Hi all, I try to install a reverse proxy with ldap authentication : it
works with ldap but not with ldaps.
I've got this notice about LDAP and SSL in the log
[Wed Sep 26 16:57:40 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Sep 26 16:57:40 2007] [notice] LDAP: SSL su
ast:)) Therefore i hope that
someone can give 'us' an answer, even if it is a "no, that do not work".
I'm trying to get the following szenario to work with Apache
2.0.51/OpenSSL 0.9.7d.
Client --http--> Reverse Proxy --internal--> Forward Proxy
(ProxyRemote) --http
Hello guys,
I have a problem with a special environment:
Client ---http>Apache Reverse Proxy (1.1.1.1) -https->
Squid Forwarding/Chaching Proxy (1.1.1.2) https-> Webserver
(1.1.1.3)
The client makes http-request to my apache reverse proxy. Thi
:[EMAIL PROTECTED]
Kopie:
Thema: Re: Problem with Reverse Proxy and Client
hi steffen
>ProxyPass /myapp https://backendserver/app
>ProxyPassReverse /myapp/ https://backendserver/app/
any specific reason for the missing trailing slashes in the ProxyPass
directive, or is this only a typo?
regards
michael
__
Hello,
we want to setup a reverse proxy (http in, https to the backend IBM HTTP
Server) with client authentication to the backend.
On Linux and WinNT 4 SP5 (with Apache 2.044 and OpenSSL 0.97) we are both
getting segmentation faults or exits (see below). We checked the
communication through
I am trying to set up an SSL connection between client, Apache
1.3.19, and NT backend.
I want to go SSL to the Proxy, then reverse proxy via SSL to
the backend.
The ProxyPass is:
ProxyPass /mail/ https://webmail.foo.com/mail/
ProxyPassReverse /mail/ https://webmail.foo.com
Claudio,
I tried that but no change.
Keith
"CAMPETTO CLAUDIO" <[EMAIL PROTECTED]> writes:
> Try putting this line in the server config:
>
> SSLProxyProtocol SSLv3
>
> Hope this helps.
>
> Claudio Campetto.
__
Apache Inter
Try putting this line in the server config:
SSLProxyProtocol SSLv3
Hope this helps.
Claudio Campetto.
-Messaggio originale-
Da: Keith Sparacin [mailto:ksparacin@;ti.com]
Inviato: mercoledì 23 ottobre 2002 3.15
A: [EMAIL PROTECTED]
Oggetto: SSL reverse proxy using certificates to IIS
Has anyone gotten an Apache 2.0.43 SSL reverse proxy working to an IIS
backend server requiring certificate verification on the IIS server
side? I can reverse proxy Apache to an SSL Unix server and an SSL IIS
server (neither requiring certificates). I can also reverse proxy
Apache to an SSL Unix
would really appreciate if somebody could
give some suggestions.
Thanks again.
regards,
Lee Hoo Wah
-Original Message-
From: Lee Hoo Wah [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 22, 2002 10:33 AM
To: [EMAIL PROTECTED]
Subject: SSL Reverse Proxy with Client Certificate is dying
Hi,
I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.
|HTTP Client|-http>|Reverse Proxy|https>|Web Server|
There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authenticatio
Hi,
I have a problem using Apache/mod_ssl 2.0.39 as a SSL reverse proxy to
connect to a SSL Server.
|HTTP Client|-http>|Reverse Proxy|https>|Web Server|
There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authenticatio
On Thu, 12 Sep 2002, Jeremy, Leonard wrote:
> I have setup an apache ssl reverse proxy using v1.3.26 with mod_ssl This
> works but serves a certificate from the reverse proxy to the client instead
> of passing through the certificate from the end server.
Yes of course... it does that
I posted the following question with comp.infosystems.www.servers.unix but
have received no suggestions.
Do you have a solution?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, 9 September 2002 9:34 AM
To: Jeremy, Leonard
Subject: apache reverse proxy
Hello,
I am setting up an Apache 1.3.26 reverse proxy on
Linux to a remote IIS v5.0 server with a client
certificate but it doesn't work. I kept getting 403
forbidden error because IIS v5.0 does not send a list
of acceptable CAs to the Apache reverse proxy so
Apache doesn't send
Hi,
Can anyone give me some pointers on how to tune the performance of
modssl in the folowing situation:
apache/modssl as a ssl reverse proxy (browser ---> (https) ---> ssl
reverse proxy ---> (http) ---> webserver/webappl.)
