Re: Client Cert Authentication behind an apache proxy without headers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Obviously, SSL protects traffic from any tampering by proxy. However, proxy can pass traffic through as-is when asked with CONNECT method; it might solve your problem depending on what this problem is (why do you need proxy in the first place?).


--

With Best Regards,
Marat Khalili

On 01/07/15 17:23, pankit thapar wrote:
Yes, the above link provides a directive to authenticate proxy which is not what I am looking for.
I actually thought that I could use connect protol to create a tunnel from client through proxy to the backend server.
What do you think about that? 

On Wed, Jul 1, 2015 at 5:05 AM, Daniel <dferradal@xxxxxxxxx> wrote:
You can make your proxy identify with a specific key-cert combination with:
SSLProxyMachineCertificateFile
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxymachinecertificatefile

But "passthrough" as you say, that's not how proxy works AFAIK.

2015-06-30 23:57 GMT+02:00 pankit thapar <thapar.pankit@xxxxxxxxx>:
Hi,

I wanted to know if there is a way to pass on the client cert as it is to a backend server through an apache proxy without using the SSL headers.

Scenario:
Client---https--->Proxy(:443)---https--->BackEnd(:PORT)

The above figure is what I want to set up.
So, basically I want apache proxy to act as a man in the middle and just forward the https request as it is.

Please let me know if someone has an idea on this.

Thanks,
Pankit



--
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux