Re: [users@httpd] [DEV-REQUEST] mod_ifenv ported to Apache2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



if youre worried about a man in the middle attack but still want a poor man's hosting you could get a one month trial certificate from rapidssl.com for practically any domain (including dynamic ones like mysite.no-ip.com.) during the trial period (they basically set the certificate to expire in a month's time) you can be free of m-i-t-m attacks. but even after the trial period all you have is an expired certificate - which except for the date and the browser pop-up which says that the cert has expired is still free from m-i-t-m attacks.

im sorry i didnt follow the entire thread so am not sure if the above will help you in anyway. it would be nice if each message from the list would include a http link to a message thread somewhere...

SithLord wrote:
On Tuesday 25 July 2006 03:18, Joshua Slive wrote:

  
First, SSL without a valid certificate trusted by the client is not
any safer than plain-text in the end.  A "man-in-the-middle" could sit
on the wire, provide your clients with a bogus certificate, and
decrypt all the traffic on the way back and forth to the server.
Since your clients are used to hitting "ignore" on the certificate
error warnings, they would be none-the-wiser.
    

You're absolutely right but I don't have any "clients". These services are not 
for public use. This isn't a production service available to real 
clients/customers. I have some services at home I like/need to have available 
from outside. Moreover, there is nothing absolutely critical and most of 
these services could be available through plain HTTP. Remember that I talked 
about a "poor's man" HTTPS virtual hosting, nothing related to production 
use.

  
Second, what you want is not possible in any released version of
apache.  mod_ifenv wouldn't do it, since I'm fairly sure it cues off
env variables set at apache start time, not off dynamic per-request
env variables.  That kind of per-request configuration is only
possible if individual env variables support it.
    

That's interesting! There's nothing in the ifenv module which indicates that 
the env vars are dynamically called and examined. You have a big point here.

  
As luck would have it, I believe there is some action on the
development list about making it possible to use env variables in
ProxyPassReverse.  But it isn't in any released version, and likely
won't be for some time.
    

Thanks for the information I wasn't aware of that :-) I can test that.

  
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux