httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucuk, Pete" <pete.lu...@ngc.com>
Subject RE: [users@httpd] How to send WHOLE SSL_CLIENT_CERT in reverse proxy?
Date Mon, 27 Nov 2006 16:25:40 GMT

This...

     RewriteMap escape int:escape
 
     RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
     RewriteRule .* - [E=SSLCC:${escape:{%1}}]
     RequestHeader add X-SSL-Client-Cert %{SSLCC}e

     RewriteRule ^/https(.*)$
https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/RequestHeaderEx
ample$1 [P,L] 

Gets me this...

user-agent  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)  
x-ssl-client-on  SUCCESS  
x-ssl-client-name  Doug S. Barnhart  
x-ssl-client-cert  %7b-----BEGIN%20CERTIFICATE-----%7d  
max-forwards  10  
x-forwarded-for  10.0.1.55   

And this...


     RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
     RewriteRule .* - [E=SSLCC:%1]
     RequestHeader add X-SSL-Client-Cert %{SSLCC}e

     RewriteRule ^/https(.*)$
https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/RequestHeaderEx
ample$1 [P,L] 

Gets me this...

user-agent  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)  
x-ssl-client-on  SUCCESS  
x-ssl-client-name  Doug S. Barnhart  
x-ssl-client-cert  -----BEGIN CERTIFICATE-----  
max-forwards  10  
x-forwarded-for  10.0.1.55


It appears that I am still not getting the whole ssl client cert even
after the escape...


	RewriteRule .* - [E=SSLCC:${escape:{%1}}]
	
	x-ssl-client-cert  %7b-----BEGIN%20CERTIFICATE-----%7d


Am I doing something wrong on the escape?

Bottom line, I am trying to get that whole client pem certificate to be
pushed across in the header with no luck.


>-----Original Message-----
>From: Lucuk, Pete [mailto:pete.lucuk@ngc.com] 
>Sent: Monday, November 27, 2006 10:04 AM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] How to send WHOLE SSL_CLIENT_CERT 
>in reverse proxy?
>
>Where would I put the Rewrite escape function in the stuff 
>below?  I tried a couple different things and could not get it 
>to work.  Thank you for your help, I appreciate it
>
>
>RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
>RewriteRule .* - [E=SSLCC:%1]
>RequestHeader add X-SSL-Client-Cert %{SSLCC}e
>
>RewriteRule ^/https(.*)$
>https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/Reques
>tHeaderEx
>ample$1 [P,L] 
>
>
>>-----Original Message-----
>>From: Max Dittrich [mailto:max.dittrich@t-online.de]
>>Sent: Thursday, November 23, 2006 8:37 PM
>>To: users@httpd.apache.org
>>Subject: Re: [users@httpd] How to send WHOLE SSL_CLIENT_CERT 
>in reverse 
>>proxy?
>>
>>Lucuk, Pete schrieb:
>>> The backend server is a 3.x version of Jboss that uses Jetty as the 
>>> Servlet engine.
>>> Can you use AJP with Jetty?
>>> 
>>> If not, is there some simple way to yank out the new lines in 
>>> SSL_CLIENT_CERT on the reverse proxy?
>>
>>I just looked up the Apache Docs, because I remembered those internal 
>>RewriteMaps. Maybe there's a chance using the internal RewriteMap 
>>'escape' to encode special characters like "\n".
>>
>>Limitations on the accepted length of headers (2048) may break this 
>>solution.
>>
>>hf,
>>.max
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server 
>>Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message