SSL proxy?

Elias Sinderson FoRK <FoRK@xent.com>
Mon, 27 Jan 2003 19:08:38 -0800


So,

After a blinding tour through the documentation, I've set up and 
configured Apache+mod_ssl as a reverse (server-side) proxy. In other 
words, it is functioning as shown below:

             HTTPS                       HTTP
Client ------------> Apache -----------> WebLogic

Thus a request sent to https://reverse.ssl.proxy/yahoo/ can be 
redirected to http://www.yahoo.com/ with the appropriate entry in 
httpd.conf to map the given URL to the real server as is done with an 
alias configuration directive. This setup also has the benefit of 
mapping, for example, https://reverse.ssl.proxy/yahoo/foo/bar/ to 
http://www.yahoo.com/foo/bar as one would like.

I haven't had the chance to test this out with a JMS client, or the web 
services we'll be deploying, but will surely follow this post up with 
more info when I have it. Has anyone had the joy of using Apache in this 
manner before? Anything I should be aware of? Am I mad to attempt this? 
Should I just stone myself now and get it over with?


Thank you for your continued support,
Elias


Elias Sinderson wrote:

> Good day,
>
> Or perhaps 'Frustrating day' would be more accurate?
>
> Given that:
>  (1) Our app server (WebLogic) will not be certified for use with JDK 
> 1.4 until the next release (hopefully available sometime early this 
> summer if we're lucky?).
>  (2) Our application requires JDK 1.4 functionality (preferences 
> package, regular expressions, XML parsing, etc.) on both the client 
> AND server side.
>  (3) SSL handshake fails if either the client or server (or both) are 
> using JDK 1.4 due to the changes between Java 1.1 and 1.2 related to 
> the pluggable security model.
>  (4) The app server can run under JDK 1.4 with no apparent negative 
> consequences other than (3).
>
> What options are available to provide SSL for client connections? As 
> far as I can tell, using a SSL proxy (either in software or hardware) 
> may be the only alternative. If anyone has an alternate solution, or 
> can share their knowledge gained from similar experience, I would like 
> to hear from you.  Further, if anyone is aware of other 'gotchas' that 
> will come up due to our running WL 7.x with JDK 1.4, please share your 
> experiences. And even further, can anyone recommend a SSL proxy that 
> they'll swear by? This isn't rocket science, but the consequences of a 
> wrong decision could be disasterous...
>
>
> How I do love Mondays,
> Elias
>