# LoadModule foo_module modules/mod_foo.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so
Next ,
<IfModule mod_proxy.c>
RequestHeader set Front-End-Https "On"
ProxyRequests Off
ProxyPreserveHost On
ProxyHTMLLogVerbose On
LogLevel Info
ProxyHTMLExtended On
ProxyHTMLURLMap from-pattern to-pattern flags
AllowCONNECT 443
Hello List,I still have this question coming up: I have an apache configured as a reverse proxy. Behind that proxy there is an application server. A client is to connect to the apache via SSL and it needs to authenticate to the internal application server with it's client certificate. IS THIS AT ALL POSSIBLE?| || |+--------+ | +--------+ | +--------+| client |-----|---->| apache |----- |-->| appsrv || cert-1 | SSL | | cert-2 | SSL | | cert-3 |+--------+ | +--------+ | +--------+| |initiates | encrypts | client logonconnection FW1 with cert-2 FW2 with cert-1As can be seen in the crude picture above: The client initiates the SSL connection to the apache.The apache's cert-2 is used for encryption and the client is prepared to authenticate itself usinghis client cert-1. At the moment the apache is NOT configured to validate the clients certificate, but ignores it - This is because the apache has no knowledge of the application that wants the authentication in the backend server.After the SSL connection between client and apache is established, the apache initiates a new SSL connection to the application server. This connection is encrypted with the appsrv's cert-3. Now the application server want's the client to authenticate itself using client certificate instead of with a normal username/password pair. This, of course, fails at the moment, because the certificate of the apache has no rights in the application and the client cert-1 is lost due to the apache terminating the SSL connection.Now again my question: Can I configure the apache to forward the client cert-1 to the backend application server? Is there a module that I can use for this? I'm not sure at the moment if such a module could work at all.As far as I understand SSL, it needs a direct connection between the two communication partners, but on the other hand a reverse proxy is a common tool to improve the security of a server on the internet, so maybe there is some way to achieve this and I'm just mssing the point.Please, can anyone help me with this?Kind regards,ChristianChristian GüntherSAP NetWeaver Technical ConsultantREALTECHREALTECH system consulting GmbHIndustriestraße 39c69190 Walldorf GermanyTel.: +49 6227 837 267Fax: +49 6227 837 837Mobile: +49 173 302 2153mailto: christian.guenther@xxxxxxxxxxxx