httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reid Watson <reid.wat...@auckland.ac.nz>
Subject [users@httpd] Vendor Connection via Proxy to SNI Server response 403 Forbidden
Date Sat, 03 Jun 2017 01:11:40 GMT
Hi Everyone,  

There are few posts going around and I was wondering if any one had some advice or experienced
a similar issues 

Current Apache Version: httpd-2.4.12

Issue 

- External Vendor WebServer enables SNI check
- I currently connect to vendor via proxy (from Http to Https) 
- I disable ssl checks on the certificate 
- Each time we make a connection I’m returned 403, the reason is the vendor enables SNI
check and within the Client Hello (SSL Handshake) packet we set ServerName from vHost “Internal-site.test.com”


Basic config 

<VirtualHost *:*>
      
     ServerName Internal-site.test.com

      SSLProxyCheckPeerName off
      SSLProxyCheckPeerCN off
      SSLProxyCheckPeerExpire off

     RewriteCond %{REQUEST_URI} ^/path
     RewriteRule ^/path/(.*) https://vendor-site.com/$1 [P,L,E=vendor-site.com]

</VirtualHost>

Does any one have any advice on the current issue or a trick / workaround with mod_ssl / mod_proxy

for example would I attempt to overwrite the environment variable "SetEnv SSL_TLS_SNI vendor-site.com”
? 

Thanks 
Mime
View raw message