On 19 Nov 2010, at 3:15 PM, Plüm, Rüdiger, VF-Group wrote:
For a while, mod_ssl has been able to secure connections from
mod_proxy, backwards towards some backend server.
For some reason however, the directives that control this behavior
SSLProxy* are all scoped virtual host only, making it
possible to SSL
protect just one single ProxyPass going backwards, and not more than
one, something that severely limits the usefulness of the feature.
What limits do you see with the actual "per virtual host"
configuration?
Most specifically, any attempt to set a client certificate to a
particular proxypass ends up being valid server wide.
Each backend server which a reverse proxy proxies to has the potential
to have different requirements for SSL, from client certs, to ciphers
used, etc.
We have worked around this to date by either delegating this task to
load balancers, or writing little php apps to proxy the connections,
but this is really ugly, when mod_proxy+mod_ssl can potentially do
this itself.
Regards,
Graham
--
