httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Margus Pärt <margus.p...@ria.ee>
Subject [users@httpd] SetEnvIf, setting value from other env value
Date Thu, 22 Jul 2010 15:22:48 GMT
Hi,

-

I have Apache nodes behind Apache LB and I try to get SSL_* values transparently to application,
queries go:

Client -> Apache LB -> Apache

-

My currenty tested and working solution is as follows:

LB:
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT

Apache:
RewriteEngine On
RewriteRule .* - [E=SSL_CLIENT_CERT:%{HTTP:SSL_CLIENT_CERT}]


-

But I would like to have following solution (or something similar and working:)):

SetEnvIfNoCase SSL_CLIENT_CERT ^.. SSL_CLIENT_CERT=%{HTTP:SSL_CLIENT_CERT}


Please answer to:

1. Problem with currently working solution is that every virtualhost has to have RewriteEngine
On and RewriteOptions inherit, SetEnvIf would be much cleaner and, as I see it, faster, but
it does not work - from looking at documentation (http://httpd.apache.org/docs/2.1/mod/mod_setenvif.html)
it seems that variables there are not supported - so my question is, can anyone suggest a
better solution, and perhaps refer to any good documentation (apache's own documentation is
good, but sometimes it does not cover all the scenarios.)

2. How it is good practice to do SSL offloading, application themselves should be smart enough
to read from headers? I noticed, that for example for mod_weblogic headers must not be separately
sent using mod_headers - mod_weblogic takes SSL parameters from local env, sends them in its
own format to backend and SSL_CLIENT_CERT are available for application also - is there any
other similar alternative for just plain HTTP proxying for Apache?




Best regards,
Margus Pärt

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message