Security Basics mailing list archives

Re: SSL Reverse Proxy

From: Daniel Williams <dwilliams () datainventory com>
Date: Tue, 29 Apr 2003 17:55:39 -0400

Question, is server A and B configured for https or http?

If server A and B are configured to use http, then you could use Apache.

Apache would terminate your https connections to mydomain.com, then usemod_proxy to redirect to servers A and B.Here is an example Apache 1.3.x config, from Apache's online manual,http://httpd.apache.org/docs/mod/mod_proxy.html#proxypassreverse


SSL server config, hosting https://mydomain.com/

  ProxyPass         /appA/ http://appA.mydomain.com/
  ProxyPassReverse  /appA/ http://appA.mydomain.com/

  ProxyPass         /appB/ http://appB.mydomain.com/
  ProxyPassReverse  /appB/ http://appB.mydomain.com/


This may help.
        




Andrea Cogliati wrote:

Guys,

We are looking for a reverse-proxy supporting both http and https,
capable of terminating the client connections and redirecting the
requests based on URL  (something like MS ISA); caching would be nice to
have but, definitely, not mandatory; must run on OpenBSD and/or Linux.

We already know the security implications of this approach. We basically
need to share the same SSL certificate and the same DNS name between two
different servers. That is, https://mydomain.com/appA and
https://mydomain.com/appB, where requests to the first URL will be
handled by server A, and those to the latter by server B. Any hints?

Thank you in advance for any advice.

Andrea

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, theworld's premier event for IT and network security experts. The two-dayTraining features 6 hand-on courses on May 12-13 taught by professionals.The two-day Briefings on May 14-15 features 24 top speakers with no vendorsales pitches. Deadline for the best rates is April 25. Register today toensure your place. http://www.securityfocus.com/BlackHat-security-basics----------------------------------------------------------------------------




---------------------------------------------------------------------------

FastTrain has your solution for a great CISSP Boot Camp. The industry's mostrecognized corporate security certification track, provides a comprehensiveprospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilizationof pertinent security tools. For a limited time you can enter for a chanceto win one of the latest technological innovations, the SEGWAY HT.Log onto http://www.securityfocus.com/FastTrain-security-basics----------------------------------------------------------------------------

Current thread:

SSL Reverse Proxy Andrea Cogliati (Apr 28)
- Re: SSL Reverse Proxy Vic Parat (NSS) (Apr 29)
- Re: SSL Reverse Proxy Daniel Williams (Apr 30)
- <Possible follow-ups>
- RE: SSL Reverse Proxy Rivera Alonso, David (Apr 29)
- RE: SSL Reverse Proxy Lucas Zaichkowsky (Apr 29)
- RE: SSL Reverse Proxy Andrea Cogliati (Apr 30)