www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manon Goo <ma...@manon.de>
Subject Re: Proxying client certificate
Date Fri, 04 Oct 2002 11:05:31 GMT
I do not know if this works
but I would try using mod_rewrite
and rewrite
/ to http://user@realhost/

Where user is extracted from the x509 DN



--On Freitag, 4. Oktober 2002 8:46 Uhr +0200 mapp@fnmt.es wrote:

>
>
>
> Hello all,
>
> I'm trying to do the following and I don't success:
>
> I want to authenticate users against a Apache 2.0.40 proxy using SSL with
> client certificate authentication. Beyond the proxy, there is a Web
> server in militarized zone and I want to forward the X.509v3 user
> certificate to this Web server, in order to perform access control.
>
> I have tried to configure the proxy with SSL and client authentication
> using certs and the Web server with SSL (without authentication) and, of
> course, this doesn't work since two different SSL contexts are
> established: Browser->Proxy and  Proxy->SSL, so the information about the
> SSL channel in the Web server has nothing to do with the browser -> the
> server doesn't receive the user certificate.
>
> I have also tried to configure the proxy with SSL and client
> authentication with certs and the Web server without SSL. This works but,
> obviously, the information about the SSL channel established between the
> browser and the proxy is not forwarded to the Web server.
>
> I've set "SSLOptions" to  "+StdEnvVars +CompatEnvVars +ExportCertData"
> in the proxy and I wonder if it is possible to forward the environment
> variables from the proxy to the Web server.
>
> Can any of you give me any ideas?
>
> Thanks in advance,
>
> Miguel Ángel Peña.
>
>
>
>


Mime
View raw message