Re: reverse proxy choice to origin servers: https->https or https->http (Apache Users)

Re: reverse proxy choice to origin servers: https->https or https->http

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>

Subject: Re: reverse proxy choice to origin servers: https->https or https->http

From: Jakub Moscicki <Jakub.Moscicki@xxxxxxx>

Date: Mon, 10 Feb 2014 14:15:13 +0000

Accept-language: en-GB, en-US

In-reply-to: <7855339E-2BB7-420F-B528-F8AF516FAA7A@cern.ch>

Reply-to: users@xxxxxxxxxxxxxxxx

Thread-index: AQHPJj3K3s08RqqS2E+XXMbZs2F5C5qud8eA

Thread-topic: reverse proxy choice to origin servers: https->https or https->http

Is it true that if proxy is setup https->http then it only has to

decrypt/encrypt the headers and the body is encrypted/decrypted on the backend?

What ? Eh, no. If you configure your frontend with https and your backends with http, then you just told apache to NOT use SSL between mod_proxy and the backend servers. Only your frontends will do SSL handshakes in this setup. That's pretty much SSL Offloading, maybe you got that confused ?

Sorry, it was a typo of course. I mean: https->https. So if a proxy forwards https to the backend which accepts https - then would the proxy decrypt the headers only or the entire request? I am adding cookies at the proxy for stickyness so the proxy must be handling the headers.

In my case http at the backend could be an option inside a trusted network.

kuba