Re: is it possible ? (ssl-tunneling)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi,

Tnanks for the reply and the configurations.
I made a similar configuration - but just without virtualhost directive -
and it works.
But with firefox it shows the locker (ssl picture on the browser) crossed by a line. 

With IE it doesn't show the locker but everytime a connection is innitiated
it shows a message that ssl starts and then immediately it shows a message that 
ssl ends.

Does this mean that the data between the client and the reversed
proxy is in ssl?

my config:

     SSLEngine on
     SSLProtocol -all +TLSv1 +SSLv3
     SSLCertificateFile    /etc/apache2/server.crt
     SSLCertificateKeyFile /etc/apache2/server.key

    <Location /arena/ >

         SSLCipherSuite MEDIUM
         SSLRequireSSL


         ############## Digest ################
         AuthType Digest
         AuthName "Restricted Area"
         AuthDigestDomain /arena/
         AuthDigestProvider file
         AuthUserFile /var/www/.digestpwd
         Require valid-user

         ProxyPass  http://arena.com/
         ProxyPassReverse http://arena.com/

    </Location>






On 1/22/07, arry@xxxxxxxxxxxxxxx <arry@xxxxxxxxxxxxxxx> wrote:

Hi,
is it possible to have the connection between the client and the reverse proxy 
encrypted with ssl and authorization basic ? smth like ssh-tunneling ?

example :

           client <---- SSL ---- >  Apache  <-------------> origin server
                                  reversed
                                  proxy


Yes. This is even a very common setup.

<VirtualHost *:443>
        ServerName wsecure.foo.com

        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile conf/ssl/web.cert
        SSLCertificateKeyFile conf/ssl/server.key
        SSLCertificateChainFile conf/ssl/web.cert


        <Location /app>
                 ProxyPass http://insecure.foo.com/app
                  AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

       </Location>

</VirtualHost>

--
krist.vanbesien@xxxxxxxxx
Bremgarten b. Bern, Switzerland
--


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux