www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael" <iplanet_u...@hotmail.com>
Subject Reverse Proxy https question
Date Thu, 27 Jun 2002 00:49:06 GMT
I am trying to Reverse Proxy HTTPS connections in the following manner:

CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy, posing as secure-site.com
(non-ssl, non-decrypting, just passing the https through) -> Sonicwall SSL Accelerator
(a stand-alone HW device for  SSL decryption/encryption, hosting the certificate for secure-site.com,
decrypting the SSL connection) -> WEBSERVER (non-SSL)

The purpose for this design is to keep the webserver behind a layer of switches (for VLANS
and ACLS) and Cisco Content Servers (which act as a router and load balancer) and keep the
Apache proxy server as the "edge presence" of the website. 

What happens with this configuration is:
1) The client browser connects to the Apache proxy
2) The Apache proxy server connects to the SSL accelerator with HTTPS sucessfully, as seen
in the debug-level Apache log files. 
3) The browser waits, waits and waits...
4) The Apache proxy sits, sits and sits. 
5) The Webserver DOES see the non-ssl connection. The information in the access log is:
    "Client IPAddress - - [25/Jun/2002:17:04:18 -0700] "?L / HTTP/1.0" 302 0 "
5) Eventually the client browser gives up and times out.

If I install the certificate for secure-site.com on the Apache reverse proxy server and enable
SSL , then the Apache reverse proxy will connect with SSL to both the browser and the downstream
webserver. This works, but is pointless as it loads the Proxy server's CPU with SSL encryption/decryption.
That's what we have the SSL accelerators for.


What is missing in my config? Is this setup even possible?
Any comments?

Thanks in advance.

-Michael


--------------


This is the Apache config I am using:
----------
Listen IPAddress:443
LogLevel debug
<VirtualHost IPAddress:443>
        SSLProxyEngine On
        ServerName              web-site
        ProxyPass               /       https://secure-site.com
        ProxyPassReverse        /       https://secure-site.com
</VirtualHost>


------------
Server version: Apache/2.0.39
Server built:   Jun 25 2002 16:11:49

-----------
Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_proxy.c
  proxy_connect.c
  proxy_ftp.c
  proxy_http.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c

Mime
View raw message