I don't understand something. If the Apache proxy server is not going to decrypt the packets, how will it know where to send it? Aryeh > I am trying to Reverse ProxyHTTPS connections in the following > manner: > > CLIENT Browser (https://secure-site.com) -> Apache 2.0 Reverse Proxy, > posing as secure-site.com (non-ssl, non-decrypting, just passing the > https through) -> Sonicwall SSL Accelerator (a stand-alone HW device > for SSL decryption/encryption, hosting the certificate forsecure- > site.com, decrypting the SSL connection) -> WEBSERVER (non-SSL) > > The purpose for this design is to keep the webserver behind a layer of > switches (for VLANS and ACLS) and Cisco Content Servers (which act as > a router and load balancer) and keep the Apache proxy server as the > "edge presence" of the website. > > What happens with this configuration is: > 1) The client browser connects to the Apache proxy > 2) The Apache proxy server connects to the SSL accelerator with HTTPS > sucessfully, as seen in the debug-level Apache log files. 3) The > browser waits, waits and waits... 4) The Apache proxy sits, sits and > sits. 5) The Webserver DOES see the non-ssl connection. The > information in the access log is: > "Client IPAddress- - [25/Jun/2002:17:04:18 -0700] "€L / > HTTP/1.0" 302 0 " > 5) Eventually the client browser gives up and times out. > > If I install the certificate for secure-site.com on the Apache > reverse proxy server and enable SSL, then the Apache reverse proxy > will connect with SSL to both the browser and the downstream > webserver. This works, but is pointless as it loads the Proxy server's > CPU with SSL encryption/decryption. That's what we have the SSL > accelerators for. > > > What is missing in my config? Is this setup even possible? > Any comments? > > Thanks in advance. > > -Michael > > > -------------- > > > This is the Apache config I am using: > ---------- > Listen IPAddress:443 > LogLevel debug > <VirtualHost IPAddress:443> > SSLProxyEngine On > ServerName web-site > ProxyPass / https://secure-site.com > ProxyPassReverse / https://secure-site.com > </VirtualHost> > > > ------------ > Server version: Apache/2.0.39 > Server built: Jun 25 2002 16:11:49 > > ----------- > Compiled in modules: > core.c > mod_access.c > mod_auth.c > mod_include.c > mod_log_config.c > mod_env.c > mod_setenvif.c > mod_proxy.c > proxy_connect.c > proxy_ftp.c > proxy_http.c > mod_ssl.c > prefork.c > http_core.c > mod_mime.c > mod_status.c > mod_autoindex.c > mod_asis.c > mod_cgi.c > mod_negotiation.c > mod_dir.c > mod_imap.c > mod_actions.c > mod_userdir.c > mod_alias.c > mod_so.c > > >
--- Aryeh Katz VASCO www.vasco.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
