On Thu, Jan 23, 2014 at 8:46 AM, Sittampalam, Nagu < nagu.sittampa...@southampton.gov.uk> wrote:
> Thank you for the response and yes it is not reverse proxy anymore. Is > my assumption correct that Apache reverse proxy is not cable of doing SSL > bridging? > I'm not familiar with the term "SSL bridging". I see a description of "SSL bridging" in BIG-IP here: http://www.f5.com/glossary/ssl-bridging/ Apache httpd does not have that capability. But Microsoft has a different description of "SSL bridging" here: http://technet.microsoft.com/en-us/library/cc722817.aspx What are you trying to accomplish? SSL termination at Apache httpd, and reverse proxy to backend server over SSL? Yes, that is implemented. > > > Nagu Sittampalam | Security Team Leader , IT Solutions Division | > Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax: > 02380 832973 | e-mail nagu.sittampa...@southampton.gov.uk | e-mail > nagu.sittampa...@capita.co.uk | post Capita ITS, 1st Floor, One Guildhall > Square, Above Bar, Southampton, SO14 7FP > This email and any files transmitted with it are confidential, and may be > subject to legal privilege, and are intended solely for the use of the > individual or entity to whom they are addressed. > If you have received this email in error or think you may have done so, > you may not peruse, use, disseminate, distribute or copy this message. > Please notify the sender immediately and delete the original e-mail from > your system. > > > > *From:* Jeff Trawick [mailto:traw...@gmail.com] > *Sent:* 23 January 2014 13:29 > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] RE: SSL bridging with Apache reverse proxy > > > > On Thu, Jan 23, 2014 at 6:48 AM, Sittampalam, Nagu < > nagu.sittampa...@southampton.gov.uk> wrote: > > Hello > > > > I did not get any response to my below email so I assume SSL bridging > cannot be done on Apache reverse proxy. So wanted to know if it is > possible to do SSL tunnelling with Apache reverse proxy? > > > > "Reverse" proxy hides the backend server from the client, and the httpd > doing the proxying is the SSL termination point. I don't think you mean to > refer to "reverse" proxy. > > > > See the notes on the CONNECT protocol support here: > > > > http://httpd.apache.org/docs/2.4/mod/mod_proxy_connect.html > > > > > > Nagu Sittampalam | Security Team Leader , IT Solutions Division | > Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax: > 02380 832973 | e-mail nagu.sittampa...@southampton.gov.uk | e-mail > nagu.sittampa...@capita.co.uk | post Capita ITS, 1st Floor, One Guildhall > Square, Above Bar, Southampton, SO14 7FP > This email and any files transmitted with it are confidential, and may be > subject to legal privilege, and are intended solely for the use of the > individual or entity to whom they are addressed. > If you have received this email in error or think you may have done so, > you may not peruse, use, disseminate, distribute or copy this message. > Please notify the sender immediately and delete the original e-mail from > your system. > > > > > > _____________________________________________ > *From:* Sittampalam, Nagu > *Sent:* 17 January 2014 08:05 > *To:* 'users@httpd.apache.org' > *Subject:* SSL bridging with Apache reverse proxy > > > > > > Hello > > > > Is it possible to do SLL bridging with Apache reverse proxy? Searching on > the internet most result suggest it does not work. We want to use Apache > reverse proxy to allow internet clients to connect to our Microsoft SCCM > 2012 server. This requires SLL bridging with the ability to pass through > client authentication header information. > > > > Nagu Sittampalam | Security Team Leader , IT Solutions Division | > Southampton Strategic Services Partnership | Landline: 02380 833012 | Fax: > 02380 832973 | e-mail nagu.sittampa...@southampton.gov.uk | e-mail > nagu.sittampa...@capita.co.uk | post Capita ITS, 1st Floor, One Guildhall > Square, Above Bar, Southampton, SO14 7FP > This email and any files transmitted with it are confidential, and may be > subject to legal privilege, and are intended solely for the use of the > individual or entity to whom they are addressed. > If you have received this email in error or think you may have done so, > you may not peruse, use, disseminate, distribute or copy this message. > Please notify the sender immediately and delete the original e-mail from > your system. > > > > > > > > > > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > -- Born in Roswell... married an alien... http://emptyhammock.com/
