Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/24/06, SithLord <apache-mail@xxxxxxxxx> wrote:


There is a mod_ifenv 0.1 for Apache 1.3.x here :
http://www.modwest.com/download/mod_ifenv-0.1.tar.gz

It was created by Sean Gabriel Heacock <gabriel@xxxxxxxxxxx> but this email is
no longer valid.

This module could be very handy to create some kind of poor's man HTTPS
virtual hosting. There are a lot of services I'd like to access to but I want
them to be SSL wrapped and be shown as a standalone VirtualHost. As I only
have one IP address, I must find a trick to do it :) I don't care about the
uniqueness of the SSL certificate "Common Name" and the warning in web
browsers. My primary matter is to make sure all the data is travelling
wrapped in a SSL connection.

Until now, I managed to play a bit with mod_rewrite which is perfect for
replacing "ProxyPass" directive. Unfortunately, there's nothing to
manage "ProxyPassReverse" the same way...


First, SSL without a valid certificate trusted by the client is not
any safer than plain-text in the end.  A "man-in-the-middle" could sit
on the wire, provide your clients with a bogus certificate, and
decrypt all the traffic on the way back and forth to the server.
Since your clients are used to hitting "ignore" on the certificate
error warnings, they would be none-the-wiser.

Second, what you want is not possible in any released version of
apache.  mod_ifenv wouldn't do it, since I'm fairly sure it cues off
env variables set at apache start time, not off dynamic per-request
env variables.  That kind of per-request configuration is only
possible if individual env variables support it.

As luck would have it, I believe there is some action on the
development list about making it possible to use env variables in
ProxyPassReverse.  But it isn't in any released version, and likely
won't be for some time.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux