RE: [users@httpd] Can reverse proxy forward digital certificates.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dinner is served!

In this particular case I forward only the client's subject DN. 

	  # If the certificate environment variable is set, save the value in an environment variable of our own for future reference
        RewriteCond %{SSL:SSL_CLIENT_S_DN}      !=""
        RewriteRule .*                          -       [E=DN:%{SSL:SSL_CLIENT_S_DN}]

	  # Create a rewrite map with the internal escape method in order to escape the query string
        RewriteMap escape int:escape
	  # URLescape the DN envir var, append it to the query string and proxy the whole shabang to foo.bar
        RewriteRule ^/(.*)                          https://foo.bar/$1?DN=${escape:%{ENV:DN}} [QSA,P]

You can probably replace the SSL_CLIENT_S_DN used above by any other variable found in the mod_ssl documentation.

-ascs
 

-----Original Message-----
From: Jose Serrano Rodenas [mailto:serrano_josrod@xxxxxx] 
Sent: Wednesday, August 03, 2005 7:07 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Can reverse proxy forward digital certificates.

Very Thanks for the information.

Anyway, Do you know some resource where explain how to do what you say.

Thanks again



Axel-Stéphane SMORGRAV wrote:

>As far as I know, it cannot.
>
>What you can do though, is to forward the certificate data as a header variable or in the query string. The data is available in reverse proxy environment variables. You should make sure to overwrite any prior value of such a variable contained in the request from the client.
>
>-ascs
>
>-----Original Message-----
>From: Jose Serrano Rodenas [mailto:serrano_josrod@xxxxxx]
>Sent: Tuesday, August 02, 2005 5:55 PM
>To: apache
>Subject: [users@httpd] Can reverse proxy forward digital certificates.
>
>Hello everybody.
>
>Could somebody help me with the following question:
>
>In a scenario like this.
>
>Client <-----------HTTS----------->Apache reverse 
>proxy<--------------HTTPS------------->Backend
>
>Can the reverse proxy fordward the Client Digital certificate to the Backend?
>If so, what directives do I have  to configure?
>
>Thanks in avanced
>
>
>
>
>Jose Serrano
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>  
>


--
Jose Serrano Rodenas
Conselleria de Sanitat
Área de Organización y Sistemas de Comunicación.
Centro de Gestion de la red Arterias
Telfno: 96 39-87180
Correo: serrano_josrod@xxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux