Hi,
I've configured a forward proxy by enabling the "ProxyRequests" switch in
the mod_proxy module. It forwards client traffic to origin server perfectly.
But we have a requirement (for security purpose) that we need to inspect TLS
handshake between the client and server. To be specific, following two
should be met in order for the proxy to allow the connection:
1. The origin server address must be in our whitelist, and the server
must provide a correct server certificate during TLS handshake
2. The client must provide a client certificate during TLS handshake.
And the certificate's subject must be in our whitelist.
Is there a way I can do that in forward proxy mode? Any suggestion is
appreciated!
Following is my proxy configuration:
Listen 8080
<VirtualHost _default_:8080>
DocumentRoot "${SRVROOT}/htdocs"
ServerName www.example.com:8080
ServerAdmin admin@xxxxxxxxxxx
ErrorLog "${SRVROOT}/logs/error.log"
ProxyRequests On
ProxyVia On
SSLOptions +StdEnvVars
SSLProxyVerify require
SSLProxyCheckPeerCN on
SSLProxyCheckPeerName on
<Proxy "*">
</Proxy>
CustomLog "${SRVROOT}/logs/zz.log" \
"%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x Server_DN:
%{SSL_SERVER_S_DN}x Client_DN: %{SSL_CLIENT_S_DN}x \"%r\" %>s %b"
</VirtualHost>
Thanks!
Leon
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|