Julian Gilbey wrote:
> On Thu, Mar 17, 2011 at 02:28:35PM -0400, Jim Paris wrote:
> > Package: proxytunnel
> > Version: 1.9.0-3jim
> > Severity: wishlist
> > Tags: patch
> >
> > Hi,
> >
> > Based on the directions at
> > http://dag.wieers.com/howto/ssh-http-tunneling/
> > I'm using proxytunnel to connect to an Apache server and then CONNECT
> > to my destination host. A local firewall blocks this when
> > unencrypted, but allows SSL traffic through. Thus, I want to use
> > proxytunnel's -e option.
> [...]
> > That bug has been open and debated for over 7 years. It's much easier
> > for me to workaround this bug in proxytunnel instead -- proxytunnel
> > just needs to stop using SSL as soon as the CONNECT string is sent.
> > Please consider the attached patch which adds this feature through a
> > new --buggy-encrypt-proxy (-B) option.
>
> I've just tried it, but it doesn't work for me. I presume this is
> because the host I'm going through only accepts SSL traffic on port
> 443 and only accepts non-SSL traffic on port 80. Do you have Apache
> setup so that it can accept either SSL or non-SSL on the same port?
>
> Julian
I have Apache set up to require SSL on port 443, but the Apache bug
means that it stops using SSL (and switches to plaintext) as soon as
mod_proxy takes over. My config is roughly
<VirtualHost *:443>
SSLEngine on
ProxyRequests on
AllowCONNECT 22
ProxyVia on
<Proxy *>
Order deny,allow
Deny from all
</Proxy>
<Proxy destination-ssh-host.example.com>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
-jim
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
