httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@mail.orbitel.bg
Subject Re: [users@httpd] is it possible ? (ssl-tunneling)
Date Fri, 26 Jan 2007 12:40:16 GMT

Hi,

Tnanks for the reply and the configurations.
I made a similar configuration - but just without virtualhost directive -
and it works.

But with firefox it shows the locker (ssl picture on the browser)  
crossed by a line.

With IE it doesn't show the locker but everytime a connection is innitiated
it shows a message that ssl starts and then immediately it shows a  
message that
ssl ends.

Does this mean that the data between the client and the reversed
proxy is in ssl?

my config:

      SSLEngine on
      SSLProtocol -all +TLSv1 +SSLv3
      SSLCertificateFile    /etc/apache2/server.crt
      SSLCertificateKeyFile /etc/apache2/server.key

     <Location /arena/ >

          SSLCipherSuite MEDIUM
          SSLRequireSSL


          ############## Digest ################
          AuthType Digest
          AuthName "Restricted Area"
          AuthDigestDomain /arena/
          AuthDigestProvider file
          AuthUserFile /var/www/.digestpwd
          Require valid-user

          ProxyPass  http://arena.com/
          ProxyPassReverse http://arena.com/

     </Location>






On 1/22/07, arry@mail.orbitel.bg <arry@mail.orbitel.bg> wrote:
> Hi,
>
> is it possible to have the connection between the client and the  
> reverse proxy
> encrypted with ssl and authorization basic ? smth like ssh-tunneling ?
>
> example :
>
>            client <---- SSL ---- >  Apache  <-------------> origin server
>                                   reversed
>                                   proxy

Yes. This is even a very common setup.

<VirtualHost *:443>
         ServerName wsecure.foo.com

         SSLEngine on
         SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

         SSLCertificateFile conf/ssl/web.cert
         SSLCertificateKeyFile conf/ssl/server.key
         SSLCertificateChainFile conf/ssl/web.cert


         <Location /app>
                  ProxyPass http://insecure.foo.com/app
                   AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

        </Location>

</VirtualHost>

-- 
krist.vanbesien@gmail.com
Bremgarten b. Bern, Switzerland
--


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message