.

Laurent

James wrote:
> Hi,
> Thanks for your reply. How can I configure proxy server to make
> connection between client and final server on ssl connection without
> modifying the request. I should  be able to specify port proxyserver:443
> in my browser proxy setting. Will stunnel do this work?
> 
> james
> 
> -----Original Message-----
> From: Laurent Blume [mailto:laurent.blume@infores.com] 
> Sent: 15 January 2003 12:34
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Ssl proxy
> 
> 
> This looks like a typical "man in the middle" attack on a secure
> connection. However, it can't work that way, because SSL is not only
> encrypting, but 
> also authenticating connection to a secure server: the browser on the 
> client will notice that the proxy server is pretending to be another 
> server, and the certificate won't match.
> 
> The only possible SSL proxying is when the proxy server just transmit 
> the content of the connection between the client and the final server, 
> without trying to read or modify it in anyway way.
> 
> If it were different, SSL and certificates would be barely more secure 
> than plain text, and would have no object at all, isn't it ?
> :-)
> 
> HTH,
> 
> Laurent
> 
> James wrote:
> 
>>Hi Guys,
>>I am looking for ssl reverse proxy server. I want a ssl connection 
>>between client with browser and my proxy server. Then the proxy server
> 
> 
>>should connect to request site in http/https. So the proxy server 
>>rules will look like as follows
>>		
>>		Sends request
>>get request from internet
>>Client------------------------------->Proxy server
>>------------------------------------------->Internet
>>Browser 	SSL				Apache with Proxy and
>>Any site on the internet
>>						mod_ssl +Rewrite module
>>i.e. IE
>>
>>
>>Is it possible? Can I have a ssl proxy setup on apache?
>>
>>Please help
>>
> 
> 
> 


-- 
   IRI-Secodip                  www.infores.com
   4, rue André Derain          mailto:laurent.blume@infores.com
   78240 Chambourcy             tel: +33 (0) 130 06 26 52
   France                       fax: +33 (0) 130 65 09 45


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message