httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <br...@dessent.net>
Subject Re: [users@httpd] Apache2/SSL/VirtualHost/single external IP
Date Sun, 17 Aug 2003 01:16:21 GMT
Leif W wrote:

> So would I have
> to have my NAT/ipmasq box somehow determine which site is being called, and
> let it do masquerading/address translations to the appropriate internal IP
> for that website?  Is this even possible?  Or is there something I can do in
> the Apache's httpd.conf file?

Ahh, that's the rub.  Look at the situation from the standpoint of the
NAT gateway: Packet comes in on 443.  None of the HTTP headers are
available for inspection -- they're part of the session and thus
encrypted.  Think about it, if a third party (which is what the NAT
gateway really is) were able to decrypt and read the contents of the
packets without either endpoint being aware, that would pretty much make
https/SSL completely worthless.

How is the gateway to know whether this request is addressed to
site1.com or site2.com if it cannot look at the "Host:" header of the
HTTP session?  It can't.  What you're trying to do (multiple https sites
on one IP address) is not possible.  You may have multiple addresses
behind the NAT gateway but that doesn't change the fact that externally
it's all the same IP address.

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message