Apache as SSL front-end for lame web app

Ben Scott dragonhawk at gmail.com
Wed Nov 8 22:22:07 EST 2006


Hi list,

  Hoping someone who knows more about Apache than I do can answer this
quickly and easily, or point me in the right direction.

  Say I've got a lame web application running on a lame OS.  No real
authentication in the app.  No SSL.  Can't touch the config of the
app's host OS or web server for lame reasons.

  I want to put an Apache box in front of it, and have Apache turn
plain old HTTP into HTTPS, and also add a separate username/password
prompt system to protect the lame app from being touched by anyone who
doesn't at least have *some* credentials.  Basically, turning a lame
application with a "trusted LAN only" mentality to something might
actually be safe to put on teh Interwebs.

  Any suggestions on how I might go about doing this?

  I found <http://3cx.org/item/46>, which I think tells me how to use
mod_proxy to do the forwarding and SSL encapsulation.  That's kind of
what I was thinking.  But can I throw some HTTP authentication on top
of that, too?

-- Ben


More information about the gnhlug-discuss mailing list