Ivan Krivyakov's Blog

The scenario is: someone opens an SSL connection to the Apache server, authenticates himself, and requests access to another host/port via CONNECT command. This is good for secure connection via untrusted Internet to something inside the network.

Apache version 2.2.11 simply refused to do this, because “this is not defined in the RFC”. As of version 2.2.15 supports CONNECT in HTTPS, but… it sends connected traffic in the clear. You can see “Apache Proxy Agent bla-bla” right in the middle of the HTTPS session. Brilliant!

This, of course, does not work, since the connecting party expects everything to be encrypted. Had to throw out mod_proxy_connect and revert to old trusted patch. Bummer.

Trying to upgrade my Apache server, and getting this helpful message from Windows Installer. Well, this time I know it is Apache, but how many times I did not? How difficult it would be to replace “this product” with an actual application name, instead of sending the user to a wild goose chase? It’s basic usability stuff, ain’t it?