Re: HTTPS over mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18.10.2010 11:17, Hendrik Schmieder wrote:
Joost de Heer schrieb:
On 10/18/2010 11:03 AM, Hendrik Schmieder wrote:
Hello,

with http over a proxy (like Apache mod_proxy) I send something like

<request>
GET http://192.168.2.234:7777/server/info HTTP/1.1
Content-Length: 0
Host: 192.168.2.234:7777
Connection: Keep-Alive
Accept-Encoding: identity, *;q=0

</request>

But I'm not sure what to send in case of HTTPS over proxy.

The same or should I replace 'http' by 'https' ?

No, you use the CONNECT method.


Maybe I was not clear enough.

I send the lines between
<request> and </request>
to the proxy.

You are talking about a forward proxy. There are two ways you can do https using a forward proxy.

Either you want end-to-end security. Then the proxy simply provides a tunnel to the back-end server and browser and back-end directly communicate over https (ssl handshake etc.). In order to make this work, the client/browser send a special request to the proxy, indicating to which server and port it wants the proxy to open the tunnel. The HTTP method used here is named "CONNECT". Apache supports it, but it is off by default.

Or you actually want to talk http to the proxy and the proxy should talk https to the back-end. This mode is not supported by "normal" clients like e.g. browsers. As soon as you configure an https proxy for them, they will use the CONNECT method. If you have full control over the clint you can nevertheless use this method. Not that it obvously doesn't provide end-to-end security. Apache does support this mode as well. And yes, that is the mode that works like you suggested, using "https" as the scheme in the URL provided in the first reuest line.

If you want to use either of the two methods, you should make sure you are using Apache 2.2.

Regards,

Rainer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux