Re: [users@httpd] SSL headers through proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi Brian

Thank you for answering. My apache is 2.0.50. I will upgrade it to 2.0.52.  But it seems to me that mod_rewrite will (as the name says) rewrite the URL, and the client will see the new URL. Is that correct?

In my case, the backend server is behind a firewall, so that the cliente doesn't (and must not) know the real application server, that's why i am trying to use mod_ssl, mod_headers and mod_proxy...

Thank you again, Luiz Gustavo


------------- Mensagem Original -------------
Data: Segunda-feira, 18 de Julho de 2005 11:28
De: Brian V. Hughes < brianvh@xxxxxxxxxxxxxxxxxx >
Para: users@xxxxxxxxxxxxxxxx
Assunto: Re: [users@httpd] SSL headers through proxy


You don't say what version of Apache you are using. Hopefully, you are
using at least Apache 2.0.52, because what you want to accomplish can't
really be done with earlier versions. You do want to use mod_headers and
mod_proxy (sort of), but what you are missing is mod_rewrite. The
following is a snippet that you can place in a < VirtualHost> that should
get you what you need:

RewriteEngine on

# Get the SSL Client cert data, if present, and store in a temporary
# environment variabe, after we store it a RewriteCond backreference
# and then add it as a header for the proxy request

RewriteCond %{SSL:SSL_CLIENT_VERIFY} (.*)
RewriteRule .* - [E=SSLC_ON:%1]
RequestHeader add X-SSL-Client-On %{SSLC_ON}e

RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} (.*)
RewriteRule .* - [E=SSLC_NAME:%1]
RequestHeader add X-SSL-Client-Name %{SSLC_NAME}e

# mod_rewite proxy request, uses a loopback to diff port on same server
RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [P,L]

-Brian


Luiz Gustavo Anflor Pereira wrote:
> I am trying to pass the cliente certificate through an apache configured
> with mod_ssl, mod-proxy and mod_headers.
>
> The idea is the client being autenticated in the apache server, but the
> certificate being available to the backend server, something like this:
>
> client < ==> apache server (mod_proxy) < ==> backend server
>
> I need the client certificate in the backend server. All connectios are
> SSL/HTTPS.
>
> I have tried all this configurations, but none worked.
>
> #RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_S_DN
> #RequestHeader set SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}e"
> env=SSL_CLIENT_S_DN
> #RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e"
> #Header add SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e" env=SSL_CLIENT_CERT
> #Header add SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}e" env=SSL_CLIENT_I_DN
>
> ProxyPass /js https://.....
> ProxyPassReverse /js https://....
>
> If you could help me i would thank you so much... :-)
>
> Regards, Luiz Gustavo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See < URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux