Return-Path: 
 <users-return-97644-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 30222 invoked from network); 4 Nov 2010 17:01:56 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 4 Nov 2010 17:01:56 -0000
Received: (qmail 19173 invoked by uid 500); 4 Nov 2010 17:02:24 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 19132 invoked by uid 500); 4 Nov 2010 17:02:24 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 19122 invoked by uid 99); 4 Nov 2010 17:02:24 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Nov 2010 17:02:24 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of tevans.uk@googlemail.com
 designates 209.85.216.45 as permitted sender)
Received: from [209.85.216.45] (HELO mail-qw0-f45.google.com) (209.85.216.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Nov 2010 17:02:20 +0000
Received: by qwf6 with SMTP id 6so1478289qwf.18
        for <users@httpd.apache.org>; Thu, 04 Nov 2010 10:01:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:content-type;
        bh=/PdRbuMQx+8LWz5f6hVbGyvZv2afxdhD5nEUOnpO6DU=;
        b=B19hQeF+yLYtqw/ERRIp1fmFU3sT/GfwoVvECcKXhG7/+5t5TLG2yHlgSl4kria9Iy
         +PKMqt0FQpq3EIO+8cjPUsPG8UIVBOr/cpUMm2ta/gyGbottLCV5N6Q4slogN7e0HCKO
         1Ap+bqxRKkHiObJ1Jv6B4iPDo40blWh7EEVxc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=DCUxMv+8rcWOKmkGxHCS0DEgyNR3GL9do0R3Rfc9bCO1ZU0gdzC6HevkZWc2WmlH8G
         +4kIJoGPPcMk0YIX+NrxZNoHlHk3hMfGCqT+uI/kGB3ZbK3byu5Nn5ND++q7RbUGQn1q
         4h6fvc0fhbuC5W7YIBs+ax9RyW9c/HihxInEY=
MIME-Version: 1.0
Received: by 10.229.189.4 with SMTP id dc4mr899369qcb.106.1288890118748; Thu,
 04 Nov 2010 10:01:58 -0700 (PDT)
Received: by 10.229.182.18 with HTTP; Thu, 4 Nov 2010 10:01:58 -0700 (PDT)
In-Reply-To: <4CD29148.6000907@gmail.com>
References: <4CD29148.6000907@gmail.com>
Date: Thu, 4 Nov 2010 17:01:58 +0000
Message-ID: <AANLkTinZHik3BfSwunCaJmAvL8hisGfv01xg4c2jNcSC@mail.gmail.com>
From: Tom Evans <tevans.uk@googlemail.com>
To: users@httpd.apache.org
Content-Type: text/plain; charset=UTF-8
Subject: Re: [users@httpd] SSL redirect ?

On Thu, Nov 4, 2010 at 10:56 AM, Brent Clark <brentgclarklist@gmail.com> wrote:
> Hiya
>
> I got an interesting request from a client and I was hoping to bounce this
> off you guys.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
> I need my linux server to accept incoming connections on port 8080 and
> forward them to an HTTPS address and do all communications.
>
> So, if a developer connects to, and uses
>
> https://abc.com/v4/transaction?wsdl
>
> it should redirect, communicate, and return data from
>
> https://trans.api.hidden.com/v4/transaction?wsdl
>
> Basically, I need to mask the trans.api.hidden.com and make all
> communications deal with abc.co.za.
>
> This is the same server.
>
> Personally I cant see this is possible, cause of the it been SSL. I would
> assume this activity as no different as a MITM attack.
> But googling, says I should look at mod_proxy. Is this possible?
>
> What do you guys think. If someone could help. It would be appreciated.
>
> Kind Regards
> Brent Clark
>

If your client connects to https://abc.com/ , then that is where SSL
will be terminated for the client. If you then proxy that connection
to https://trans.api.hidden.com/ , then that will be a separate SSL
connection between two apache servers, it will not carry any client
certificates that the client initially presented to https://abc.com .

wrt to your later question, apache is more than capable of proxying to
itself. I'm not sure you would need the overhead of an SSL connection
on a request that would never go on the wire.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org