logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache Reverse Proxy to IIS Client certificate authenticatio
Author
jessay



Joined: 06 Jun 2019
Posts: 1
Location: usa,md

PostPosted: Thu 06 Jun '19 20:37    Post subject: Apache Reverse Proxy to IIS Client certificate authenticatio Reply with quote

After thorough research I have come to ask for assistance.

What I want is to create a configuration similar to what Apache/Tomcat have with I believe AJP only Apache to IIS.

I know due to TLS, IIS, x509, it is generally difficult as what I am wanting to do creates a MITM (Man-In-The-Middle)

Internet ==> Apache Reverse Proxy === IIS backend
Authentication Client certificate

I know the reason right now I am losing the header information on IIS is due to the TLS session ending after I hit my proxy server.

I thought by configuring my virtual host utilizing
SSLCACertificateFile it may work however I still receive the 403.7 (IIS).
I was hoping to leverage mod_proxy parameters that I leverage with tomcat would work with IIS but I am having no success. My <virtual host> is using the following so far
SSLEngine On
SSLVerifyCLient require
SSLVerifyDepth 4
SSLCertificateFile ssl.crt/cert.pem
SSLCertificateKeyFile ssl.crt/key.key
SSLCACertficateFile ssl.crt/CAbundle.pem
SSLOptions +ExportCertData
SSLProxyEngine On
JkMount /
JKMount /
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /location/ http://ip:7443

My goal was to build this <virtualHost> to where I have Apache Reverse Proxy working with both Tomcat and IIS on the backend both accepting client certificate login.

The other approach I am looking into is attempting to see what header information occurs between apache and IIS and is there anyway to configure IIS to leverage x509 http syntax to grab the information and leverage that for authentication. I need to leverage HTTP and not HTTPS and capture that traffic with wireshark to see if there is anything there to work with.
This is my debacle I am currently working through and appreciate any assistance.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6673
Location: Germany, Next to Hamburg

PostPosted: Wed 21 Aug '19 10:41    Post subject: Reply with quote

AJP is for java based backends like tomcat and is a protocol on its own.[1] I don't think you need that.


What works if you have an old hub ((not a switch) hardware)

Code:

Internet ==> Apache Reverse Proxy ==> HUB (hardware) ==> IIS backend
                                                    |
                                                     ==> Computer with reading software like wireshark 



With the traffic send to both devices you can read the content of the data.

[1] https://en.wikipedia.org/wiki/Apache_JServ_Protocol
Back to top


Reply to topic   Topic: Apache Reverse Proxy to IIS Client certificate authenticatio View previous topic :: View next topic
Post new topic   Forum Index -> Apache