You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by James <ja...@hotmail.com> on 2003/01/15 10:48:03 UTC
[users@httpd] Ssl proxy
Hi Guys,
I am looking for ssl reverse proxy server. I want a ssl connection
between client with browser and my proxy server. Then the proxy server
should connect to request site in http/https.
So the proxy server rules will look like as follows
Sends request
get request from internet
Client------------------------------->Proxy server
------------------------------------------->Internet
Browser SSL Apache with Proxy and
Any site on the internet
mod_ssl +Rewrite module
i.e. IE
Is it possible? Can I have a ssl proxy setup on apache?
Please help
James.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Ssl proxy
Posted by Laurent Blume <la...@infores.com>.
Since I've never configured Apache as a proxy myself, I can't give you a
very detailed help, but at least a good direction.
First, proxy servers are not simulating the server in any way. Actually,
most proxy servers are using port 8080 (it's just a tradition, not a
standard :-)
You configure that value in your client browser (proxy address and port
number), so that for *any* URL you type in the browser, it first
connects to the proxy on its address/port, the proxy then processes the
data in any way.
So, even if you have HTTPS, or are connecting to a non standard port,
the browser will send data to the proxy on its usual address, telling it
"hey, here is some data to send to that URL, can you do that for me?".
To my (limited) knowledge on proxies, there is no special configuration
to do this (except, of course, allowing it - most proxies can deny
connection to/from addresses and port as a security measure).
I hope this makes it clearer on how it works, I think you will find
detailed instructions in FAQ/How-tos now that you have a better idea
about it all.
Laurent
James wrote:
> Hi,
> Thanks for your reply. How can I configure proxy server to make
> connection between client and final server on ssl connection without
> modifying the request. I should be able to specify port proxyserver:443
> in my browser proxy setting. Will stunnel do this work?
>
> james
>
> -----Original Message-----
> From: Laurent Blume [mailto:laurent.blume@infores.com]
> Sent: 15 January 2003 12:34
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Ssl proxy
>
>
> This looks like a typical "man in the middle" attack on a secure
> connection. However, it can't work that way, because SSL is not only
> encrypting, but
> also authenticating connection to a secure server: the browser on the
> client will notice that the proxy server is pretending to be another
> server, and the certificate won't match.
>
> The only possible SSL proxying is when the proxy server just transmit
> the content of the connection between the client and the final server,
> without trying to read or modify it in anyway way.
>
> If it were different, SSL and certificates would be barely more secure
> than plain text, and would have no object at all, isn't it ?
> :-)
>
> HTH,
>
> Laurent
>
> James wrote:
>
>>Hi Guys,
>>I am looking for ssl reverse proxy server. I want a ssl connection
>>between client with browser and my proxy server. Then the proxy server
>
>
>>should connect to request site in http/https. So the proxy server
>>rules will look like as follows
>>
>> Sends request
>>get request from internet
>>Client------------------------------->Proxy server
>>------------------------------------------->Internet
>>Browser SSL Apache with Proxy and
>>Any site on the internet
>> mod_ssl +Rewrite module
>>i.e. IE
>>
>>
>>Is it possible? Can I have a ssl proxy setup on apache?
>>
>>Please help
>>
>
>
>
--
IRI-Secodip www.infores.com
4, rue André Derain mailto:laurent.blume@infores.com
78240 Chambourcy tel: +33 (0) 130 06 26 52
France fax: +33 (0) 130 65 09 45
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Ssl proxy
Posted by James <ja...@hotmail.com>.
Hi,
Thanks for your reply. How can I configure proxy server to make
connection between client and final server on ssl connection without
modifying the request. I should be able to specify port proxyserver:443
in my browser proxy setting. Will stunnel do this work?
james
-----Original Message-----
From: Laurent Blume [mailto:laurent.blume@infores.com]
Sent: 15 January 2003 12:34
To: users@httpd.apache.org
Subject: Re: [users@httpd] Ssl proxy
This looks like a typical "man in the middle" attack on a secure
connection. However, it can't work that way, because SSL is not only
encrypting, but
also authenticating connection to a secure server: the browser on the
client will notice that the proxy server is pretending to be another
server, and the certificate won't match.
The only possible SSL proxying is when the proxy server just transmit
the content of the connection between the client and the final server,
without trying to read or modify it in anyway way.
If it were different, SSL and certificates would be barely more secure
than plain text, and would have no object at all, isn't it ?
:-)
HTH,
Laurent
James wrote:
> Hi Guys,
> I am looking for ssl reverse proxy server. I want a ssl connection
> between client with browser and my proxy server. Then the proxy server
> should connect to request site in http/https. So the proxy server
> rules will look like as follows
>
> Sends request
> get request from internet
> Client------------------------------->Proxy server
> ------------------------------------------->Internet
> Browser SSL Apache with Proxy and
> Any site on the internet
> mod_ssl +Rewrite module
> i.e. IE
>
>
> Is it possible? Can I have a ssl proxy setup on apache?
>
> Please help
>
--
IRI-Secodip www.infores.com
4, rue André Derain mailto:laurent.blume@infores.com
78240 Chambourcy tel: +33 (0) 130 06 26 52
France fax: +33 (0) 130 65 09 45
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Ssl proxy
Posted by Laurent Blume <la...@infores.com>.
This looks like a typical "man in the middle" attack on a secure connection.
However, it can't work that way, because SSL is not only encrypting, but
also authenticating connection to a secure server: the browser on the
client will notice that the proxy server is pretending to be another
server, and the certificate won't match.
The only possible SSL proxying is when the proxy server just transmit
the content of the connection between the client and the final server,
without trying to read or modify it in anyway way.
If it were different, SSL and certificates would be barely more secure
than plain text, and would have no object at all, isn't it ?
:-)
HTH,
Laurent
James wrote:
> Hi Guys,
> I am looking for ssl reverse proxy server. I want a ssl connection
> between client with browser and my proxy server. Then the proxy server
> should connect to request site in http/https.
> So the proxy server rules will look like as follows
>
> Sends request
> get request from internet
> Client------------------------------->Proxy server
> ------------------------------------------->Internet
> Browser SSL Apache with Proxy and
> Any site on the internet
> mod_ssl +Rewrite module
> i.e. IE
>
>
> Is it possible? Can I have a ssl proxy setup on apache?
>
> Please help
>
--
IRI-Secodip www.infores.com
4, rue André Derain mailto:laurent.blume@infores.com
78240 Chambourcy tel: +33 (0) 130 06 26 52
France fax: +33 (0) 130 65 09 45
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org