[stunnel-users] rewrite Destination: when rewriting Host:

Brian Hatch bri at stunnel.org
Tue Nov 13 10:31:56 CET 2007


Sometime near 2007-11-11 00:15 -0500, Marcio Marchini shouted:

>   Researching online one can see that WebDAV's spec requires that they
> check both src and dest URLs for protocol & port. But with some proxies or
> SSL fronts like stunnel, only one of the URLs is rewritten, so one goes as
> http and the other as https. Here's one person explaining it, much better
> than me: http://svn.haxx.se/users/archive-2006-03/0549.shtml

Stunnel doesn't currently have the ability to scan and re-write the
plaintext.  For HTTP redirects it could possibly be implemented
(re-write only the response before ^$, and redirects aren't chunked
and don't have content lengths to work with, etc) but you'd still
need enough HTTP logic to handle keepalives and such.  It's not
trivial and not likely.

Another option would be to have something already HTTP aware doing
the rewriting in between stunnel and subversion.  A re-writing
proxy.

Another option would be to use mod_rewrite in apache to rewrite
the urls.

But the best way would be to just use SSL inside apache and drop
stunnel entirely.


-- 
Brian Hatch                  The best way to accelerate
   Systems and                a Windows machine is at
   Security Engineer          9.8 meters per second
http://www.ifokr.org/bri/     squared.

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071113/7b252d82/attachment.sig>


More information about the stunnel-users mailing list