You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Walter Goulet <wg...@gmail.com> on 2012/05/02 06:06:59 UTC
[users@httpd] [PATCH] Improve docs describing a forward proxy config to enable
proxying SSL requests
Hi,
While setting up a forward proxy server in httpd-2.2.16, it wasn't
immediately obvious to me from reading docs that I needed to enable
mod_proxy_connect to enable the forward proxy to handle CONNECT
requests for proxying SSL traffic. Plus, the mod_ssl SSLProxyEngine
directive could easily be confused as a required component to enable a
forward proxy to properly proxy SSL requests.
Here are patches I've prepared for mod_ssl.xml and mod_proxy.xml to
add additional descriptive text to the <ProxyRequest> directive in
mod_proxy.xml and <SSLProxyEngine> directive in mod_ssl.xml. They are
applied to the latest versions of the docs in trunk.
Thanks,
Walter
wgoulet@ubuntu:~/apachepatch$ cat mod_ssl.xml.patch
--- mod_ssl.xml.trunk 2012-05-01 20:39:23.704643002 -0700
+++ mod_ssl.xml 2012-05-01 20:39:01.632624877 -0700
@@ -1736,7 +1736,7 @@
is usually used inside a <directive module="core"
type="section">VirtualHost</directive> section to enable SSL/TLS for proxy
usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
-disabled for proxy image both for the main server and all configured
virtual hosts.</p>
+disabled for proxy image both for the main server and all configured
virtual hosts. Note that the SSLProxyEngine directive should not, in
general, be included in a virtual host that will be acting as a
forward proxy (using <Proxy> or <ProxyRequest> directives.
SSLProxyEngine is not required to enable a forward proxy server to
proxy SSL/TLS requests.</p>
<example><title>Example</title>
<highlight language="config">
<VirtualHost _default_:443>
wgoulet@ubuntu:~/apachepatch$ cat mod_proxy.xml.patch
--- mod_proxy.xml.trunk 2012-05-01 20:38:38.448808512 -0700
+++ mod_proxy.xml 2012-05-01 20:42:01.296343935 -0700
@@ -562,6 +562,9 @@
need also <module>mod_proxy_http</module> or <module>mod_proxy_ftp</module>
(or both) present in the server.</p>
+ <p>In order to get the functionality of proxying HTTPS sites, you
+ need <module>mod_proxy_connect</module> enabled in the server.</p>
+
<note type="warning"><title>Warning</title>
<p>Do not enable proxying with <directive
module="mod_proxy">ProxyRequests</directive> until you have <a
wgoulet@ubuntu:~/apachepatch$
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org