No - that's not possible. What you can do however, is to use mod_rewrite to retrieve the ssl id from the client-rproxy connection and insert it as a header into the rproxy-balancer connection. Search for previous threads on this list about forwarding client certificate data to a backend server through a reverse proxy, for example "[users@httpd] Can reverse proxy forward digital certificates", as you will probably be able to use those rewrite rules as a starting point. -ascs -----Original Message----- From: Francisco Gimeno [mailto:kikov@xxxxxxxxx] Sent: Wednesday, July 05, 2006 12:27 PM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] mod_proxy keepalive ssl Hello This is my first mail here and I know a poor English, so please excuse any inconvenience... ;) I'm trying to setup a reverse proxy using mod_proxy to a cluster of WebServers, balanced with an Alteon G5 with sslid mechanism. Indeed, the reverse proxies are a cluster of 4 too, balanced with kernel IPVS ( but this is not important at the moment ). I have observed problems maintaining the session when using HTTPS and not HTTP. SSL is a set of protocols built on top of TCP/IP that allows an application server and client to communicate over an encrypted HTTP session, providing authentication, non-repudiation, and security. The SSL protocol handshake is performed using clear (unencrypted) text. The content data is then encrypted (using an algorithm exchanged during the handshake) prior to being transmitted. Using the SSL session ID, the switch forwards the client request to the same real server to which it was bound during the last session. Because SSL protocol allows many TCP connections to use the same session ID from the same client to a server, key exchange needs to be done only when the session ID expires. This reduces server overhead and provides a mechanism, even when the client IP address changes, to send all sessions to the same real server. --- Is there a way to have the same SSL ID in the SSLProxyengine for the same client? how does it work? Is the SSL ID for the client-rproxy the same that the rproxy-balancer? How can I fix this? Thx a lot, Francisco Gimeno --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|