httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Pizzoli <marco.pizz...@gmail.com>
Subject Re: AW: [users@httpd] Client certificate auth behind f5 loadbalancer
Date Sat, 28 Jun 2014 17:54:26 GMT
Hi Marc,
as F5 user maybe you are not yet aware that with F5, leveraging iRules, you
can:
- implement client cert verification/validation, also specifically checking
the CN of the certificate
- publish to the apache backend custom HTTP headers carrying informations
extracted from the client certificate

Both cases are well documented on the F5 site. The first one in particular
I can say by having implemented on my own.

Is it something useful to your case?

Regards
Marco




On Sat, Jun 28, 2014 at 5:04 PM, Marc Schöchlin <ms@256bit.org> wrote:

> Hi,
>
> On 06/26/2014 04:08 PM, Andre.Wendel@bmw.de wrote:
> > Why do you terminate the ssl on the F5 and not on the Apache-backend? We
> load balance IP/Port-based on the F5 and terminate the SSL on the Apache
> backend, so you would be able to turn on your SSLEngine and Proxy the SSL
> from the F5 on the SSL Standard SSL Port 443 of the Apache and you can do
> everything you want because you have all SSL information.
>
> i use a wildcard certificate on my frontend ip to do irule-based (looking
> for the hostheader) backend pool selection.
> Therefore it would be good to terminate ssl in the f5.
>
> I will now use a new frontend ip on the loadbalancer and i then i will
> forward the traffic to the backend servers....
>
> Regards
> Marc
>
> --
> GPG encryption available: 0x670DCBEC/pool.sks-keyservers.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message