You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Michael Stapelberg <mi...@maxspot.de> on 2006/12/21 09:31:48 UTC

[users@httpd] How to extend the Protocol when using SSL?

Hello everyone,

I'd like to pass some information using my own HTTP-client to apache. I used
to just append them to the HTTP-headers using X-Foo: bar and getting them in
PHP via $_SERVER['X_FOO']. 

Now I decided that SSL is necessary for my purpose and now there is a little
problem: Man-in-the-middle (what my old method actually was) is no longer
possible.

The simplest solution for me on client-side that I can think of would be
firstly sending my additional parameters and then starting the SSL-session.
This is possible in the FTP protocol also, so technically it should not be a
problem.

The question is: What's the simplest method of telling apache that it should
call my own module when the connection arrives and handle the rest of the
connection by itself after my module has finished getting the additional
information?

Best Regards and thanks in advance,
Michael Stapelberg
maxspot GmbH

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to extend the Protocol when using SSL?

Posted by Eric Covener <co...@gmail.com>.

On 12/21/06, Michael Stapelberg <mi...@maxspot.de> wrote:
> Hello everyone,
>
> I'd like to pass some information using my own HTTP-client to apache. I used
> to just append them to the HTTP-headers using X-Foo: bar and getting them in
> PHP via $_SERVER['X_FOO'].
>
> Now I decided that SSL is necessary for my purpose and now there is a little
> problem: Man-in-the-middle (what my old method actually was) is no longer
> possible.

Are you doing this in the client itself or somewhere in the middle?

What in apache cares the header came in over SSL?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to extend the Protocol when using SSL?

Posted by Michael Stapelberg <mi...@maxspot.de>.

Hello William,

* [21.12.06 09:57]:
> See Connection-Upgrade, but it won't solve your problem.  The upgrade request
> is just that, one request; you still won't be able to add your headers.

wow, that's a pretty cool new feature. A quick implementation showed that it
works exactly as required, the only thing that does not work is adding
headers. I actually send the following now:
OPTIONS * HTTP/1.1\n
Host: foo\n
X-Foo: bar\n
Upgrade: TLS/1.0\n
Connection: upgrade\n\n

Unfortunately, $_SERVER['HTTPS_X_FOO'] is not defined in PHP. Is there any
possibility to define it?

Thanks in advance,
Best regards,
Michael Stapelberg

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to extend the Protocol when using SSL?

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

See Connection-Upgrade, but it won't solve your problem.  The upgrade request
is just that, one request; you still won't be able to add your headers.

If you are a proxy, have the app continue to create an http: request, and
do the https: request to the apache back end from your proxy.

Michael Stapelberg wrote:
> Hello everyone,
> 
> I'd like to pass some information using my own HTTP-client to apache. I used
> to just append them to the HTTP-headers using X-Foo: bar and getting them in
> PHP via $_SERVER['X_FOO']. 
> 
> Now I decided that SSL is necessary for my purpose and now there is a little
> problem: Man-in-the-middle (what my old method actually was) is no longer
> possible.
> 
> The simplest solution for me on client-side that I can think of would be
> firstly sending my additional parameters and then starting the SSL-session.
> This is possible in the FTP protocol also, so technically it should not be a
> problem.
> 
> The question is: What's the simplest method of telling apache that it should
> call my own module when the connection arrives and handle the rest of the
> connection by itself after my module has finished getting the additional
> information?
> 
> Best Regards and thanks in advance,
> Michael Stapelberg
> maxspot GmbH
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> .
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org