httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] questions about apache
Date Mon, 01 Sep 2003 14:55:11 GMT
>-----Original Message-----
>From: patrick kuah [mailto:patrickkuah@msn.com]
>
>Actually i have two web servers (both running SSL) load 
>balance each other 
>in a round robin manner. I had configured persistance ssl 
>connection for 600 
>secs
>
>If i log into the website portal (connected to first web 
>server) and idle 
>for 15mins , i click the 'refresh' button , the load balancer 
>will divert 
>the traffic to the second web server but ....
>the ssl cert is unique on each server ... so it keep hanging 
>and lastly ...a 
>internal error page displayed.
>
>Can i configured it such a way that if apache detected 
>different ssl cert, 
>it automatically return back to the login screen ???

This is much trickier... Do you know how SSL works in detail? To remind you: 

- the browser requests a session
- the server sends its public key (in the cert)
- the browser makes a session key and sends it to the server, encrypted with the pub-key.
- the server decrypts the session key using its private key.
- both sides now have the session key and use this for all subsequent communications.

If you switch to a different SSL server in the middle of a session, it will be unable to decode
the HTTP requests and the session will fail.

However, if the browser re-establishes a session with the new server, it will still have the
credentials (user/pass) to get access to the protected realm so there will be no password
login prompt! - this is probably the opposite of what you want.

I don't know how you'd get this to work if you randomly switch SSL-servers....

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>
>Thanks for all help :)
>
>>From: "Boyle Owen" <Owen.Boyle@swx.com>
>>Reply-To: users@httpd.apache.org
>>To: <users@httpd.apache.org>
>>Subject: RE: [users@httpd] questions about apache
>>Date: Mon, 1 Sep 2003 12:50:25 +0200
>>
>> >-----Original Message-----
>> >From: patrick kuah [mailto:patrickkuah@msn.com]
>>
>> >
>> >I have a website running ssl which require me to log in ...
>> >but how do i
>> >confgure as such that it will prompt for the login screen 
>again if my
>> >browser idle for about 15mins ???
>>
>>Talk about synchronicity... This very subject just came up a few hours
>>ago!
>>
>>The standard authentication scheme does not provide for expiration of
>>logins so you can't really do this with the usual scheme
>>(http://httpd.apache.org/docs/howto/auth.html#basicfaq).
>>
>>The only way I know to expire a user is to handle the 
>authentication via
>>server-sided processing and to assign a cookie to the user to control
>>access (see 
>http://httpd.apache.org/docs-2.0/mod/mod_usertrack.html) for
>>more on cookies.
>>
>>There are several third-party mechanisms for doing this but none are
>>trivial...
>>
>>Rgds,
>>Owen Boyle
>>Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>> >Thanks for the help :)
>> >
>> >patrick
>> >
>> >_________________________________________________________________
>> >Get 10mb of inbox space with MSN Hotmail Extra Storage
>> >http://join.msn.com/?pgmarket=en-sg
>> >
>> >
>> 
>>---------------------------------------------------------------------
>> >The official User-To-User support forum of the Apache HTTP
>> >Server Project.
>> >See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> >For additional commands, e-mail: users-help@httpd.apache.org
>> >
>> >
>>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
>>keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX 
>Swiss Exchange.
>>This e-mail is of a private and personal nature. It is not related to
>>the exchange or business activities of the SWX Swiss Exchange. Le
>>présent e-mail est un message privé et personnel, sans rapport avec
>>l'activité boursière de la SWX Swiss Exchange.
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the 
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose, 
>distribute, print,
>>or copy any part of this message if you are not the intended 
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>_________________________________________________________________
>Find gifts, buy online with MSN Shopping. http://shopping.msn.com.sg/
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal
nature. It is not related to the exchange or business activities of the SWX Swiss Exchange.
Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière
de la SWX Swiss Exchange. 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message