All will be running on Linux/Intel
I would like
On Sun, Aug 18, 2002 at 11:40:13PM -0700, Anbuchezhian Chelliah wrote:
> Hi Danny,
>I guess I understood your doubt. If not, please
> ignore this. There should be 'ca-bundle.crt' file in
> which you can put the third party's certificate and
> you could make a try.
Whoa! If you are running you
l TTP). We need to check
> the signature on the
> client certs and the validity of the client certs.
>
>
> What's the best way to do this. I've read the
> mod_ssl manual, but I
> don't understand how I can check client certs from
> another (third) party.
lient certs.
>
>
> What's the best way to do this. I've read the mod_ssl manual, but I
> don't understand how I can check client certs from another (third) party.
>
> How do I setup Apache as an SSL reverse
to check the signature on the
client certs and the validity of the client certs.
What's the best way to do this. I've read the mod_ssl manual, but I
don't understand how I can check client certs from another (third) party.
How do I setup Apache as an SSL reverse proxy?
Any help on t
Quoting Michael Pacey <[EMAIL PROTECTED]>:
> Furthermore Apache cannot act as in initiator of SSL connections; I've
> spent
> many many hours testing this and everybody I've asked has said the same.
> I'd
> look at the code but I have no reason to believe there's any there to do
> this.
I've loo
Quoting David Marshall <[EMAIL PROTECTED]>:
> I did not believe that the packet headers had enough information for
> Apache
> to determine what to do. So, it must decrpyt the message with the
> certificate.
That's right. For Apache to accept an SSL connection as a rever
: Re: Reverse Proxy https question
As I understand SSL, the packet headers remain unencrypted , the content is
encrypted. Hence the ability of routers throughout the Internet to route SSL
packets.
- Original Message -
From: "Aryeh Katz" <[EMAIL PROTECTED]>
To: <[EMA
y, June 27, 2002 05:23
Subject: Re: Reverse Proxy https question
> I don't understand something.
> If the Apache proxy server is not going to decrypt the packets, how will
it know where to send it?
> Aryeh
> > I am trying to Reverse ProxyHTTPS connections in the following
> >
I don't understand something.
If the Apache proxy server is not going to decrypt the packets, how will it know where
to send it?
Aryeh
> I am trying to Reverse ProxyHTTPS connections in the following
> manner:
>
> CLIENT Browser (https://secure-site.com) -> Apache 2.0 Rev
I am trying to Reverse Proxy HTTPS connections
in the following manner:
CLIENT Browser (https://secure-site.com) -> Apache 2.0
Reverse Proxy, posing as secure-site.com (non-ssl, non-decrypting, just passing
the https through) -> Sonicwall SSL Accelerator (a stand-alone HW devic
We have setup a Reverse Proxy using Apache 1.3.24 on
Solaris, Linux and Windows NT all using mod_ssl-2.8.8.
On Windows NT the reverse proxy works on both HTTP and
HTTPS protocol. On both Linux and Solaris 8 we get a
403 Forbidden error when trying to use HTTPS. A HTTP
connection is
I am using a reverse proxy built with apache 1.3.19 with mod_rewrite and mod_proxy,
and mod_ssl 2.8.2.
The connection looks like:
ClientProxy Application
--- ---
<- SSL connec
Roy,
You are right, in your case it's not a good idea to authenticate at the reverse proxy level. We should find a secure solution to access your internal application and keep your internal authentication with X509 certs.
With my best knowledge, I don't know a transparent &quo
Msg. I would have to run
these perl scripts on the external server for this to work. I am not comfortable
with that idea.
Therefore, I still need the following ;
https
client>Tunnel reverse proxy server--->https internal
server with client Auth (X.509).
