0

I am trying to use mod_rewrite or ProxyPass to redirect (PT) the client's request from virtual host A on 443 to different virtual host B on port 4434, also with SSL. Like that:

SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off 
ProxyPassMatch    ^/vd https://localhost:4434

There is the way I am trying to use mod_rewrite:

RewriteEngine on
RewriteRule (.*) https://%{HTTP_HOST}:4434%{REQUEST_URI} [PT]

The problem is that my client validates server certificate and the on response the client gets the certificate of the virtual host A on 443 port, instead of virtual host B on 4434 port, so SSL handshake failed.

Is there any way to work around this problem ? Thanks

Uri Gorobets
  • 49
  • 1
  • 4
  • 1
    "the client gets the certificate of the virtual host A on 443 port, instead of virtual host B on 4434 port" - yes, that's how a reverse proxy should work. Why (or how?) is the client trying (or needing) to "SSL handshake with server B? Perhaps you do need a "redirect" and not a "proxy"? You say you are "trying to use mod_rewrite" - but there is no "mod_rewrite" here? In what way are you using mod_rewrite? "...to redirect (PT)" - PT? – MrWhite Dec 04 '18 at 14:16
  • I edited the question with mod_rewrite sample – Uri Gorobets Dec 04 '18 at 14:23
  • The `RewriteRule` flag `PT` has little to do with "redirects" or "proxies". The `PT` flag is short for `passthrough`. You perhaps meant to use the `P` (`proxy`) flag which uses mod_proxy to handle the request. However, this probably won't help your current issue. (?) – MrWhite Dec 04 '18 at 17:42

1 Answers1

1

Short answer: no

Long answer: the client will authenticate with the certificate of virtual host A, because this is where it's connecting to. Whatever happens on the backend via proxy mode is transparent. If you want to use virtual host Bs certificate, do a redirect and then the client connects directly to that host, it has to be exposed publicly though.

Deeepdigger
  • 61
  • 7