httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Fischer <>
Subject [users@httpd] Apache module to pass "decrypted socket" to application server?
Date Wed, 08 Feb 2006 17:25:14 GMT

Hi Apache users and maintainers,


I am looking for a way to multiplex incoming SSL connections
on port 443 between Apache and an application server with an
application specific protocol that requires bidirectional
TCP transport. (See more detailed description below).

Is there a module or configuration possibility for Apache
to achieve that goal?

Detailed description:

I have an application server that uses a custom TCP transport
protocol. The protocol is not just request-response oriented;
once a client has connected to the application server, both
sides may spontaneously send and receive data over the line.

I want this application server to offer an SSL service connection
at port 443, parallel to Apache, so that regular HTTP requests
that start with one of "GET", "PUT", "POST", ...
will be handled by apache, and connections starting with a
self-defined keyword will be routed to the application server.

(I can modify the code of both server and client somewhat.)

A possible solution would be to write an SSL server like
stunnel, which looks at the first keyword of the request
and then creates a connection to either Apache or the
application server.

However, thereby I would lose all of Apache's logging and
IP verification capabilities, and CGI scripts behind Apache
would not get that information either.

Does Apache have a module that lets Apache accept the SSL
connection, decrypt it, and based on a keyword (or even
some requested URL) "pass on" the socket, i.e. forward
all further transport, unencrypted, to the application
I need something that does not look at the protocol
between client and server at all, no header parsing,
timeouts, chunked encoding, no HTTP protocol at all
applied. Just encrypting/decrypting the byte stream.

If you know a solution for this problem that does not
require writing a SSL proxy, I'd be glad to hear
from you.



Claus Fischer <>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message