Re: Proxy mode with Cert Auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le mardi 30 juin 2009 17:00:24, Peter Schober a écrit :
> * Luis Daniel Lucio Quiroz <luis.daniel.lucio@xxxxxxxxx> [2009-06-30 
23:29]:
> > I have know an apache as inverse proxy https server.  But now that server
> > has included Cert authentication in aplication.  The problem is that now
> > apache does not proxy, is there any configuration to let support
> > authentication?
>
> Is this the same question you sent to this list on 2009-05-28?
> I'm not sure what you're asking this time either.
>
> You can authenticate the proxy itself to the proxied server (the
> application) if the latter requires client cert authentication:
> 
http://httpd.apache.org/docs/2.2/en/mod/mod_ssl.html#sslproxymachinecertifi
>catefile This way http user agents don't need a client certificate, but then
> the application only ever sees the proxy's cert, not the user agent's. This
> may or may not be what you want.
>
> And you can certainly protect the reverse proxy (or just the proxied
> location on the proxy) like any other ressource (mod_auth_* and third
> party friends): http://httpd.apache.org/docs/2.2/en/howto/auth.html
>
> But unless you can rephrase the problem statement (and what exactly
> you're trying to achive) it's hard to know if that is what you need.
> -peter
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


Hi, Yes is same question.
I need that final server sees agents certificate.  
I was reading this link:
http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-
reverse-proxy/start

But i dont know sure if that is what i need

TIA

LD

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux