Re: SSL Reverse Proxy
From: Daniel Williams (dwilliams_at_datainventory.com)
Date: 04/29/03
- Previous message: Jordan Jesse - Toronto-MROC: "RE: Cable Vs. DSL"
- In reply to: Andrea Cogliati: "SSL Reverse Proxy"
- Next in thread: Andrea Cogliati: "RE: SSL Reverse Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Apr 2003 17:55:39 -0400 To: Andrea Cogliati <AndreaC@gotech.it>
Question, is server A and B configured for https or http?
If server A and B are configured to use http, then you could use Apache.
Apache would terminate your https connections to mydomain.com, then use
mod_proxy to redirect to servers A and B.
Here is an example Apache 1.3.x config, from Apache's online manual,
http://httpd.apache.org/docs/mod/mod_proxy.html#proxypassreverse
SSL server config, hosting https://mydomain.com/
ProxyPass /appA/ http://appA.mydomain.com/
ProxyPassReverse /appA/ http://appA.mydomain.com/
ProxyPass /appB/ http://appB.mydomain.com/
ProxyPassReverse /appB/ http://appB.mydomain.com/
This may help.
Andrea Cogliati wrote:
>Guys,
>
>We are looking for a reverse-proxy supporting both http and https,
>capable of terminating the client connections and redirecting the
>requests based on URL (something like MS ISA); caching would be nice to
>have but, definitely, not mandatory; must run on OpenBSD and/or Linux.
>
>We already know the security implications of this approach. We basically
>need to share the same SSL certificate and the same DNS name between two
>different servers. That is, https://mydomain.com/appA and
>https://mydomain.com/appB, where requests to the first URL will be
>handled by server A, and those to the latter by server B. Any hints?
>
>Thank you in advance for any advice.
>
>Andrea
>
>---------------------------------------------------------------------------
>Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
>world's premier event for IT and network security experts. The two-day
>Training features 6 hand-on courses on May 12-13 taught by professionals.
>The two-day Briefings on May 14-15 features 24 top speakers with no vendor
>sales pitches. Deadline for the best rates is April 25. Register today to
>ensure your place. http://www.securityfocus.com/BlackHat-security-basics
>----------------------------------------------------------------------------
>
>
>
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
- Previous message: Jordan Jesse - Toronto-MROC: "RE: Cable Vs. DSL"
- In reply to: Andrea Cogliati: "SSL Reverse Proxy"
- Next in thread: Andrea Cogliati: "RE: SSL Reverse Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
