SSL Proxy to back end servers

On 4/30/07, wi <icebattlegmail.com> wrote:
> Hi all
>
> I have an Apache instance that is functioning as a
reverse proxy for our app
> server. For standard http, this works fine. However,
we'd like to send SSL
> traffic through the proxy to the back end server. I
don't want to decrypt
> the traffic at the Apache instance, just re-route it to
the back end?
>
> I can't seem to find a way to do this, without doing
the decryption. Is
> mod_proxy up for this?

I don't think you can reverse-proxy ssl. Since everything
is
encrypted, there is nothing for a reverse-proxy to handle --
just a
raw stream of bytes. For a forward proxy, this is handled
using the
CONNECT method; but obviously the client needs to know about
the proxy
to use that.

Luckily there is an easy alternative. Just use "port
forwarding" at
the OS or firewall-level. Since there is no processing that
can be
done at the apache-level (due to the encryption) you don't
lose
anything by doing simple port-forwarding.

Joshua.

------------------------------------------------------------
---------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://htt
pd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
   "   from the digest: users-digest-unsubscribehttpd.apache.org
For additional commands, e-mail: users-helphttpd.apache.org