This may sound like a strange
request (and a kludge), but I need to find a way to perform
in-transit authentication and filtering based on the content of SSL
requests, along with potential dynamic modification of the SSL request.
Could modssl be used as a basis to create a type of filtering SSL proxy?
Basically I have two questions:
- Would it be possible (and even better, does
anyone know if this has already been done somewhere), to use modssl to
encrypt/decrypt ssl proxy requests so that filtering can be performed on the
content? I do realize that this would trigger browser alerts for
certificate mismatches. - Is it possible to use apache-modssl as a
transparent proxy/firewall, such that it transparently filters all connections
to port 443 and proxys them? This isn't critical, as browsers could be
reconfigured to specifically point to the proxy, but it would be
helpful.
I would appreciate any comments on the level of
effort it might take to modify modssl in this way, or if there is any other code
package that may be more suited to do this type of work.
For those interested (and I'm sure some are), the
intent here is to provide access to various 3rd party web services where our
support personnel need to enter customer account numbers. Rather than have
our staff handle account numbers, we'd like to be able to let them use virtual
account ids that are dynamically replaced with the customer's actual account
numbers when transacting with the destination web site.
Thanks
Scott
[EMAIL PROTECTED]
|
- RE: filtering SSL proxy? Scott Miles
- RE: filtering SSL proxy? Hansknecht, Deborah A