Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 12128 invoked from network); 25 Jul 2006 09:06:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Jul 2006 09:06:12 -0000 Received: (qmail 19546 invoked by uid 500); 25 Jul 2006 09:06:02 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 19533 invoked by uid 500); 25 Jul 2006 09:06:01 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 19522 invoked by uid 99); 25 Jul 2006 09:06:01 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jul 2006 02:06:01 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of apache-mail@melkor.st designates 82.67.185.80 as permitted sender) Received: from [82.67.185.80] (HELO smtp.melkor.st) (82.67.185.80) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jul 2006 02:06:01 -0700 From: SithLord To: users@httpd.apache.org Date: Tue, 25 Jul 2006 11:05:39 +0200 User-Agent: KMail/1.9.3 References: <200607250126.17045.apache-mail@melkor.st> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607251105.39574.apache-mail@melkor.st> X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2 X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On Tuesday 25 July 2006 03:18, Joshua Slive wrote: > First, SSL without a valid certificate trusted by the client is not > any safer than plain-text in the end. A "man-in-the-middle" could sit > on the wire, provide your clients with a bogus certificate, and > decrypt all the traffic on the way back and forth to the server. > Since your clients are used to hitting "ignore" on the certificate > error warnings, they would be none-the-wiser. You're absolutely right but I don't have any "clients". These services are not for public use. This isn't a production service available to real clients/customers. I have some services at home I like/need to have available from outside. Moreover, there is nothing absolutely critical and most of these services could be available through plain HTTP. Remember that I talked about a "poor's man" HTTPS virtual hosting, nothing related to production use. > Second, what you want is not possible in any released version of > apache. mod_ifenv wouldn't do it, since I'm fairly sure it cues off > env variables set at apache start time, not off dynamic per-request > env variables. That kind of per-request configuration is only > possible if individual env variables support it. That's interesting! There's nothing in the ifenv module which indicates that the env vars are dynamically called and examined. You have a big point here. > As luck would have it, I believe there is some action on the > development list about making it possible to use env variables in > ProxyPassReverse. But it isn't in any released version, and likely > won't be for some time. Thanks for the information I wasn't aware of that :-) I can test that. -- SithLord --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org