httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-Stéphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Can reverse proxy forward digital certificates.
Date Thu, 04 Aug 2005 09:09:31 GMT
Dinner is served!

In this particular case I forward only the client's subject DN. 

	  # If the certificate environment variable is set, save the value in an environment variable
of our own for future reference
        RewriteCond %{SSL:SSL_CLIENT_S_DN}      !=""
        RewriteRule .*                          -       [E=DN:%{SSL:SSL_CLIENT_S_DN}]

	  # Create a rewrite map with the internal escape method in order to escape the query string
        RewriteMap escape int:escape
	  # URLescape the DN envir var, append it to the query string and proxy the whole shabang
to foo.bar
        RewriteRule ^/(.*)                          https://foo.bar/$1?DN=${escape:%{ENV:DN}}
[QSA,P]

You can probably replace the SSL_CLIENT_S_DN used above by any other variable found in the
mod_ssl documentation.

-ascs
 

-----Original Message-----
From: Jose Serrano Rodenas [mailto:serrano_josrod@gva.es] 
Sent: Wednesday, August 03, 2005 7:07 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Can reverse proxy forward digital certificates.

Very Thanks for the information.

Anyway, Do you know some resource where explain how to do what you say.

Thanks again



Axel-Stéphane SMORGRAV wrote:

>As far as I know, it cannot.
>
>What you can do though, is to forward the certificate data as a header variable or in
the query string. The data is available in reverse proxy environment variables. You should
make sure to overwrite any prior value of such a variable contained in the request from the
client.
>
>-ascs
>
>-----Original Message-----
>From: Jose Serrano Rodenas [mailto:serrano_josrod@gva.es]
>Sent: Tuesday, August 02, 2005 5:55 PM
>To: apache
>Subject: [users@httpd] Can reverse proxy forward digital certificates.
>
>Hello everybody.
>
>Could somebody help me with the following question:
>
>In a scenario like this.
>
>Client <-----------HTTS----------->Apache reverse 
>proxy<--------------HTTPS------------->Backend
>
>Can the reverse proxy fordward the Client Digital certificate to the Backend?
>If so, what directives do I have  to configure?
>
>Thanks in avanced
>
>
>
>
>Jose Serrano
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>  
>


--
Jose Serrano Rodenas
Conselleria de Sanitat
Área de Organización y Sistemas de Comunicación.
Centro de Gestion de la red Arterias
Telfno: 96 39-87180
Correo: serrano_josrod@gva.es


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message