This...
RewriteMap escape int:escape
RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
RewriteRule .* - [E=SSLCC:${escape:{%1}}]
RequestHeader add X-SSL-Client-Cert %{SSLCC}e
RewriteRule ^/https(.*)$
https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/RequestHeaderEx
ample$1 [P,L]
Gets me this...
user-agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
x-ssl-client-on SUCCESS
x-ssl-client-name Doug S. Barnhart
x-ssl-client-cert %7b-----BEGIN%20CERTIFICATE-----%7d
max-forwards 10
x-forwarded-for 10.0.1.55
And this...
RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
RewriteRule .* - [E=SSLCC:%1]
RequestHeader add X-SSL-Client-Cert %{SSLCC}e
RewriteRule ^/https(.*)$
https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/RequestHeaderEx
ample$1 [P,L]
Gets me this...
user-agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
x-ssl-client-on SUCCESS
x-ssl-client-name Doug S. Barnhart
x-ssl-client-cert -----BEGIN CERTIFICATE-----
max-forwards 10
x-forwarded-for 10.0.1.55
It appears that I am still not getting the whole ssl client cert even
after the escape...
RewriteRule .* - [E=SSLCC:${escape:{%1}}]
x-ssl-client-cert %7b-----BEGIN%20CERTIFICATE-----%7d
Am I doing something wrong on the escape?
Bottom line, I am trying to get that whole client pem certificate to be
pushed across in the header with no luck.
>-----Original Message-----
>From: Lucuk, Pete [mailto:pete.lucuk@xxxxxxx]
>Sent: Monday, November 27, 2006 10:04 AM
>To: users@xxxxxxxxxxxxxxxx
>Subject: RE: How to send WHOLE SSL_CLIENT_CERT
>in reverse proxy?
>
>Where would I put the Rewrite escape function in the stuff
>below? I tried a couple different things and could not get it
>to work. Thank you for your help, I appreciate it
>
>
>RewriteCond %{SSL:SSL_CLIENT_CERT} (.*)
>RewriteRule .* - [E=SSLCC:%1]
>RequestHeader add X-SSL-Client-Cert %{SSLCC}e
>
>RewriteRule ^/https(.*)$
>https://kftcsu14.ftc.lab:48605/servlets-examples/servlet/Reques
>tHeaderEx
>ample$1 [P,L]
>
>
>>-----Original Message-----
>>From: Max Dittrich [mailto:max.dittrich@xxxxxxxxxxx]
>>Sent: Thursday, November 23, 2006 8:37 PM
>>To: users@xxxxxxxxxxxxxxxx
>>Subject: Re: How to send WHOLE SSL_CLIENT_CERT
>in reverse
>>proxy?
>>
>>Lucuk, Pete schrieb:
>>> The backend server is a 3.x version of Jboss that uses Jetty as the
>>> Servlet engine.
>>> Can you use AJP with Jetty?
>>>
>>> If not, is there some simple way to yank out the new lines in
>>> SSL_CLIENT_CERT on the reverse proxy?
>>
>>I just looked up the Apache Docs, because I remembered those internal
>>RewriteMaps. Maybe there's a chance using the internal RewriteMap
>>'escape' to encode special characters like "\n".
>>
>>Limitations on the accepted length of headers (2048) may break this
>>solution.
>>
>>hf,
>>.max
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server
>>Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|