top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Protect server-status with https required?

+1 vote
235 views

We are protecting server-status and info with basic auth using a config block similar to the following:

 SetHandler server-info
 #Order deny,allow
 #Deny from all
 #Allow from .example.com
 AuthType basic
 AuthName "Apache Info"
 AuthUserFile /usr/local/apache2/conf/server-status_htpasswd
 Require valid-user

Is there a a way to require https to access this Location?

Using a rewrite so far is a problem because to get to the rewrite, you have to enter the basic auth and that fails the PCI scan because it's consider cleartext access. But perhaps that just because I've been
trying a .htaccess and we can do it some other way?

posted Jun 19, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
 
Best answer
answer Jun 19, 2013 by anonymous
Similar Questions
+5 votes

WE are trying to setup HTTPS tunnelling to a backend server through Apache proxy but we are finding the client connect but Apache does not send through the traffic the backend server.

Config we have on our Apache proxy virtual host is

DocumentRoot "/usr/local/apache/htdocs/ibcm/" 
ServerName test.testdom.local 
ErrorLog logs/ibcm 
ServerAdmin webmaster@testdom.local 
ProxyRequests On 
AllowConnect 443 
SSLEngine on 
SSLHonorCipherOrder On 
SSLProtocol -ALL SSLv3 TLSv1 
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4RSA:HIGH:MEDIUM 
SSLCertificateFile "/etc/ssl/crt/ibcm.crt" 
SSLCertificateKeyFile "/etc/ssl/crt/testdom.key" 
SSLCertificateChainFile "/etc/ssl/crt/CA-DOM.crt" 
 Order deny,allow 
 Deny from all 
 Order deny,allow 
 Allow from all 

Anybody know what we are not doing correctly. Also we found Apache would not start without us putting in the root certificate. Thought it would not need any certificate for tunnelling so wonder if we have missed something.

0 votes

I'm trying to setup a forward proxy to access certain endpoints on Remote server which require https with basic authentication in header.

A(Application server) ---> Forward proxy (B) ----> Remote server(C)

i'm at B on which i have setup below Apache Virtual host in which i'm setting the headers to use basic authentication passing encoded value of user & pass configured on remote server.However,i want to include HTTPS in my request to C to ensure the headers are sent securely with encrption to remote server (C). I do Not want to use a separate Virtual host for HTTPS. Should i include a SSL Server certificate in my proxy configuration as given below with the basic authentication in header ?
How can i achieve this in Single virtual host ? I have limited knowledge on apache, so please help here.

I tried searching on the internet but did not find the required solution.

##### vHost 9099 is for basic auth with HTTPS #####
Listen *:9099
<VirtualHost *:9099>

        ServerName      myservername.com
        ServerAlias     myservername.com
        ServerAdmin     iamadmin@myservername.com
        DocumentRoot    /my/doc/root/
        SSLEngine on
        RewriteEngine On
        AllowEncodedSlashes NoDecode

        ProxyRequests On

        # SSL configuration

        SSLCertificateFile       /Path to cert.pem
        SSLCertificateKeyFile    /Path to private key
        SSLCACertificateFile     /Path to CA certs


        ##  Basic64  Encoded XXXX od user and passwd in header

         RequestHeader set Authorization "Basic XXXXX"


         ##  Endpoints accessed via https with basic authentication in header

         ProxyPass /api/api1/   https://30.30.115.22:11111/api/api1/
         ProxyPassReverse /api/api1/    https://30.30.115.22:11111/api/api1/


</VirtualHost>
+1 vote

I have Apache SSL virtuals behind the Nginx proxy defined with this directive:

SetEnvIf X-Forwarded-Proto https HTTPS=on

Users often use the following rewrite rule in their htaccess files for detecting SSL connection, but the variable HTTPS is not treated as expected:

RewriteCond %{HTTPS} =on

Is there any workaround for this? So far, I tried to disable mod_ssl completely and also checked modules hooks and it seems that environment files are loaded before the rewrite module.

+6 votes

I have a reverse proxy (apache 2.2) with mod_proxy_balancer with https visible to the outside world.

The question is: from the proxy performance/scalability point of view is it better to configure backends (origin servers) with http or with https?

Is it true that if proxy is setup https->http then it only has to decrypt/encrypt the headers and the body is encrypted/decrypted on the backend? I do not use mod_proxy_html (but maybe there are other modules which affect this behaviour on the proxy?.

How either setup affects latency of handling requests? With https->https do I have to do two handshakes (on the proxy and on the backend) for every connection? I have KeepAlive both on the proxy and the backends.

+1 vote

I'm using apache 2.2 as front end and apache tomcat 6.0.37 as backend. I'm using mod_jk for connecting them.

The problem is. I'm using ssl certificates and configured ssl on apache. when I connect the site with https it works but when I click on an link it no more secure i.e. its not secure browsing anymore.

My requirement is as follows.

If user connects as https all the links should work as https. If the user connects as http all the links should work as http is such thing is possible?

...