Besides the user
What you can do is:
https -> reverse proxy SSL with Client authentication (X509) >https to your internal web server (192.168.x.y) as exemple
In this case you authenticate on the reverse proxy with your personal cert and the reverse proxy get the in
TECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Roy PreeceSent: Wednesday, July 11, 2001 9:22
PMTo: [EMAIL PROTECTED]Subject: Reverse Proxy
SSL
OK, from the lack of response to my
previous email (SSLClient Browser <--> Apache Proxypassreverse
<--> https://192.168.xxx.x
PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Roy PreeceSent: Wednesday, July 11, 2001 4:52
AMTo: [EMAIL PROTECTED]Subject: Reverse Proxy
SSL
OK, from the lack of response to my
previous email (SSLClient Browser <--> Apache Proxypassreverse
<--> https://192.168.xx
OK, from the lack of response to my previous
email (SSLClient Browser <--> Apache Proxypassreverse <--> https://192.168.xxx.xxx) I can deduce one of
two cases is true.
1. Nobody has successfully achieved a
reverse proxy of SSL in the way I am describing, (Hard to believe)
or.
Hi
We've got a non SSL web application (Netscape Calendar) that should be
accesible via SSL. This should be possible using an SSL reverse Proxy. I
seem to remember that this functionality has been donated to mod_ssl by
Stronghold, but did not find anything in the mod_ssl documentation.
Hello,
You can use "port forwarder" to do that, but this technologie will not provide URL filter. I guess the best way to do is to use a normal reverse proxy and to protect pages on the final web server
o put a system on
my DMZ network that is Apache on Solaris with SSL and
reverse proxy and some kind of port forwarder. So it
will help me allow external network mean people from
internet can access to my Aplication webserver from
the Apache server. Apache Server will help to forward
the packet
If you want a secure-secure reverse proxy you can also use
ProxyPass/https://www.foo.com/
ProxyPassReverse /https://www.foo.com/
This is useful for proxying secure connections through a firewall, but the
last time I looked, the mod_rewrite
Hello,
I'am using a SSL reverse proxy solution with Apache and Mod_SSL and it work very well. I'am using Mod_proxy with the directive:
ProxyPass / http://www.foo.com/
ProxyPassReverse / http://www.foo.com/
(http://httpd.apache.or
Can any one guide me how to configure reverse proxy in
Apache + SSL + mod_perl in Sun Sparc Environment. i am
using Apache 1.3.13
Each there anyway build a module 'port forwarder' in
Apache.
Thanks
Sambit
__
Do You Yahoo!?
Get pe
On Mon, May 07, 2001 at 04:41:22PM +0100, Darko Krizic wrote:
>
> Hello!
>
> I run Apache 1.3.19 with mod_ssl 2.8.2 as reverse proxy. This reverse proxy does the
>SSL part of the web application. On a specific URL the reverse proxy requests a
>client certificate from the
Hello!
I run Apache 1.3.19 with mod_ssl 2.8.2 as reverse proxy. This reverse proxy does the
SSL part of the web application. On a specific URL the reverse proxy requests a client
certificate from the browser using this configuration:
SSLVerifyClient require
SSLVerifyDepth 1
Hi,
I am still struggling with my trials for reverse proxy and hoping to get
help
Meanwhile I have the manual SSL and TLS (Eric Rescorla) on hand, but still I
am not getting much further.
I am doing my tests now between 2 Linux systems. They are called proxy.ecb
(For the gateway or proxy
> > So... what are you trying to say?
> > This slightly improved security is not worth the setup hassle?
> >
> > So why do YOU run it this way? ;)
>
> First of all, it isn't necessary to use the SSL_EXPERIMENTAL code to get
> this to work.
I was told so... so you say mod_ssl-2.8.0-1.3.17 shoul
> So... what are you trying to say?
> This slightly improved security is not worth the setup hassle?
>
> So why do YOU run it this way? ;)
First of all, it isn't necessary to use the SSL_EXPERIMENTAL code to get
this to work.
Secondly, we do things this way because of our network topology. We
.
-Original Message-
From: De Taeye, Herman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 08, 2001 10:58 PM
To: '[EMAIL PROTECTED]'; ''Openssl-Users (E-mail)'
Subject: RE: Apache 1.3.17 - mod_ssl.2.8.0 - openssl.0.9.6 Reverse Proxy SSL
Sorry, send one wrong f
Sorry, send one wrong file before.
