2

    Hello everyone. My question is very simple . The link below is a picture about my architecture.

https://docs.google.com/open?id=0BxSXbpgYIZVOR212RVk4ZDN1Sm8.

     The pic above shows the architecture right now and it works correctly! Which means I could visit Apache with url https//apchehost:8080, could not visit the web app with https served by Weblogic but I could visit these app with https served by Apache(Apache is proxy server).
     My question is why the Apache is configured with SSL but Weblogic without SSL works? I think Weblogic should also configured with SSL. If this works , what about security level? Is the SSL really working if only Apache configured with SSL but not with Weblogic? Thanks. 

condition:
    Apache 2.2.17 with weblogic module mod_wl_22.so 
    Weblogic: 10.3
    OS: Windows server 2003
benRollag
  • 141
  • 5
huangli
  • 167
  • 8

3 Answers3

3

A setup like this with the web server in a DMZ and the clients unable to access the Weblogic hosts directly is quite common. Client HTTPS connections terminate at the web server on the DMZ and authentication and authorisation takes place there. If this is successful then the connections are proxied as HTTP down to the application layer.

As long as it is not possible for clients to connect to the Weblogic hosts directly then this is quite safe and has the advantage that all of the SSL configuration is in once place on the web server.

Keith Burdis
  • 334
  • 1
  • 4
1

Once the traffic hits the apache server it is decrypted. When it is proxied, the traffic on the other side of the apache machine is not encrypted any more. You could turn ssl on for the weblogic servers but that gets a little tricky with making sure the apache machine trusts the CA for the connection and also adds extra ssl overhead.

MichaelB
  • 541
  • 4
  • 10
0

I came across similar problem but I am thinking you need to use mod_wl128_(apache version).so in you apache configuration.

vamsi
  • 1