httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] SSL Proxy to back end servers
Date Mon, 30 Apr 2007 23:41:13 GMT
On 4/30/07, wi <icebattle@gmail.com> wrote:
> Hi all
>
> I have an Apache instance that is functioning as a reverse proxy for our app
> server. For standard http, this works fine. However, we'd like to send SSL
> traffic through the proxy to the back end server. I don't want to decrypt
> the traffic at the Apache instance, just re-route it to the back end?
>
> I can't seem to find a way to do this, without doing the decryption. Is
> mod_proxy up for this?

I don't think you can reverse-proxy ssl. Since everything is
encrypted, there is nothing for a reverse-proxy to handle -- just a
raw stream of bytes. For a forward proxy, this is handled using the
CONNECT method; but obviously the client needs to know about the proxy
to use that.

Luckily there is an easy alternative. Just use "port forwarding" at
the OS or firewall-level. Since there is no processing that can be
done at the apache-level (due to the encryption) you don't lose
anything by doing simple port-forwarding.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message