httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Hughes '89" <bria...@Alum.Dartmouth.ORG>
Subject Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables
Date Tue, 14 Jun 2005 13:20:11 GMT

On Jun 14, 2005, at 08:53 AM, Joshua Slive wrote:
> On 6/14/05, lists@on-x.com <lists@on-x.com> wrote:
>> We've successfully set up apache with mod_proxy + mod_rewrite in front
>> of our (yet another) apache serving our webapps.
>>
>> We've an application that use some mod_ssl environment variables to 
>> work
>> properly (for example it use SSL_CLIENT_S_DN). The problem when
>> connecting through reverse proxy is those mod_ssl environment 
>> variables
>> are not available on the machine hosting the application.
>>
>> Is there any solution to forwarding this var to the application 
>> machine ?
>
> You can set them in a cookie or in the query string.  mod_rewrite can
> do either of these.
> Then, if necessary, mod_rewrite on the back-end machine could put them
> back in the environment.

What I've been doing with my Apache reverse proxies is to use 
mod_rewrite and mod_header to take the SSL var(s) and set them as HTTP 
request headers for the reverse-proxy request. This has the advantage 
of being a little "cleaner" if you have calls into your application 
machine that either already uses cookies, or that makes use of query 
strings.

I've posted examples of how to do this to the list a few times over the 
past several months. If you have trouble finding them in one of the 
archives, let me know and I'll send the example conf statements 
directly to you.

-Brian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message