mhonarc-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

apache with mod_ssl conection problem

2003-09-04 04:58:20
from [i . guenes] [Permanent Link] 
Hi,

I just tried to set up a reverse proxy with apache in order to serve
a backend application server with SSL:

request schema:          (client)  -- https -->  (reverse proxy)   -- htpps -->
(application server )

client : IBM OS2 ,  ip : 1.2.3.4
reverse proxy server:  redhat 7.3, apache 2.0.47 mod_ssl  2.0.47 OpenSSL 0.9.7b,
ip: 1.2.3.5
application server:   NT 4.0, IBM WebSphere 5.0,  ip: 1.2.3.106
ssl communikation port: 9443

problem description:

The application server require a user authentification every 8 seconds (refresh
cycle for jsp-application).
After this time the session will be closed and the client browser wil restart
with the login page (start page).
In the application server log-file we have a loging entry like: "LOGIN failed".

Why the client authentification will be refused.
How can i store the session key ?.. or where is my fault ?

The parts of my httpd.conf that seem relevant look like:

Listen 10.11.35.45:9443

<IfDefine SSL>
   Listen 9443
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
   SSLPassPhraseDialog  builtin
   SSLSessionCache         dbm:/opt/apache2/logs/ssl_scache
   SSLSessionCacheTimeout  300
   SSLMutex  file:/opt/apache2/logs/ssl_mutex
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
</IfDefine>


#NameVirtualHost 1.2.3.5

### Section 3: Virtual Hosts
# Reverse Proxy Entry
<IfModule mod_proxy.c>
<VirtualHost 1.2.3.5:9443>
ServerName 1.2.3.5:9443
ErrorLog /opt/apache2/logs/ssl/ssl-error.log
CustomLog /opt/apache2/logs/ssl/secured_access.log "combined"

 ProxyRequests on
 SSLProxyEngine on
  ProxyPass             /     https://1.2.3.106:9443/
  ProxyPassReverse      /     https://1.2.3.106:9443/

  SSLEngine on
  SSLProxyProtocol all
  SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:
+eNULL
  SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
  LogLevel debug
 </VirtualHost>
</IfModule>
# End of Reverse Proxy Entry

AddDefaultCharset Off
SSLEngine off
..

have someone a idea or a tip for me ?

i would be very pleased by some help.

Thank a lot
Ibrahim

Diese E-Mail kann vertrauliche und/oder rechtlich geschützte
Informationen enthalten. Wenn Sie nicht der richtige Adressat sind
oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.


---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-USERS
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • apache with mod_ssl conection problem, i . guenes <=
Previous by Date:  Re: message date in index list, Vicki Brown
Next by Date:  Re: message date in index list, Earl Hood
Previous by Thread:  message date in index list, Vicki Brown
Next by Thread:  Resource variables in Icon resource, Malcolm Miles
Indexes:  [Date] [Thread] [Top] [All Lists]