Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 86913 invoked from network); 27 Mar 2009 16:03:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Mar 2009 16:03:49 -0000 Received: (qmail 72028 invoked by uid 500); 27 Mar 2009 16:03:45 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 72011 invoked by uid 500); 27 Mar 2009 16:03:45 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 72002 invoked by uid 99); 27 Mar 2009 16:03:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Mar 2009 16:03:45 +0000 X-ASF-Spam-Status: No, hits=-0.6 required=10.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [64.18.1.35] (HELO exprod6og115.obsmtp.com) (64.18.1.35) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 27 Mar 2009 16:03:37 +0000 Received: from source ([63.240.6.3]) (using TLSv1) by exprod6ob115.postini.com ([64.18.5.12]) with SMTP ID DSNKScz4xDc5HqVX8C5hklm2OpfKwGfKkCIC@postini.com; Fri, 27 Mar 2009 09:03:17 PDT Received: from D01SMTP04.Mi8.com ([172.16.1.243]) by Outbound01.Mi8.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 27 Mar 2009 12:03:15 -0400 Received: from MI8NYCMAIL14.Mi8.com ([172.16.1.194]) by D01SMTP04.Mi8.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 27 Mar 2009 12:03:10 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9AEF5.7A12A7B0" Date: Fri, 27 Mar 2009 12:02:49 -0400 Message-ID: <795E60BBD9A86846BFEDF32029788B1B9DF49A@MI8NYCMAIL14.Mi8.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Communication between a reverse proxy server and an interal app server Thread-Index: AcmuVBmALfmxSBwhS82gG1BbwyxLTAAoUTlA From: "YungWei.Chen" To: X-OriginalArrivalTime: 27 Mar 2009 16:03:10.0277 (UTC) FILETIME=[86747750:01C9AEF5] X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Communication between a reverse proxy server and an interal app server ------_=_NextPart_001_01C9AEF5.7A12A7B0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, I'd like to set up a reverse proxy server which forwards requests to an internal app server.=20 Both servers handles only ssl requests. And I have some questions. Thanks. =20 * How many ssl certificates do I need in my current setup? 1 (for the proxy server) or 2 (for both the proxy server and the app server)? * How does the communication between the proxy server and the internal app server work? I mean, does the proxy server first decrypt a request and then encrypt it again before it forward the request to the app server? * I am also thinking about deploying ModSecurity on the proxy server. Are they good combination? =20 =20 ------_=_NextPart_001_01C9AEF5.7A12A7B0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

=20 I'd like to set up a reverse proxy server which forwards requests = to an=20 internal app server.

Both servers handles only ssl = requests. And I have some = questions.=20 Thanks.

=20

*=20 How many ssl certificates do I need in my current setup? 1 (for the = proxy=20 server) or 2 (for both the proxy server and the app=20 server)?

*=20 How does the communication between the proxy server and the internal app = server=20 work? I mean, does the proxy server first decrypt a request and then = encrypt it=20 again before it forward the request to the app=20 server?

*=20 I am also thinking about deploying ModSecurity on the proxy server. = Are=20 they good combination?

------_=_NextPart_001_01C9AEF5.7A12A7B0--