Best regards,
Herman
-Original Message-
From: De Taeye, Herman
Sent: Thursday, March 08, 2001 10:55 PM
To: '[EMAIL PROTECTED]'; 'Openssl-Users (E-mail)
Subject: RE: Apache 1.3.17 - mod_ssl.2.8.0 - openssl.0.9.6 Reverse Proxy SSL
Sent: 04 March 2001 20:00
> To: [EMAIL PROTECTED]
> Subject: reverse proxy
>
>
> I'm not quite sure if this is OT but...
>
> This works quite well:
>
>
>ProxyPass / http://machine.dff.local:8100/
>ProxyPassReverse / http://machine.dff.local:8100/
>
> What you are describing is almost exactly a system that we have here, and
> have had for some time.
So good to here it works :)
> However, I think turning SSL off won't help you, and
> probably is the root of your problem. Basically what the ProxyPass and
> ProxyPassReverse does is set up is a
> What you are describing is almost exactly a system that we have here, and
> have had for some time.
So good to here it works :)
> However, I think turning SSL off won't help you, and
> probably is the root of your problem. Basically what the ProxyPass and
> ProxyPassReverse does is set up is a
Sent: 04 March 2001 20:00
> To: [EMAIL PROTECTED]
> Subject: reverse proxy
>
>
> I'm not quite sure if this is OT but...
>
> This works quite well:
>
>
>ProxyPass / http://machine.dff.local:8100/
>ProxyPassReverse / http://machine.dff.local:8100/
>
just allow specific reverse
proxy connection from the perimeter net into our
intranet.
internet
|
[firewall]--[apache reverse proxy]
| /
| /
[machine]
I now want all perimeter <-> intranet communication
to be encrypted. Therefor I want apache to just p
Hi,
I have setup on two system the apach/openssl/mod_ssl products.
The first system named "gate.ecb" is configured as a reverse proxy.
A Verisign CA test certificate, a verisign signed server certificate and his
private key are installed.
The second system is our application server an
Hello,
Using the latest versions of apache and mod_ssl I have been trying to configure (with
no luck) a reverse proxy that will pass SSL to the backend server.
Is this possible with mod_ssl?
The mod_ssl announcement says:
Support for HTTPS proxy via EAPI hooks in mod_proxy
How? Does anyone
This may be out of the scope of modssl, but its worth a try.
We are currently using Apache 1.3.14/mod_ssl 2.7.1 as a reverse proxy to
several back end systems, using SSL on both ends.
A new back end would like to also use a certificate-based authentication
system between proxy and back end to
Hi there.
I'm attempting to setup a reverse proxy using OpenBSD-2.7, OpenSSL-0.9.5a,
mod_ssl-2.6.4_1.3.12, and Apache-1.3.12.
Up to this point, I've gotten the reverse proxy setup and it runs correctly
for retrieving port 80 based materials. But I cannot get Apache to launch
with S
then use mod_rewrite.
Wish you luck,
Rossen
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 01, 2000 7:07 PM
Subject: SSL and reverse proxy weirdness : >
>
> I would like to do something with mod_ssl and Apache 1.3.12
>
PROTECTED]]
Sent: 02 June 2000 00:08
To: [EMAIL PROTECTED]
Subject: SSL and reverse proxy weirdness : >
I would like to do something with mod_ssl and Apache 1.3.12
that seems simple yet is not doing what I require.
https://www.foobar.com or http://www.foobar.com should
reverse proxy for http:
On Thu, Jun 01, 2000 at 04:07:32PM -0700, AGT wrote:
>
> I would like to do something with mod_ssl and Apache 1.3.12
> that seems simple yet is not doing what I require.
>
> https://www.foobar.com or http://www.foobar.com should
> reverse proxy for http://www.safeplace.com.
I would like to do something with mod_ssl and Apache 1.3.12
that seems simple yet is not doing what I require.
https://www.foobar.com or http://www.foobar.com should
reverse proxy for http://www.safeplace.com. ie: I should
see the pages from www.safeplace.com appear on foobar.com's
http s
On Thu, Apr 20, 2000 at 09:39:47AM +0200, Joe Ammann wrote:
> Now for the application I will be using it, I will have to hack it up
> a bit. The requirements are that the proxy uses different (client)
> certificates towards the back end server depending on several
> parameters (where is the reques
n't know if I'm right with my question on this list...
