[users@httpd] SSL redirect ?

[Brent Clark <br...@gmail.com>]

Hiya

I got an interesting request from a client and I was hoping to bounce 
this off you guys.

------------------------------------------------------------------------------------------------------------------------------------------------------------
I need my linux server to accept incoming connections on port 8080 and
forward them to an HTTPS address and do all communications.

So, if a developer connects to, and uses

https://abc.com/v4/transaction?wsdl

it should redirect, communicate, and return data from

https://trans.api.hidden.com/v4/transaction?wsdl

Basically, I need to mask the trans.api.hidden.com and make all 
communications deal with abc.co.za.
------------------------------------------------------------------------------------------------------------------------------------------------------------

This is the same server.

Personally I cant see this is possible, cause of the it been SSL. I 
would assume this activity as no different as a MITM attack.
But googling, says I should look at mod_proxy. Is this possible?

What do you guys think. If someone could help. It would be appreciated.

Kind Regards
Brent Clark

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL redirect ?

[Tom Evans <te...@googlemail.com>]

On Thu, Nov 4, 2010 at 10:56 AM, Brent Clark <br...@gmail.com> wrote:
> Hiya
>
> I got an interesting request from a client and I was hoping to bounce this
> off you guys.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
> I need my linux server to accept incoming connections on port 8080 and
> forward them to an HTTPS address and do all communications.
>
> So, if a developer connects to, and uses
>
> https://abc.com/v4/transaction?wsdl
>
> it should redirect, communicate, and return data from
>
> https://trans.api.hidden.com/v4/transaction?wsdl
>
> Basically, I need to mask the trans.api.hidden.com and make all
> communications deal with abc.co.za.
>
> This is the same server.
>
> Personally I cant see this is possible, cause of the it been SSL. I would
> assume this activity as no different as a MITM attack.
> But googling, says I should look at mod_proxy. Is this possible?
>
> What do you guys think. If someone could help. It would be appreciated.
>
> Kind Regards
> Brent Clark
>

If your client connects to https://abc.com/ , then that is where SSL
will be terminated for the client. If you then proxy that connection
to https://trans.api.hidden.com/ , then that will be a separate SSL
connection between two apache servers, it will not carry any client
certificates that the client initially presented to https://abc.com .

wrt to your later question, apache is more than capable of proxying to
itself. I'm not sure you would need the overhead of an SSL connection
on a request that would never go on the wire.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL redirect ?

[Brent Clark <br...@gmail.com>]

On 04/11/2010 18:25, Joost de Heer wrote:
>
> Yes, you need ProxyPass/ProxyPassReverse and SSLProxyEngine.
>
> Joost
>

And for the idiot and curiosity in me. I take it this is not possible on 
separate machines?

Thanks for replying.

Brent



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL redirect ?

[Joost de Heer <jo...@sanguis.xs4all.nl>]

On 11/04/2010 11:56 AM, Brent Clark wrote:
> Hiya
>
> I got an interesting request from a client and I was hoping to bounce this off
> you guys.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> I need my linux server to accept incoming connections on port 8080 and
> forward them to an HTTPS address and do all communications.
>
> So, if a developer connects to, and uses
>
> https://abc.com/v4/transaction?wsdl
>
> it should redirect, communicate, and return data from
>
> https://trans.api.hidden.com/v4/transaction?wsdl
>
> Basically, I need to mask the trans.api.hidden.com and make all communications
> deal with abc.co.za.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> This is the same server.
>
> Personally I cant see this is possible, cause of the it been SSL. I would
> assume this activity as no different as a MITM attack.
> But googling, says I should look at mod_proxy. Is this possible?

Yes, you need ProxyPass/ProxyPassReverse and SSLProxyEngine.

Joost

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org