httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roy Pearce <R.A.Pea...@bham.ac.uk>
Subject [users@httpd] Authenticating Proxy Server
Date Tue, 15 Apr 2008 11:22:28 GMT
Hi,

We use Apache as an authenticating proxy server to allow off-site 
students to access IP-restricted ejournal sites. They provide their 
university credentials which are validated by a RADIUS server. (We have 
mod_auth_radius + Apache 2.0.63.) Callers configure their Web browsers 
to use a Proxy Auto-Configuration File. This works fine and has done so 
for many years.

However, there is a concern that the username and password are 
transmitted in the clear from, typically, the student's home computer to 
the university's proxy server. We'd like to send these encrypted.

I have tried using an ssl-enabled authenticating proxy server but this 
confuses the browser as it attempts to talk http to an https server.
I have looked at secure tunnelling and also wondered whether or not this 
could be solved using cookies. I can't see my way to make any progress 
on this problem. Can anyone comment or advise on the core issue of how 
one may transmit authenticating information in a secure manner.

Thanks very much.

Roy Pearce
Enterprise Systems Support Team
Computing Systems
University of Birmingham
UK

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message