httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian V. Hughes" <bria...@alum.dartmouth.org>
Subject Re: [users@httpd] SSL headers through proxy
Date Mon, 18 Jul 2005 14:28:17 GMT

You don't say what version of Apache you are using. Hopefully, you are 
using at least Apache 2.0.52, because what you want to accomplish can't 
really be done with earlier versions. You do want to use mod_headers and 
mod_proxy (sort of), but what you are missing is mod_rewrite. The 
following is a snippet that you can place in a <VirtualHost> that should 
get you what you need:

     RewriteEngine on

     # Get the SSL Client cert data, if present, and store in a temporary
     # environment variabe, after we store it a RewriteCond backreference
     # and then add it as a header for the proxy request

     RewriteCond %{SSL:SSL_CLIENT_VERIFY} (.*)
     RewriteRule .* - [E=SSLC_ON:%1]
     RequestHeader add X-SSL-Client-On %{SSLC_ON}e

     RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} (.*)
     RewriteRule .* - [E=SSLC_NAME:%1]
     RequestHeader add X-SSL-Client-Name %{SSLC_NAME}e

     # mod_rewite proxy request, uses a loopback to diff port on same server
     RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [P,L]

-Brian


Luiz Gustavo Anflor Pereira wrote:
> I am trying to pass the cliente certificate through an apache configured 
> with mod_ssl, mod-proxy and mod_headers.
> 
> The idea is the client being autenticated in the apache server, but the 
> certificate being available to the backend server, something like this:
> 
> client <==> apache server (mod_proxy) <==> backend server
> 
> I need the client certificate in the backend server. All connectios are 
> SSL/HTTPS.
> 
> I have tried all this configurations, but none worked.
> 
> #RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_S_DN
> #RequestHeader set SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}e" 
> env=SSL_CLIENT_S_DN
> #RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e"
> #Header add  SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_CERT
> #Header add  SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e" env=SSL_CLIENT_I_DN
> 
> ProxyPass               /js      https://.....
> ProxyPassReverse        /js      https://....
> 
> If you could help me i would thank you so much... :-)
> 
> Regards, Luiz Gustavo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message