>
> I have a request from a customer to build a secure reverse proxy. The
> proxy (placed in the DMZ) should accept SSL connections from the
> outside (no problem, mod_ssl). It should then forward the HTTP request
>
[ On Tuesday, April 18, 2000 at 20:10:55 (+0200), Mads Toftum wrote: ]
> Subject: Re: Secure Reverse Proxy
>
> If you also want SSL on the back end servers, then there actually has
> been added some support for that in mod_ssl also. Look into the
> changelog: http://www.modssl
On Wed, Apr 19, 2000 at 08:27:47AM +0200, Sylvain Maret wrote:
> Hello,
>
> Why is better to use "RewriteRule" than traditionnal "ProxyPass"
> directive ?
> Do you have an example.
Well, heres one: ProxyPass wont let you do something like:
RewriteRule /foo/(.*)$ https://%{SERVER_NAME}:4344
ievesit from the second server.
>
Uhm, that isn't quite right - mod_rewrite won't send a 301 if you use the
[P] option. For an example see the excellent Rewrite Guide at
http://www.apache.org/docs/misc/rewriteguide.html - look at the Dynamic
Mirror and Reverse Proxy e
RewriteRule returns a 301 message to the client, which then does the
actual requesting from the second server. ProxyPass tells the webserver
to do its own request, passing the information to the client when it
retrievesit from the second server.
---
Mat Butler, Winged Wolf
[...]
Now mod_proxy can obviously not forward https connections. It doesn't
know anything about SSL. And I could not find any information that
such a thing has already been done.
[...]
I am running Apache 1.3.6 with mod_proxy on RH6.0 and can forward https
connections from LAN to internet.
Hello,
Why is better to use "RewriteRule" than traditionnal "ProxyPass"
directive ?
Do you have an example.
Sylvain
Michael J Schout wrote:
>
> On Tue, 18 Apr 2000, Joe Ammann wrote:
>
> > Now mod_proxy can obviously not forward https connections. It doesn't
> > know anything about SSL. And I
On Tue, Apr 18, 2000 at 03:52:45PM +0200, Joe Ammann wrote:
> I have a request from a customer to build a secure reverse proxy. The
> proxy (placed in the DMZ) should accept SSL connections from the
> outside (no problem, mod_ssl). It should then forward the HTTP request
> on an
On Tue, 18 Apr 2000, Joe Ammann wrote:
> Now mod_proxy can obviously not forward https connections. It doesn't
> know anything about SSL. And I could not find any information that
> such a thing has already been done.
I assume you are talking about mod_proxy on apache? We use it this way quite
Don't know if I'm right with my question on this list...
I have a request from a customer to build a secure reverse proxy. The
proxy (placed in the DMZ) should accept SSL connections from the
outside (no problem, mod_ssl). It should then forward the HTTP request
on another secure con
Hi,
I use the Apache 1.3.6 with mod_ssl 2.3.5 and OpenSSL/0.9.3a
The following configuration does not work:
-
RewriteRule ^/somepath(.*)$ http://somehost.domain.com:88/somepath$1 [P]
SSLVerifyClient require
SSLVerifyDepth 1
A
On Wed, Jun 09, 1999, Wyatt, Anthony wrote:
> We want to do HTTPS-HTTPS reverse proxying. I'm interested in the
> patch so I can set up a proof of concept for the sceptics here :-)
Ok, sent to you in a private mail.
Ralf S. Engelschall
esday, June 08, 1999 4:00 PM
To: [EMAIL PROTECTED]
Subject: Re: SSL Reverse Proxy
On Tue, Jun 08, 1999, Wyatt, Anthony wrote:
> I hope this is the correct address to use (I just subscribed to the
> lists).
>
> I want to use apache 1.3.6 as a reverse proxy for HTTP and SSL. I hav
On Tue, Jun 08, 1999, Wyatt, Anthony wrote:
> I hope this is the correct address to use (I just subscribed to the
> lists).
>
> I want to use apache 1.3.6 as a reverse proxy for HTTP and SSL. I have
> the HTTP side working well, but I really have no idea how to get the mod
Hi,
I hope this is the correct address to use (I just subscribed to the
lists).
I want to use apache 1.3.6 as a reverse proxy for HTTP and SSL. I have
the HTTP side working well, but I really have no idea how to get the mod_SSL
stuff to run as an SSL reverse proxy.
I was pointed at
77 matches
Mail list logo
