httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luiz Gustavo Anflor Pereira <luiz-pere...@procergs.rs.gov.br>
Subject Re: [users@httpd] SSL headers through proxy
Date Mon, 18 Jul 2005 17:22:04 GMT
 
 Hi Brian
 
 Thank you for answering. My apache is 2.0.50. I will upgrade it to 2.0.52.  But it seems
to me that mod_rewrite will (as the name says) rewrite the URL, and the client will see the
new URL. Is that correct?
 
 In my case, the backend server is behind a firewall, so that the cliente doesn't (and must
not) know the real application server, that's why i am trying to use mod_ssl, mod_headers
and mod_proxy...
 
 Thank you again, Luiz Gustavo
 
 
------------- Mensagem Original -------------Data: Segunda-feira, 18 de Julho de 2005 11:28De:
Brian V. Hughes &lt; brianvh@alum.dartmouth.org &gt;Para: users@httpd.apache.orgAssunto:
Re: [users@httpd] SSL headers through proxy 
  
 
 
You don't say what version of Apache you are using. Hopefully, you are 
using at least Apache 2.0.52, because what you want to accomplish can't 
really be done with earlier versions. You do want to use mod_headers and 
mod_proxy (sort of), but what you are missing is mod_rewrite. The 
following is a snippet that you can place in a &lt; VirtualHost&gt; that should 
get you what you need: 
 
 RewriteEngine on 
 
 # Get the SSL Client cert data, if present, and store in a temporary 
 # environment variabe, after we store it a RewriteCond backreference 
 # and then add it as a header for the proxy request 
 
 RewriteCond %{SSL:SSL_CLIENT_VERIFY} (.*) 
 RewriteRule .* - [E=SSLC_ON:%1] 
 RequestHeader add X-SSL-Client-On %{SSLC_ON}e 
 
 RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} (.*) 
 RewriteRule .* - [E=SSLC_NAME:%1] 
 RequestHeader add X-SSL-Client-Name %{SSLC_NAME}e 
 
 # mod_rewite proxy request, uses a loopback to diff port on same server 
 RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [P,L] 
 
-Brian 
 
 
Luiz Gustavo Anflor Pereira wrote: 
&gt; I am trying to pass the cliente certificate through an apache configured 
&gt; with mod_ssl, mod-proxy and mod_headers. 
&gt; 
&gt; The idea is the client being autenticated in the apache server, but the 
&gt; certificate being available to the backend server, something like this: 
&gt; 
&gt; client &lt; ==&gt; apache server (mod_proxy) &lt; ==&gt; backend
server 
&gt; 
&gt; I need the client certificate in the backend server. All connectios are 
&gt; SSL/HTTPS. 
&gt; 
&gt; I have tried all this configurations, but none worked. 
&gt; 
&gt; #RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_S_DN 
&gt; #RequestHeader set SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}e" 
&gt; env=SSL_CLIENT_S_DN 
&gt; #RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e" 
&gt; #Header add SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_CERT 
&gt; #Header add SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e" env=SSL_CLIENT_I_DN 
&gt; 
&gt; ProxyPass /js https://..... 
&gt; ProxyPassReverse /js https://.... 
&gt; 
&gt; If you could help me i would thank you so much... :-) 
&gt; 
&gt; Regards, Luiz Gustavo 
 
--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project. 
See &lt; URL:http://httpd.apache.org/userslist.html&gt; for more info. 
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
 " from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 
 
 

Mime
View raw message