Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 47448 invoked from network); 5 Jul 2006 12:30:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Jul 2006 12:30:59 -0000 Received: (qmail 58523 invoked by uid 500); 5 Jul 2006 12:30:50 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 58499 invoked by uid 500); 5 Jul 2006 12:30:50 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 58483 invoked by uid 99); 5 Jul 2006 12:30:49 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Jul 2006 05:30:49 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [193.56.241.12] (HELO polaris.atos-infogerance.fr) (193.56.241.12) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Jul 2006 05:30:47 -0700 Received: from persee.atos-infogerance.fr ([193.56.47.18]) by polaris.atos-infogerance.fr (8.13.6/8.13.6) with ESMTP id k65CUMwP026836 for ; Wed, 5 Jul 2006 14:30:23 +0200 (MET DST) Received: from exchange2k301.gaia.fr ([150.175.10.40]) by persee.atos-infogerance.fr (8.13.5/8.13.5) with ESMTP id k65CULi7004638 for ; Wed, 5 Jul 2006 13:30:21 +0100 (WET DST) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 5 Jul 2006 14:30:17 +0200 Message-ID: <8C29B2F93BAE9047A906EF6D6F9C5D43024944A4@exchange2k301.gaia.fr> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] mod_proxy keepalive ssl Thread-Index: AcagHcUl8WNRlezkTBqLT0a1wkELhgAD9Uvg From: =?iso-8859-1?Q?Axel-St=E9phane__SMORGRAV?= To: X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] mod_proxy keepalive ssl X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N No - that's not possible. What you can do however, is to use mod_rewrite to retrieve the ssl id = from the client-rproxy connection and insert it as a header into the = rproxy-balancer connection. Search for previous threads on this list = about forwarding client certificate data to a backend server through a = reverse proxy, for example "[users@httpd] Can reverse proxy forward = digital certificates", as you will probably be able to use those rewrite = rules as a starting point. -ascs -----Original Message----- From: Francisco Gimeno [mailto:kikov@kikov.org]=20 Sent: Wednesday, July 05, 2006 12:27 PM To: users@httpd.apache.org Subject: [users@httpd] mod_proxy keepalive ssl Hello This is my first mail here and I know a poor English, so please excuse = any inconvenience... ;) I'm trying to setup a reverse proxy using mod_proxy to a cluster of = WebServers, balanced with an Alteon G5 with sslid mechanism. Indeed, the = reverse proxies are a cluster of 4 too, balanced with kernel IPVS ( but = this is not important at the moment ). I have observed problems maintaining the session when using HTTPS and = not HTTP. SSL is a set of protocols built on top of TCP/IP that allows an = application server and client to communicate over an encrypted HTTP = session, providing authentication, non-repudiation, and security. The = SSL protocol handshake is performed using clear (unencrypted) text. The content data is then encrypted (using an algorithm exchanged during the = handshake) prior to being transmitted. Using the SSL session ID, the switch forwards the client request to the = same real server to which it was bound during the last session. Because = SSL protocol allows many TCP connections to use the same session ID from = the same client to a server, key exchange needs to be done only when the = session ID expires. This reduces server overhead and provides a = mechanism, even when the client IP address changes, to send all sessions = to the same real server. --- Is there a way to have the same SSL ID in the SSLProxyengine for the = same client? how does it work? Is the SSL ID for the client-rproxy the same that the rproxy-balancer? = How can I fix this? Thx a lot, Francisco Gimeno --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org