Re: [users@httpd] is it possible ? (ssl-tunneling)

Fri, 26 Jan 2007 04:40:48 -0800 


Hi,

Tnanks for the reply and the configurations.
I made a similar configuration - but just without virtualhost directive -
and it works.
But with firefox it shows the locker (ssl picture on the browser) crossed by a line. 

With IE it doesn't show the locker but everytime a connection is innitiated
it shows a message that ssl starts and then immediately it shows a message that 
ssl ends.

Does this mean that the data between the client and the reversed
proxy is in ssl?

my config:

     SSLEngine on
     SSLProtocol -all +TLSv1 +SSLv3
     SSLCertificateFile    /etc/apache2/server.crt
     SSLCertificateKeyFile /etc/apache2/server.key

    <Location /arena/ >

         SSLCipherSuite MEDIUM
         SSLRequireSSL


         ############## Digest ################
         AuthType Digest
         AuthName "Restricted Area"
         AuthDigestDomain /arena/
         AuthDigestProvider file
         AuthUserFile /var/www/.digestpwd
         Require valid-user

         ProxyPass  http://arena.com/
         ProxyPassReverse http://arena.com/

    </Location>






On 1/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Hi,
is it possible to have the connection between the client and the reverse proxy 
encrypted with ssl and authorization basic ? smth like ssh-tunneling ?

example :

           client <---- SSL ---- >  Apache  <-------------> origin server
                                  reversed
                                  proxy


Yes. This is even a very common setup.

<VirtualHost *:443>
        ServerName wsecure.foo.com

        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile conf/ssl/web.cert
        SSLCertificateKeyFile conf/ssl/server.key
        SSLCertificateChainFile conf/ssl/web.cert


        <Location /app>
                 ProxyPass http://insecure.foo.com/app
                  AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

       </Location>

</VirtualHost>

--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to