SSL handshake blocks Perlbal
Mark Smith
junior at danga.com
Tue Aug 29 06:07:02 UTC 2006
On Mon, Aug 28, 2006, Sam G wrote:
> Our solution for SSL for now has been to run pound on port 443, and use it
> as a simple decrypter and request forwarder to perlbal on port 80. So
> Perlbal just receives a normal HTTP request from pound, but with an
> X-SSL-Request header to notify our application. Our pound config:
We've experimented with similar and used to use Pound too, it worked but
once in a while would get stuck?
> The only problem is, someone could forge an SSL request by sending that
> header through Perlbal. Does Perlbal offer any method to eliminate
> specific headers?
Usage: HEADER <service> {INSERT|REMOVE} <header>[: <value>]
Use that in your config file...
HEADER web_proxy REMOVE X-App-SSL
This gets run at the last possible instant before the headers are
written out to the backend webserver.
--
Mark Smith
junior at danga.com
More information about the perlbal
mailing list