Hi all!
We are using a Stronghold server as an SSL-to-HTTP proxy. The idea is
that SSL browsers on the internet can connect to it (it is part of our
firewall), are authenticated by it and then Stronghold generated a standard
HTTP request (no longer SSL) to our Intranet WWW-server, which is not
capable for SSL itself. The scenario is very nice because first, the Intranet
servers need not be SSL servers, and second the authentication really happens
on teh firewall.
Unfortunately it did not work with an Intranet server of the type
"Oracle_Web_listener2.0/1.20in2" - I got back an HTTP error 406 from it,
which means the requested mime-type/language/encoding was not available.
As you may know, WWW clients give a list of acceptable mime types/languages
and encodings as "Accept-..." lines in the requesting HTTP header.
Now, when Stronghold translates an SSL to a non-SSL request, it adds
its own HTTP header lines, that describe the SSL client
(like SP_CLIENT_DN, etc). Thisd is a good thing because it allows the
end server to extract information about the certificate the browser
presented to Stronghold - otehrwise this informnation would no longer
be available at the (non-SSL) WWW-server. Only if the server reads the
header of course... Unfortunately, Stronghold does not append these
additional header, but prepend. This means that the Accepot-headers FOLLOW
the SP-headers. Now it seems to me that at least the above Oracle listener
just reads the first 1000 bytes of the header and truncates the rest.
I suspect this because when I manually feed it with the stuff Stronghold
sends, I get the same error message back, but when I either leave out a few
SP header, or put the Accept headers in front of the SP headers, it
works well. Unfortunaltey I'm not an administrator of teh Oracle WWW-server,
so I'm not aware if it is misconfigured or a limitation/bug/feature(?)
of it.
So I wonder if...
- any of you observed a similar problem
- maybe also with other WWW servers
- knows of a way to tell stronghold not to send SP headers, or at least
append and not prepend them
- knows of another solution
And last but not least, if you observed the problem, now have an idea
where the problem lies ;--) I informed Stronghold about this problem,
maybe they will think of it in a next release.
Thanks for having read so far *smile*
Andy
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
