Matus UHLAR - fantomas wrote:
On 21.01.10 18:33, Andrei T wrote:
I am trying to connect to apache through SSL (port 443) and tell it to
create a tunnel to some other server listening on port 80.
why a tunnel? Who would create the tunnel? While It's possible, I don't know
of any browser that could do that.
This setup is not intended to be used by browsers. Instead a specially
crafted client code will be dealing with that.
I have not tried fiddling with client certificates yet. There is no
point in trying it if apache is not working even without them. My
understanding that client certificate verification is possible only
through an SSL connection. That's why I am trying to make apache run in
HTTPS mode for proxying.
You can configure apache so that it would behave as proxy, https on
receiving side with client certificate verification and proxying to another
tunnels. Client would think that your apachs is the server.
If I understand correctly you are suggesting that client connects to
apache (through HTTPS) and then apache establishes a separate HTTPS
connection to the real target server?
The downside of this approach is that the target server and client do
not see (verify) each other and the proxy becomes a sweat target: anyone
taking over it would be able to talk to clients and target server and
see all the traffic.
You also could configure apache as proxy accessible through https (but
clients afaik don't support https proxy) and configure clients to use this
apache as proxy. But they would not issue CONNECT to port 80.
I tried configuring apache as a tunneling proxy through https, but in
this scenario apache would not recognize the CONNECT request and would
not establish a tunnel to the target server.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
