httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qingshan Xie <xieq...@yahoo.com>
Subject RE: [users@httpd] Conversion of SSL request URL to non-SSL request
Date Wed, 05 Jul 2006 17:35:48 GMT
Hi, Boyle, 

   I have a related question.  We'd like to implement
a SSL-Login on a HTTP(port 80) webServer to secure the
userId/password.  This means, whenever a site needs
the authentication, the webServer redirects it to
HTTPS server for processing.  However, this is pretty
annoying since it prompts security alerts such as "...
from none secure site to a secure site ..." or "...
from secure site to a none secure site ...", etc. 
Notice the new feature of Apach 2.2.x, the new
function added in mod_ssl to support RFC 2817, which
allows connections to upgrade from clear text to TLS
encryption.  Can this new feature fulfill our requests
to convert HTTP to HTTPS in a single Apache webServer?
 Will we still get the security alerts?  

Many Thanks, Q.Xie

--- Boyle Owen <Owen.Boyle@swx.com> wrote:

> > -----Original Message-----
> > From: Perminder Singh Vohra
> [mailto:perminder_vohra@infosys.com] 
> > Sent: Tuesday, July 04, 2006 7:18 AM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Conversion of SSL request
> URL to 
> > non-SSL request
> > 
> > Hi,
> >  
> >     We have a setup requirement where we need to
> send request 
> > to Apache Server on SSL but Apache should convert
> the request 
> > to non-SSL port and then process it. We have
> enable Apache to 
> > listen on both Non-SSL and SSL ports.
> 
> I'm not sure I understand you - if you mean you have
> the resource available on server on a plain HTTP VH,
> then simply proxy it from the SSL VH, eg:
> 
> <ssl VH>
>   ProxyPass /resource.html http://server/
>   ...
> </ssl VH>
> 
> That will cause apache to re-issue the request back
> to itself on port 80.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message
> may be ignored. 
> 
> 
> >  
> > How can we achieve this?
> >  
> > Thanks!!
> > Perminder
> > **************** CAUTION - Disclaimer
> *****************
> > This e-mail contains PRIVILEGED AND CONFIDENTIAL
> INFORMATION 
> > intended solely for the use of the addressee(s).
> If you are 
> > not the intended recipient, please notify the
> sender by 
> > e-mail and delete the original message. Further,
> you are not 
> > to copy, disclose, or distribute this e-mail or
> its contents 
> > to any other person and any such actions are
> unlawful. This 
> > e-mail may contain viruses. Infosys has taken
> every 
> > reasonable precaution to minimize this risk, but
> is not 
> > liable for any damage you may sustain as a result
> of any 
> > virus in this e-mail. You should carry out your
> own virus 
> > checks before opening the e-mail or attachment.
> Infosys 
> > reserves the right to monitor and review the
> content of all 
> > messages sent to or from this e-mail address.
> Messages sent 
> > to or from this e-mail address may be stored on
> the Infosys 
> > e-mail system.
> > ***INFOSYS******** End of Disclaimer
> ********INFOSYS***
> > 	
> > 
> Diese E-mail ist eine private und pers�nliche
> Kommunikation. Sie hat keinen Bezug zur B�rsen-
bzw.
> Gesch�ftst�tigkeit der SWX Gruppe. This e-mail
is of
> a private and personal nature. It is not related to
> the exchange or business activities of the SWX
> Group. Le pr�sent e-mail est un message priv� et
> personnel, sans rapport avec l'activit�
boursi�re du
> Groupe SWX.
>  
>  
> This message is for the named person's use only. It
> may contain confidential, proprietary or legally
> privileged information. No confidentiality or
> privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify
> the sender urgently and then immediately delete the
> message and any copies of it from your system.
> Please also immediately destroy any hardcopies of
> the message. You must not, directly or indirectly,
> use, disclose, distribute, print, or copy any part
> of this message if you are not the intended
> recipient. The sender's company reserves the right
> to monitor all e-mail communications through their
> networks. Any views expressed in this message are
> those of the individual sender, except where the
> message states otherwise and the sender is
> authorised to state them to be the views of the
> sender's company.
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message