httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Leijnen" <...@c-w.be>
Subject RE: [users@httpd] Reverse proxying HTTPS
Date Tue, 13 May 2003 11:18:05 GMT
Thanks for the quick response. Well, it is the second setup I would like to use. Is there maybe
another way to get this working? Make Apache act as just a "pass-through" of some kind?

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: mardi 13 mai 2003 13:10
To: users@httpd.apache.org
Subject: RE: [users@httpd] Reverse proxying HTTPS


>-----Original Message-----
>From: Sven Leijnen [mailto:sli@c-w.be]
>
>Is it possible to have Apache reverse proxy HTTPS traffic like 
>this?: client ---https--->  apache  ---https--->  backend server

>As I understood it the HTTPS traffic between the client and 
>the reverse proxy needs to be unencrypted first before it can 
>be passed to the backend. So traffic between reverse proxy and 
>backend is always HTTP.

This depends on what your using the proxy server for.

If you're talking about an outgoing proxy (i.e. ProxyRequests on), the
browser knows it is going through a proxy and so uses the CONNECT method
which basically just says, "route these packets to the backend without
trying to read them". In the proxy you have to set "AllowCONNECT 443" -
see docs in mod_proxy for details.

If you're talking about using a pattern-based ProxyPass directive (i.e.
an incoming proxy), I don't think that will work. The browser does not
know it is going via a proxy so just tries a GET request and the
front-end server can't read the packets to decide how to proxy pass it.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>Thanks,
>
>Sven
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message