Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tuesday 25 July 2006 03:18, Joshua Slive wrote:

> First, SSL without a valid certificate trusted by the client is not
> any safer than plain-text in the end.  A "man-in-the-middle" could sit
> on the wire, provide your clients with a bogus certificate, and
> decrypt all the traffic on the way back and forth to the server.
> Since your clients are used to hitting "ignore" on the certificate
> error warnings, they would be none-the-wiser.

You're absolutely right but I don't have any "clients". These services are not 
for public use. This isn't a production service available to real 
clients/customers. I have some services at home I like/need to have available 
from outside. Moreover, there is nothing absolutely critical and most of 
these services could be available through plain HTTP. Remember that I talked 
about a "poor's man" HTTPS virtual hosting, nothing related to production 
use.

> Second, what you want is not possible in any released version of
> apache.  mod_ifenv wouldn't do it, since I'm fairly sure it cues off
> env variables set at apache start time, not off dynamic per-request
> env variables.  That kind of per-request configuration is only
> possible if individual env variables support it.

That's interesting! There's nothing in the ifenv module which indicates that 
the env vars are dynamically called and examined. You have a big point here.

> As luck would have it, I believe there is some action on the
> development list about making it possible to use env variables in
> ProxyPassReverse.  But it isn't in any released version, and likely
> won't be for some time.

Thanks for the information I wasn't aware of that :-) I can test that.

-- 
SithLord

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux