Is this possible to make this combination work?
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
IHS, SSL & mod_gzip
Collapse
X
-
threadedthreaded
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
-
Mark SnowdonMark Snowdon
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
-
threadedthreaded
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Re: which version
Server: IBM HTTP SERVER/1.3.19.3 Apache/1.3.20 (Unix)
& IBM HTTP Server/1.3.12.6 Apache/1.3.12 (Unix)Comment
-
eekeek
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Re: which version
Sadly I think the answer is no. Half the reason is that mod_gzip doesn't like SSL (both want to be the last item on the output chain). The other half is that while the latest TSL/SSL specifications states that compression is supported it doesn't bother to say what compression methods should be supported (so most browsers haven't got the code to implement it).Comment
-
threadedthreaded
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Re: which version
Yeah, I've heard that, but peeps do mod_gzip contents and send it out over SSL in Apache.
I think the problem here is more fundamental than that. I have a suspicion that IBM in trying to get their version of SSL to work broke mod_gzip and even though they've patched it, it is only patched enough to compile, not to actually work.
And then there is the thought of who in their right minds would mod_gzip data over an SSL connection anyway as it would cause cribs to be constantly generated thereby making the connection insecure.
It is one of my clients clients and they are quite insistent that they want this to be done, well not them actually, but their Big 4 consultants, and they insist they have done this before. Personally I can't quite see how, but am open to being educated.Comment
-
eekeek
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Re: which version
The correct logic should be
page -> gzip -> SSL -> browser .
but I'm sure theres something in those two modules that stop them working togother. I don't want to guess what tho.
A solution would be to add an additional apache server in the middle of the system to act as an SSL processing proxy server. This would separate the system into
web server -> proxy server -> browser
page -> mod_gzip -> mod_proxy -> SSL -> browser
The web server can then also be totally firewalled allowing access to it from only a single port on a few ip addresses (internal machines and proxy servers only say).
you can do the above on a single machine running a single instance of apache but I doubt the cost of the additional machine is going to break the bank on this project tho.Comment
-
threadedthreaded
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Re: which version
Yes, yes, that is correct, you have to use mod_proxy between them, virtual host doing SSL on the front, through mod_proxy to the back end that has the mod_gzip. Which is nice and which works, for Apache.
The problem is that in IHS this just don't appear to work...Comment
-
threadedthreaded
- Thanks (Given):
- 0
- Thanks (Received):
- 0
- Likes (Given):
- 0
- Likes (Received):
- 0
Well, I spent a good few days reverse engineering this, and now I can see why it screws up: it is code changes to Apache to get IBMs GSK version of SSL in that changes some structures that mod_gzip uses, and then the patches to mod_gzip then don't actually fix all the problems, resulting in apparently random screw ups.:rollinComment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Comment