Hi, We have a reverse proxy that accepts requests over HTTPS with client cert authentication, which will then proxy over the request to the internal server(s) over plain HTTP. In the internal server's application, it would authenticate the user using Basic authentication. Right now, the proxy server is running on Apache 1.3. We wrote a custom module that would strip out the entire DN out of the SSL headers from the incoming request and then insert it into the proxied request as a Basic Auth header with a generic password (something like "/O=My Company/OU=My CA/CN=My User:password") The internal application would validate the user based purely on the DN itself so the password doesn't matter. I would like to upgrade the reverse proxy to use Apache 2.2 now. Instead of writing another custom module, I would like to see if existing mods can be employed to do this. This post in the archives (http://mail-archives.apache.org/mod_mbox/httpd-users/200504.mbox/<af5b9c4169ad4cd24e78522972f70e7d%40alum.dartmouth.org>) uses mod_rewrite to proxy the entire client cert SSL header over to the opposing side of reverse proxy. Hence, I figure that it may be possible to do the same but to manipulate the the proxied request in a different manner instead. I'm quite a greenhorn in Apache configuration, so I thought I'd fish around to see if anyone has already gotten this down pat. Would appreciate any pointers and also any warnings if I'm going about this completely wrong. Thanks! Wong --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|