You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brent Clark <br...@gmail.com> on 2010/11/04 11:56:08 UTC
[users@httpd] SSL redirect ?
Hiya
I got an interesting request from a client and I was hoping to bounce
this off you guys.
------------------------------------------------------------------------------------------------------------------------------------------------------------
I need my linux server to accept incoming connections on port 8080 and
forward them to an HTTPS address and do all communications.
So, if a developer connects to, and uses
https://abc.com/v4/transaction?wsdl
it should redirect, communicate, and return data from
https://trans.api.hidden.com/v4/transaction?wsdl
Basically, I need to mask the trans.api.hidden.com and make all
communications deal with abc.co.za.
------------------------------------------------------------------------------------------------------------------------------------------------------------
This is the same server.
Personally I cant see this is possible, cause of the it been SSL. I
would assume this activity as no different as a MITM attack.
But googling, says I should look at mod_proxy. Is this possible?
What do you guys think. If someone could help. It would be appreciated.
Kind Regards
Brent Clark
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL redirect ?
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Nov 4, 2010 at 10:56 AM, Brent Clark <br...@gmail.com> wrote:
> Hiya
>
> I got an interesting request from a client and I was hoping to bounce this
> off you guys.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
> I need my linux server to accept incoming connections on port 8080 and
> forward them to an HTTPS address and do all communications.
>
> So, if a developer connects to, and uses
>
> https://abc.com/v4/transaction?wsdl
>
> it should redirect, communicate, and return data from
>
> https://trans.api.hidden.com/v4/transaction?wsdl
>
> Basically, I need to mask the trans.api.hidden.com and make all
> communications deal with abc.co.za.
>
> This is the same server.
>
> Personally I cant see this is possible, cause of the it been SSL. I would
> assume this activity as no different as a MITM attack.
> But googling, says I should look at mod_proxy. Is this possible?
>
> What do you guys think. If someone could help. It would be appreciated.
>
> Kind Regards
> Brent Clark
>
If your client connects to https://abc.com/ , then that is where SSL
will be terminated for the client. If you then proxy that connection
to https://trans.api.hidden.com/ , then that will be a separate SSL
connection between two apache servers, it will not carry any client
certificates that the client initially presented to https://abc.com .
wrt to your later question, apache is more than capable of proxying to
itself. I'm not sure you would need the overhead of an SSL connection
on a request that would never go on the wire.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL redirect ?
Posted by Brent Clark <br...@gmail.com>.
On 04/11/2010 18:25, Joost de Heer wrote:
>
> Yes, you need ProxyPass/ProxyPassReverse and SSLProxyEngine.
>
> Joost
>
And for the idiot and curiosity in me. I take it this is not possible on
separate machines?
Thanks for replying.
Brent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL redirect ?
Posted by Joost de Heer <jo...@sanguis.xs4all.nl>.
On 11/04/2010 11:56 AM, Brent Clark wrote:
> Hiya
>
> I got an interesting request from a client and I was hoping to bounce this off
> you guys.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> I need my linux server to accept incoming connections on port 8080 and
> forward them to an HTTPS address and do all communications.
>
> So, if a developer connects to, and uses
>
> https://abc.com/v4/transaction?wsdl
>
> it should redirect, communicate, and return data from
>
> https://trans.api.hidden.com/v4/transaction?wsdl
>
> Basically, I need to mask the trans.api.hidden.com and make all communications
> deal with abc.co.za.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> This is the same server.
>
> Personally I cant see this is possible, cause of the it been SSL. I would
> assume this activity as no different as a MITM attack.
> But googling, says I should look at mod_proxy. Is this possible?
Yes, you need ProxyPass/ProxyPassReverse and SSLProxyEngine.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org