www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ilija Stankovski <ili...@psynch.com>
Subject Re: SSL support for mod_proxy ...
Date Tue, 08 Oct 2002 18:54:35 GMT
Hi Graham...

> My understanding is that mod_ssl in apache v1.3 patches mod_proxy to
> enable it to do this:
>
> ProxyPass / https://backend.secure.server/
>
> I am not 100% sure though, as I have never needed to use it.

I will have to try it my self by using mod_ssl. I know that apache-ssl can
not do it.

ProxyPass / https://backand
ProxyPassReverse / https://backend

or

RewriteRule / https://backend [P]

do not seem to be working.

We need this to satisfy security requirements on enterprise level for
security applications. And it only makes sense. Usually the reverse proxy
(apache) resides in a DMZ and it talks to servers in the backend protected
network. As of now the traffic between the DMZ and the Trusted side will
fly in clear if it is not encrypted with SSL. As such, anyone who has
gotten to the DMZ ( which may not be that hard) can sniff on the
connections coming from the Reverse Proxy (Apache).

That is the reason why we are interested in making mod_proxy SSL aware.

In any event, I will try to confirm your findings and see if mod_ssl
behaves any differently from apache-ssl.

I will keep you posted and thanks for your assistance, it is greatly
appreciated

-- 

Regards.

            ______________________________________

             Ilija Stankovski
             Infrastructure Technology Manager
             Mercury Information Technology Inc.
             Tel: (403) 233-0740
             Fax: (403) 233-0725
             E-mail: ilijas@psynch.com
             http://www.psynch.com
            ______________________________________

 __________________________________________________________________

  "If you send me an e-mail request, and I do not respond within 3
  hours, please send it again to 'support@psynch.com' as I may be
  unavailable."
 __________________________________________________________________


Mime
View raw message