httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SithLord <apache-m...@melkor.st>
Subject Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2
Date Tue, 25 Jul 2006 09:05:39 GMT
On Tuesday 25 July 2006 03:18, Joshua Slive wrote:

> First, SSL without a valid certificate trusted by the client is not
> any safer than plain-text in the end.  A "man-in-the-middle" could sit
> on the wire, provide your clients with a bogus certificate, and
> decrypt all the traffic on the way back and forth to the server.
> Since your clients are used to hitting "ignore" on the certificate
> error warnings, they would be none-the-wiser.

You're absolutely right but I don't have any "clients". These services are not 
for public use. This isn't a production service available to real 
clients/customers. I have some services at home I like/need to have available 
from outside. Moreover, there is nothing absolutely critical and most of 
these services could be available through plain HTTP. Remember that I talked 
about a "poor's man" HTTPS virtual hosting, nothing related to production 
use.

> Second, what you want is not possible in any released version of
> apache.  mod_ifenv wouldn't do it, since I'm fairly sure it cues off
> env variables set at apache start time, not off dynamic per-request
> env variables.  That kind of per-request configuration is only
> possible if individual env variables support it.

That's interesting! There's nothing in the ifenv module which indicates that 
the env vars are dynamically called and examined. You have a big point here.

> As luck would have it, I believe there is some action on the
> development list about making it possible to use env variables in
> ProxyPassReverse.  But it isn't in any released version, and likely
> won't be for some time.

Thanks for the information I wasn't aware of that :-) I can test that.

-- 
SithLord

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message