Hi, I just tried to set up a reverse proxy with apache in order to serve a backend application server with SSL:
request schema: (client) -- https --> (reverse proxy) -- htpps --> (application server ) client : IBM OS2 , ip : 1.2.3.4 reverse proxy server: redhat 7.3, apache 2.0.47 mod_ssl 2.0.47 OpenSSL 0.9.7b, ip: 1.2.3.5 application server: NT 4.0, IBM WebSphere 5.0, ip: 1.2.3.106 ssl communikation port: 9443 problem description: The application server require a user authentification every 8 seconds (refresh cycle for jsp-application). After this time the session will be closed and the client browser wil restart with the login page (start page). In the application server log-file we have a loging entry like: "LOGIN failed". Why the client authentification will be refused. How can i store the session key ?.. or where is my fault ? The parts of my httpd.conf that seem relevant look like: Listen 10.11.35.45:9443 <IfDefine SSL> Listen 9443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/opt/apache2/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/opt/apache2/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfDefine> #NameVirtualHost 1.2.3.5 ### Section 3: Virtual Hosts # Reverse Proxy Entry <IfModule mod_proxy.c> <VirtualHost 1.2.3.5:9443> ServerName 1.2.3.5:9443 ErrorLog /opt/apache2/logs/ssl/ssl-error.log CustomLog /opt/apache2/logs/ssl/secured_access.log "combined" ProxyRequests on SSLProxyEngine on ProxyPass / https://1.2.3.106:9443/ ProxyPassReverse / https://1.2.3.106:9443/ SSLEngine on SSLProxyProtocol all SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP: +eNULL SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 LogLevel debug </VirtualHost> </IfModule> # End of Reverse Proxy Entry AddDefaultCharset Off SSLEngine off .. have someone a idea or a tip for me ? i would be very pleased by some help. Thank a lot Ibrahim Diese E-Mail kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. --------------------------------------------------------------------- To sign-off this list, send email to [EMAIL PROTECTED] with the message text UNSUBSCRIBE MHONARC-USERS
